Edit tour

Windows Analysis Report
r06aMlvVyM.exe

Overview

General Information

Sample name:	r06aMlvVyM.exe renamed because original name is a hash value
Original sample name:	d1f6c2083d94c10bf23c7364e0553d90.exe
Analysis ID:	1580879
MD5:	d1f6c2083d94c10bf23c7364e0553d90
SHA1:	73c77c7c0a0e07970cfea13a3032fd214836849c
SHA256:	3fd3fd24c4062b35ebab8f893be3c41be54d687dda4236c8f17121dc85a426dc
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

r06aMlvVyM.exe (PID: 2272 cmdline: "C:\Users\user\Desktop\r06aMlvVyM.exe" MD5: D1F6C2083D94C10BF23C7364E0553D90)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["appliacnesot.buzz", "rebuildeso.buzz", "mindhandru.buzz", "screwamusresz.buzz", "inherineau.buzz", "cashfuzysao.buzz", "hummskitnj.buzz", "scentniej.buzz", "prisonyfork.buzz"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:49:05.560879+0100	2028371	3	Unknown Traffic	192.168.2.5	49704	172.67.165.185	443	TCP
2024-12-26T12:49:21.922096+0100	2028371	3	Unknown Traffic	192.168.2.5	49713	172.67.165.185	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:49:20.572167+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49704	172.67.165.185	443	TCP
2024-12-26T12:49:43.638626+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49713	172.67.165.185	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:49:20.572167+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49704	172.67.165.185	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T12:49:43.638626+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49713	172.67.165.185	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: r06aMlvVyM.exe

Avira: detected

Found malware configuration

Source: r06aMlvVyM.exe.2272.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["appliacnesot.buzz", "rebuildeso.buzz", "mindhandru.buzz", "screwamusresz.buzz", "inherineau.buzz", "cashfuzysao.buzz", "hummskitnj.buzz", "scentniej.buzz", "prisonyfork.buzz"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for submitted file

Source: r06aMlvVyM.exe	ReversingLabs: Detection: 57%
Source: r06aMlvVyM.exe	Virustotal: Detection: 52%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: r06aMlvVyM.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: hummskitnj.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: appliacnesot.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: screwamusresz.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: inherineau.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: scentniej.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: rebuildeso.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: prisonyfork.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mindhandru.buzz
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Source: r06aMlvVyM.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.5:49713 version: TLS 1.2

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edx, ebx	0_2_00BC8600
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00C01720
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BEC09E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BEC0E6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BEE0DA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov esi, ecx	0_2_00BE90D0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BE81CC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00C01160
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BED116
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BED17D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00BEB170
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov eax, dword ptr [00C06130h]	0_2_00BD8169
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BEC09E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00BF6210
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BE83D8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00C00340
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BDC300
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BED34A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BD747D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_00BD747D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_00BEC465
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BEC465
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov eax, ebx	0_2_00BE7440
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00BE7440
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edi, ecx	0_2_00BEA5B6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BE8528
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_00BDB57D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00C006F0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00BC9780
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then jmp edx	0_2_00BE37D6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then jmp eax	0_2_00BE9739
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00BE7740
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BDD8AC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BDD8AC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov eax, ebx	0_2_00BDC8A0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_00BDC8A0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_00BDC8A0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_00BDC8A0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edx, ecx	0_2_00BDB8F6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edx, ecx	0_2_00BDB8F6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BDD8D8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BDD8D8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BE2830
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_00BFC830
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then push esi	0_2_00BCC805
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00BEC850
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then jmp edx	0_2_00BE39B9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00BE39B9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_00BFC990
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00BEB980
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BE89E9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00BEAAC0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then dec edx	0_2_00BFFA20
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BE1A10
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00BC8A50
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_00BFCA40
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_00BDEB80
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edx, ecx	0_2_00BD8B1B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then dec edx	0_2_00BFFB10
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_00BCAB40
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BD4CA0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_00BCCC7A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BEDDFF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00BFCDF0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_00BFCDF0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00BFCDF0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_00BFCDF0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_00BFEDC1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edx, ecx	0_2_00BE6D2E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then dec edx	0_2_00BFFD70
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00C00D20
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00BC2EB0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edx, ecx	0_2_00BE9E80
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BEDE07
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then dec edx	0_2_00BFFE00
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BE2E6D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then jmp edx	0_2_00BE2E6D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00BE2E6D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00BE5F1B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov ecx, eax	0_2_00BEBF13
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BD6F52

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49713 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49713 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 172.67.165.185:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz

Source: Joe Sandbox View

IP Address: 172.67.165.185 172.67.165.185

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49713 -> 172.67.165.185:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 172.67.165.185:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: mindhandru.buzz

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: mindhandru.buzz

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz

Source: r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511373266.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: r06aMlvVyM.exe, 00000000.00000003.2511447964.00000000017B2000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512329361.0000000001792000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/
Source: r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511268001.0000000001792000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512210725.000000000174E000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512401569.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511447964.00000000017B2000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512329361.0000000001792000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512377111.00000000017AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api
Source: r06aMlvVyM.exe, 00000000.00000002.2512210725.000000000174E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apiX
Source: r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512401569.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511447964.00000000017B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apithor
Source: r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512401569.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511447964.00000000017B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/d
Source: r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz:443/apilY

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.165.185:443 -> 192.168.2.5:49713 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: r06aMlvVyM.exe	Static PE information: section name:
Source: r06aMlvVyM.exe	Static PE information: section name: .idata
Source: r06aMlvVyM.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC8600	0_2_00BC8600
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C180C1	0_2_00C180C1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA50CD	0_2_00CA50CD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BEC09E	0_2_00BEC09E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAB0F6	0_2_00CAB0F6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8E089	0_2_00C8E089
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD5089	0_2_00CD5089
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3F084	0_2_00C3F084
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD60E9	0_2_00BD60E9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BEC0E6	0_2_00BEC0E6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC4093	0_2_00CC4093
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C630AD	0_2_00C630AD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BEA0CA	0_2_00BEA0CA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C470B8	0_2_00C470B8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2F0BC	0_2_00C2F0BC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C71044	0_2_00C71044
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9004E	0_2_00C9004E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4C04C	0_2_00C4C04C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2704B	0_2_00C2704B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2504B	0_2_00C2504B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057	0_2_00D85057
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC3057	0_2_00CC3057
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCD021	0_2_00BCD021
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2E067	0_2_00C2E067
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C23076	0_2_00C23076
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8507D	0_2_00C8507D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC5074	0_2_00CC5074
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BDD003	0_2_00BDD003
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAC009	0_2_00CAC009
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCA00F	0_2_00CCA00F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC2005	0_2_00CC2005
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C34009	0_2_00C34009
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA6006	0_2_00CA6006
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2800F	0_2_00C2800F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9401A	0_2_00C9401A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6B01B	0_2_00C6B01B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDD024	0_2_00CDD024
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD6022	0_2_00CD6022
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC7039	0_2_00CC7039
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB6033	0_2_00CB6033
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA0036	0_2_00CA0036
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C60038	0_2_00C60038
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C731C4	0_2_00C731C4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C841CC	0_2_00C841CC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C571CD	0_2_00C571CD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7B1CA	0_2_00C7B1CA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE91AE	0_2_00BE91AE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C591D1	0_2_00C591D1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C641EC	0_2_00C641EC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB31E7	0_2_00CB31E7
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C701F5	0_2_00C701F5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BFF18B	0_2_00BFF18B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BEE180	0_2_00BEE180
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C33182	0_2_00C33182
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9A18B	0_2_00C9A18B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C42183	0_2_00C42183
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBA18C	0_2_00CBA18C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_0106905B	0_2_0106905B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C451A8	0_2_00C451A8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE81CC	0_2_00BE81CC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA91BC	0_2_00CA91BC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBD1B6	0_2_00CBD1B6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D8A151	0_2_00D8A151
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB0142	0_2_00CB0142
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD015A	0_2_00CD015A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCB100	0_2_00BCB100
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D9411C	0_2_00D9411C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8B10E	0_2_00C8B10E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4D116	0_2_00C4D116
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD8169	0_2_00BD8169
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDF118	0_2_00CDF118
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D8F101	0_2_00D8F101
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7C11C	0_2_00C7C11C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC6160	0_2_00BC6160
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BEC09E	0_2_00BEC09E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C21125	0_2_00C21125
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB4120	0_2_00CB4120
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3712C	0_2_00C3712C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C462CD	0_2_00C462CD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD32C2	0_2_00CD32C2
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C242D5	0_2_00C242D5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB82D7	0_2_00CB82D7
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6D2D9	0_2_00C6D2D9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8A2E3	0_2_00C8A2E3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C822E6	0_2_00C822E6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA32F3	0_2_00CA32F3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7F2F9	0_2_00C7F2F9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB52F5	0_2_00CB52F5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BF9280	0_2_00BF9280
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD9280	0_2_00CD9280
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4928A	0_2_00C4928A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4D297	0_2_00C4D297
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9229A	0_2_00C9229A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCE295	0_2_00CCE295
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C992A2	0_2_00C992A2
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE42D0	0_2_00BE42D0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3D2B4	0_2_00C3D2B4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C40243	0_2_00C40243
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA1243	0_2_00CA1243
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C52249	0_2_00C52249
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD1227	0_2_00BD1227
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BDE220	0_2_00BDE220
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CE9250	0_2_00CE9250
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6F271	0_2_00C6F271
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2227B	0_2_00C2227B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC0277	0_2_00CC0277
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD120A	0_2_00CD120A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC4270	0_2_00BC4270
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD2215	0_2_00CD2215
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C95217	0_2_00C95217
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBE214	0_2_00CBE214
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7A235	0_2_00C7A235
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C72233	0_2_00C72233
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C56230	0_2_00C56230
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D03229	0_2_00D03229
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4B3D4	0_2_00C4B3D4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAE3DA	0_2_00CAE3DA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC73DF	0_2_00CC73DF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2A3DB	0_2_00C2A3DB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8F3E0	0_2_00C8F3E0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C893E6	0_2_00C893E6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4F3F8	0_2_00C4F3F8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4A3FA	0_2_00C4A3FA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9638D	0_2_00C9638D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00E143B0	0_2_00E143B0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC539E	0_2_00CC539E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCA392	0_2_00CCA392
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE83D8	0_2_00BE83D8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA63A0	0_2_00CA63A0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCF3C0	0_2_00BCF3C0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA034D	0_2_00CA034D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC6343	0_2_00CC6343
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3C357	0_2_00C3C357
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6635F	0_2_00C6635F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9B36B	0_2_00C9B36B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7536D	0_2_00C7536D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC9310	0_2_00BC9310
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBB378	0_2_00CBB378
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCF370	0_2_00CCF370
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C50307	0_2_00C50307
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C38300	0_2_00C38300
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C98301	0_2_00C98301
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BEF377	0_2_00BEF377
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAF32F	0_2_00CAF32F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8333B	0_2_00C8333B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BED34A	0_2_00BED34A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE1340	0_2_00BE1340
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C904CE	0_2_00C904CE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD64C4	0_2_00CD64C4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C834DD	0_2_00C834DD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBC4D4	0_2_00CBC4D4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6C4E5	0_2_00C6C4E5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD54E8	0_2_00CD54E8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC248D	0_2_00CC248D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4948C	0_2_00C4948C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCD4F3	0_2_00BCD4F3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2E497	0_2_00C2E497
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6049E	0_2_00C6049E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE24E0	0_2_00BE24E0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB2494	0_2_00CB2494
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D874BD	0_2_00D874BD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8D4BA	0_2_00C8D4BA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5A4B6	0_2_00C5A4B6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C474B3	0_2_00C474B3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4C4B3	0_2_00C4C4B3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE04C6	0_2_00BE04C6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C874B1	0_2_00C874B1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC14B6	0_2_00CC14B6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C71447	0_2_00C71447
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C55448	0_2_00C55448
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C31451	0_2_00C31451
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6245D	0_2_00C6245D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C00460	0_2_00C00460
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C88462	0_2_00C88462
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD7471	0_2_00CD7471
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3547C	0_2_00C3547C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD747D	0_2_00BD747D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCB40D	0_2_00CCB40D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C54403	0_2_00C54403
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C61414	0_2_00C61414
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5B42D	0_2_00C5B42D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7C42F	0_2_00C7C42F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA7437	0_2_00CA7437
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE7440	0_2_00BE7440
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BFA440	0_2_00BFA440
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C465C7	0_2_00C465C7
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C485C0	0_2_00C485C0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C915C4	0_2_00C915C4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD85DB	0_2_00CD85DB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BFC5A0	0_2_00BFC5A0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2B5E3	0_2_00C2B5E3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C525E4	0_2_00C525E4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA15EB	0_2_00CA15EB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C315E1	0_2_00C315E1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDC5E1	0_2_00CDC5E1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C385FB	0_2_00C385FB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5B586	0_2_00C5B586
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C69585	0_2_00C69585
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C77581	0_2_00C77581
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC65F0	0_2_00BC65F0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C58594	0_2_00C58594
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3E591	0_2_00C3E591
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDE599	0_2_00CDE599
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD0598	0_2_00CD0598
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDB5AC	0_2_00CDB5AC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C945AD	0_2_00C945AD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C845A1	0_2_00C845A1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BFA5D4	0_2_00BFA5D4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA35B0	0_2_00CA35B0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA554A	0_2_00CA554A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BEC53C	0_2_00BEC53C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C59541	0_2_00C59541
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9D54D	0_2_00C9D54D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAA542	0_2_00CAA542
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7A548	0_2_00C7A548
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA2545	0_2_00CA2545
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7C556	0_2_00C7C556
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC8558	0_2_00CC8558
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C40551	0_2_00C40551
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2C562	0_2_00C2C562
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB5575	0_2_00CB5575
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB450E	0_2_00CB450E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE4560	0_2_00BE4560
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C21527	0_2_00C21527
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB6523	0_2_00CB6523
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA9538	0_2_00CA9538
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA4533	0_2_00CA4533
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C32539	0_2_00C32539
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C93533	0_2_00C93533
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3353F	0_2_00C3353F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD2532	0_2_00CD2532
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C536DA	0_2_00C536DA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7E6EF	0_2_00C7E6EF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D886F1	0_2_00D886F1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C006F0	0_2_00C006F0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C506F0	0_2_00C506F0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCE687	0_2_00BCE687
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3D681	0_2_00C3D681
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D92694	0_2_00D92694
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C81698	0_2_00C81698
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C95698	0_2_00C95698
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA9692	0_2_00CA9692
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5169C	0_2_00C5169C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6669F	0_2_00C6669F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C96694	0_2_00C96694
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5E69A	0_2_00C5E69A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9D6AE	0_2_00C9D6AE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE46D0	0_2_00BE46D0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA06B2	0_2_00CA06B2
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8E6B5	0_2_00C8E6B5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BDE630	0_2_00BDE630
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C40651	0_2_00C40651
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6165B	0_2_00C6165B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDD66C	0_2_00CDD66C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD961B	0_2_00BD961B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5D663	0_2_00C5D663
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6866E	0_2_00C6866E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCF60D	0_2_00BCF60D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB167D	0_2_00CB167D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C82672	0_2_00C82672
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD960D	0_2_00CD960D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C27600	0_2_00C27600
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3F601	0_2_00C3F601
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBA609	0_2_00CBA609
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2F601	0_2_00C2F601
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6F601	0_2_00C6F601
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCE607	0_2_00CCE607
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAB605	0_2_00CAB605
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C25612	0_2_00C25612
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8661D	0_2_00C8661D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9762E	0_2_00C9762E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BF8650	0_2_00BF8650
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBF632	0_2_00CBF632
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAF7CA	0_2_00CAF7CA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC97C7	0_2_00CC97C7
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA27C6	0_2_00CA27C6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB87EB	0_2_00CB87EB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBF7E9	0_2_00CBF7E9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C747F3	0_2_00C747F3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C707FE	0_2_00C707FE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D7C7EC	0_2_00D7C7EC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC9780	0_2_00BC9780
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4E796	0_2_00C4E796
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C86792	0_2_00C86792
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB7796	0_2_00CB7796
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C877A1	0_2_00C877A1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C367A8	0_2_00C367A8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C767AC	0_2_00C767AC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD57C0	0_2_00BD57C0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE9739	0_2_00BE9739
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7F752	0_2_00C7F752
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C39763	0_2_00C39763
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB276A	0_2_00CB276A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C27764	0_2_00C27764
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9B778	0_2_00C9B778
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7877F	0_2_00C7877F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2677E	0_2_00C2677E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC0772	0_2_00CC0772
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2270F	0_2_00C2270F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD2750	0_2_00BD2750
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC5722	0_2_00CC5722
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB573B	0_2_00CB573B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3E731	0_2_00C3E731
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCA739	0_2_00CCA739
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4B732	0_2_00C4B732
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE7740	0_2_00BE7740
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4E8C1	0_2_00C4E8C1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBD8C0	0_2_00CBD8C0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C558C8	0_2_00C558C8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BF88B0	0_2_00BF88B0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C288CD	0_2_00C288CD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA38DA	0_2_00CA38DA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAE8DD	0_2_00CAE8DD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BDC8A0	0_2_00BDC8A0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9F8EE	0_2_00C9F8EE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C608ED	0_2_00C608ED
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C428E8	0_2_00C428E8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7B8F2	0_2_00C7B8F2
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C718FF	0_2_00C718FF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C858F0	0_2_00C858F0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4188C	0_2_00C4188C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BDB8F6	0_2_00BDB8F6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4B897	0_2_00C4B897
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C26896	0_2_00C26896
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C38899	0_2_00C38899
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7F89D	0_2_00C7F89D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC2891	0_2_00CC2891
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5789B	0_2_00C5789B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6C8A5	0_2_00C6C8A5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3C8A9	0_2_00C3C8A9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C888A5	0_2_00C888A5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BF38D0	0_2_00BF38D0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5B8B4	0_2_00C5B8B4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C988BE	0_2_00C988BE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC38C0	0_2_00BC38C0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCD83C	0_2_00BCD83C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8B848	0_2_00C8B848
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4784B	0_2_00C4784B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C53864	0_2_00C53864
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3A866	0_2_00C3A866
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8D86E	0_2_00C8D86E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8A873	0_2_00C8A873
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCD80C	0_2_00CCD80C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB580D	0_2_00CB580D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C97803	0_2_00C97803
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C23819	0_2_00C23819
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA5823	0_2_00CA5823
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4882B	0_2_00C4882B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7C833	0_2_00C7C833
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8F83D	0_2_00C8F83D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4383E	0_2_00C4383E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCC840	0_2_00BCC840
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBB834	0_2_00CBB834
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA19CC	0_2_00CA19CC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE39B9	0_2_00BE39B9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDC9CA	0_2_00CDC9CA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAC9C7	0_2_00CAC9C7
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C639D4	0_2_00C639D4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6F9D2	0_2_00C6F9D2
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D769CC	0_2_00D769CC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C009E0	0_2_00C009E0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD89EA	0_2_00CD89EA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8E9E3	0_2_00C8E9E3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4598E	0_2_00C4598E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2C98E	0_2_00C2C98E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BEC9EB	0_2_00BEC9EB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD6996	0_2_00CD6996
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCF9AF	0_2_00CCF9AF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C999A1	0_2_00C999A1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBD9A2	0_2_00CBD9A2
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2B9AE	0_2_00C2B9AE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2F9B8	0_2_00C2F9B8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9D9B3	0_2_00C9D9B3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C77945	0_2_00C77945
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C83944	0_2_00C83944
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C76956	0_2_00C76956
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C59956	0_2_00C59956
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C21956	0_2_00C21956
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6D953	0_2_00C6D953
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D82944	0_2_00D82944
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5A959	0_2_00C5A959
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE6910	0_2_00BE6910
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4C975	0_2_00C4C975
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC5900	0_2_00BC5900
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2E902	0_2_00C2E902
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C79905	0_2_00C79905
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C29911	0_2_00C29911
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BDE960	0_2_00BDE960
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C65919	0_2_00C65919
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4F929	0_2_00C4F929
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6F933	0_2_00C6F933
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD5937	0_2_00CD5937
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BE8ABC	0_2_00BE8ABC
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9CAC4	0_2_00C9CAC4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB1AC4	0_2_00CB1AC4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD9ADA	0_2_00CD9ADA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCAAE4	0_2_00CCAAE4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB6AE5	0_2_00CB6AE5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C31AF3	0_2_00C31AF3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C46AF9	0_2_00C46AF9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BF9A80	0_2_00BF9A80
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C28A85	0_2_00C28A85
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CBDAA9	0_2_00CBDAA9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB4AA0	0_2_00CB4AA0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD1AA1	0_2_00CD1AA1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD9AD0	0_2_00BD9AD0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC5AB3	0_2_00CC5AB3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C38A45	0_2_00C38A45
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCCA4B	0_2_00CCCA4B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7AA4F	0_2_00C7AA4F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C61A5F	0_2_00C61A5F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C33A59	0_2_00C33A59
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BFFA20	0_2_00BFFA20
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C92A69	0_2_00C92A69
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA9A6A	0_2_00CA9A6A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7BA6B	0_2_00C7BA6B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3BA6E	0_2_00C3BA6E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDDA7D	0_2_00CDDA7D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7EA74	0_2_00C7EA74
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA8A0B	0_2_00CA8A0B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD3A08	0_2_00CD3A08
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C25A04	0_2_00C25A04
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7DA01	0_2_00C7DA01
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8BA1B	0_2_00C8BA1B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CAAA1C	0_2_00CAAA1C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C66A2C	0_2_00C66A2C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA6A24	0_2_00CA6A24
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BF5A4F	0_2_00BF5A4F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BFDA4D	0_2_00BFDA4D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3FA30	0_2_00C3FA30
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C82A3B	0_2_00C82A3B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6AA3A	0_2_00C6AA3A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BFCA40	0_2_00BFCA40
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C72BCF	0_2_00C72BCF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6EBC9	0_2_00C6EBC9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CADBDB	0_2_00CADBDB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC7BDD	0_2_00CC7BDD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C96BDB	0_2_00C96BDB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C41BD2	0_2_00C41BD2
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5ABDF	0_2_00C5ABDF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BC4BA0	0_2_00BC4BA0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C89BE9	0_2_00C89BE9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C6DBEE	0_2_00C6DBEE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2DBEE	0_2_00C2DBEE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB3BFE	0_2_00CB3BFE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7CBF1	0_2_00C7CBF1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D95BEE	0_2_00D95BEE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C95BF0	0_2_00C95BF0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BDEB80	0_2_00BDEB80
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCFBF3	0_2_00CCFBF3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB9B8A	0_2_00CB9B8A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C5EB8C	0_2_00C5EB8C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC4B9C	0_2_00CC4B9C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C39B99	0_2_00C39B99
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C79BA6	0_2_00C79BA6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C18BA7	0_2_00C18BA7
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C68BA1	0_2_00C68BA1
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4BBB6	0_2_00C4BBB6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CABB40	0_2_00CABB40
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C50B4A	0_2_00C50B4A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC0B58	0_2_00CC0B58
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD8B1B	0_2_00BD8B1B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C60B60	0_2_00C60B60
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BFFB10	0_2_00BFFB10
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C80B7B	0_2_00C80B7B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CD2B0E	0_2_00CD2B0E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C93B0D	0_2_00C93B0D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C34B05	0_2_00C34B05
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C51B03	0_2_00C51B03
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C67B10	0_2_00C67B10
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C2BB28	0_2_00C2BB28
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDEB23	0_2_00CDEB23
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA4B25	0_2_00CA4B25
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C61B36	0_2_00C61B36
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BCAB40	0_2_00BCAB40
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7CCC4	0_2_00C7CCC4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC0CC7	0_2_00CC0CC7
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C3ACCE	0_2_00C3ACCE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BD4CA0	0_2_00BD4CA0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CB9CE4	0_2_00CB9CE4
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C37CF9	0_2_00C37CF9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BF1CF0	0_2_00BF1CF0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4FC9B	0_2_00C4FC9B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C4DCA5	0_2_00C4DCA5
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C42CAD	0_2_00C42CAD
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C9FCB0	0_2_00C9FCB0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D31C56	0_2_00D31C56
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D36C5B	0_2_00D36C5B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C70C4D	0_2_00C70C4D
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C35C67	0_2_00C35C67
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CC6C6A	0_2_00CC6C6A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C7FC6B	0_2_00C7FC6B
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00BF3C10	0_2_00BF3C10
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CA5C65	0_2_00CA5C65
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CCBC7C	0_2_00CCBC7C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00CDCC73	0_2_00CDCC73
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D90C1E	0_2_00D90C1E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C53C09	0_2_00C53C09
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C48C09	0_2_00C48C09
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C8AC1F	0_2_00C8AC1F

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: String function: 00BC7F60 appears 40 times
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: String function: 00BD4C90 appears 77 times

Source: r06aMlvVyM.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: r06aMlvVyM.exe	Static PE information: Section: ZLIB complexity 0.9996170343137255
Source: r06aMlvVyM.exe	Static PE information: Section: kyqqejaz ZLIB complexity 0.9945479144913485

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Code function: 0_2_00BF2070 CoCreateInstance,

0_2_00BF2070

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: r06aMlvVyM.exe	ReversingLabs: Detection: 57%
Source: r06aMlvVyM.exe	Virustotal: Detection: 52%

Source: r06aMlvVyM.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

File read: C:\Users\user\Desktop\r06aMlvVyM.exe

Jump to behavior

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: r06aMlvVyM.exe

Static file information: File size 1888256 > 1048576

Source: r06aMlvVyM.exe

Static PE information: Raw size of kyqqejaz is bigger than: 0x100000 < 0x1a3000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Unpacked PE file: 0.2.r06aMlvVyM.exe.bc0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kyqqejaz:EW;rffdicvy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;kyqqejaz:EW;rffdicvy:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: r06aMlvVyM.exe

Static PE information: real checksum: 0x1cf68c should be: 0x1d57ee

Source: r06aMlvVyM.exe	Static PE information: section name:
Source: r06aMlvVyM.exe	Static PE information: section name: .idata
Source: r06aMlvVyM.exe	Static PE information: section name:
Source: r06aMlvVyM.exe	Static PE information: section name: kyqqejaz
Source: r06aMlvVyM.exe	Static PE information: section name: rffdicvy
Source: r06aMlvVyM.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C19670 push 49324C01h; mov dword ptr [esp], eax	0_2_00C19686
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C180C1 push edi; mov dword ptr [esp], esi	0_2_00C196AA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C180C1 push esi; mov dword ptr [esp], eax	0_2_00C19903
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C180C1 push ecx; mov dword ptr [esp], esi	0_2_00C19E08
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00E780E4 push eax; mov dword ptr [esp], ebx	0_2_00E780E8
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C180D0 push eax; mov dword ptr [esp], 1EDA44A8h	0_2_00C183AF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C500EE push ebx; mov dword ptr [esp], ecx	0_2_00C5015A
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C500EE push ebx; mov dword ptr [esp], 3F795E01h	0_2_00C5016F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C500EE push 1CF071B2h; mov dword ptr [esp], esi	0_2_00C501A6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C500EE push edx; mov dword ptr [esp], 7AFDBCDDh	0_2_00C50225
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C500EE push 5171415Eh; mov dword ptr [esp], edi	0_2_00C5027C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C1C0A5 push ecx; mov dword ptr [esp], 1DBF60AAh	0_2_00C1F8D0
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C170A7 push 11F31900h; mov dword ptr [esp], edx	0_2_00C17752
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00EB506B push eax; mov dword ptr [esp], ebx	0_2_00EB50E6
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00EB506B push 6A9D4AD8h; mov dword ptr [esp], eax	0_2_00EB50FB
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00EB506B push 7E09D234h; mov dword ptr [esp], ecx	0_2_00EB5191
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C1C040 push edx; mov dword ptr [esp], ecx	0_2_00C1E92E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C1C040 push 6EC40F3Fh; mov dword ptr [esp], ecx	0_2_00C1E939
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C1D042 push edi; mov dword ptr [esp], ebx	0_2_00C1D05C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00C1C04B push 25B6EF0Bh; mov dword ptr [esp], esi	0_2_00C1ED00
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push esi; mov dword ptr [esp], ecx	0_2_00D8505C
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push 6246487Fh; mov dword ptr [esp], edx	0_2_00D850AA
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push edi; mov dword ptr [esp], edx	0_2_00D850DF
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push edx; mov dword ptr [esp], esi	0_2_00D850E3
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push edi; mov dword ptr [esp], ebp	0_2_00D85113
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push eax; mov dword ptr [esp], ebp	0_2_00D8515F
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push eax; mov dword ptr [esp], edi	0_2_00D85168
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push 0AABD576h; mov dword ptr [esp], eax	0_2_00D852AE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push ecx; mov dword ptr [esp], 0F38FB6Dh	0_2_00D852E9
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push 632FAE7Bh; mov dword ptr [esp], ebp	0_2_00D8534E
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Code function: 0_2_00D85057 push 254FE6B4h; mov dword ptr [esp], esi	0_2_00D853B6

Source: r06aMlvVyM.exe	Static PE information: section name: entropy: 7.977710247290401
Source: r06aMlvVyM.exe	Static PE information: section name: kyqqejaz entropy: 7.953521262056772

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8B6B3 second address: D8B6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8B6B8 second address: D8B6EC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007F5298732F06h 0x00000009 pop esi 0x0000000a jmp 00007F5298732F15h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jnc 00007F5298732F0Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8B6EC second address: D8B6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8B6F2 second address: D8B6F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8B6F6 second address: D8B717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5298B5D266h 0x0000000b push ebx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9DEFA second address: D9DF04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F5298732F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E210 second address: D9E214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E214 second address: D9E218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E218 second address: D9E21E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E21E second address: D9E22F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5298732F0Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E22F second address: D9E23F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F5298B5D25Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E508 second address: D9E50E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E50E second address: D9E514 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E514 second address: D9E51A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E51A second address: D9E51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D9E51E second address: D9E52B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5298732F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA15D4 second address: DA1637 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D262h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b jns 00007F5298B5D262h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 je 00007F5298B5D26Ch 0x0000001b jmp 00007F5298B5D266h 0x00000020 mov eax, dword ptr [eax] 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F5298B5D265h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1758 second address: DA175D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA175D second address: DA1763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA193F second address: DA1943 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1943 second address: DA196D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5298B5D256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5298B5D25Bh 0x0000000f popad 0x00000010 pop eax 0x00000011 lea ebx, dword ptr [ebp+1245C4FBh] 0x00000017 sub edi, 299F8E0Ah 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA196D second address: DA1977 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5298732F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1A21 second address: DA1A6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F5298B5D263h 0x00000011 jc 00007F5298B5D258h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e jne 00007F5298B5D264h 0x00000024 mov eax, dword ptr [eax] 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jnc 00007F5298B5D256h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1A6D second address: DA1A7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1A7E second address: DA1B18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jmp 00007F5298B5D264h 0x00000013 pop eax 0x00000014 mov ch, dl 0x00000016 push 00000003h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F5298B5D258h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 pushad 0x00000035 sub edx, 65A99585h 0x0000003b jmp 00007F5298B5D267h 0x00000040 popad 0x00000041 push 00000003h 0x00000043 call 00007F5298B5D259h 0x00000048 jp 00007F5298B5D25Eh 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jno 00007F5298B5D264h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1B18 second address: DA1B41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jns 00007F5298732F06h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 push esi 0x00000014 jmp 00007F5298732F10h 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1B41 second address: DA1B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1B45 second address: DA1B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1B49 second address: DA1B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5298B5D269h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DA1B6D second address: DA1B9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5298732F11h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC25FA second address: DC2600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC2600 second address: DC2613 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F0Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC0643 second address: DC0653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5298B5D256h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC0653 second address: DC0668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5298732F06h 0x0000000a pop edi 0x0000000b pop eax 0x0000000c jne 00007F5298732F14h 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC0668 second address: DC066E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8EC32 second address: D8EC38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC0BD3 second address: DC0BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298B5D261h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC0D7D second address: DC0D93 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F5298732F0Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC0D93 second address: DC0D99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC0D99 second address: DC0DA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5298732F0Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC12A9 second address: DC12AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DB69FF second address: DB6A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F5298732F06h 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DB6A13 second address: DB6A21 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5298B5D256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DB6A21 second address: DB6A2B instructions: 0x00000000 rdtsc 0x00000002 je 00007F5298732F06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DB6A2B second address: DB6A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5298B5D25Dh 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC1E66 second address: DC1E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F5298732F08h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5298732F0Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC2154 second address: DC2159 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC2419 second address: DC243C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F14h 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jp 00007F5298732F06h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC243C second address: DC2448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC2448 second address: DC2467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5298732F0Dh 0x0000000c jmp 00007F5298732F0Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC2467 second address: DC2477 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D25Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC2477 second address: DC247D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC247D second address: DC2483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC3AB8 second address: DC3ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D7FCCB second address: D7FCCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D7FCCF second address: D7FCD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC602B second address: DC6031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC6031 second address: DC6063 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F5298732F14h 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F5298732F0Dh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC6063 second address: DC6067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC6067 second address: DC607C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e jng 00007F5298732F06h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC4855 second address: DC485B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC485B second address: DC485F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC507F second address: DC5088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC5088 second address: DC50B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007F5298732F06h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC50B0 second address: DC50C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D25Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC6157 second address: DC619C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5298732F0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F5298732F0Ah 0x00000013 jmp 00007F5298732F0Ch 0x00000018 popad 0x00000019 jo 00007F5298732F08h 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 popad 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F5298732F0Bh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DC630F second address: DC6319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCA831 second address: DCA846 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F11h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD4C7 second address: DCD4CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD4CB second address: DCD4D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD4D1 second address: DCD507 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5298B5D271h 0x00000008 jmp 00007F5298B5D269h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jbe 00007F5298B5D256h 0x0000001a jno 00007F5298B5D256h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD507 second address: DCD510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD510 second address: DCD516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD516 second address: DCD522 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 js 00007F5298732F06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD522 second address: DCD52D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jbe 00007F5298B5D256h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD686 second address: DCD68C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD68C second address: DCD690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD690 second address: DCD694 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCD956 second address: DCD966 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F5298B5D25Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCDD6C second address: DCDD72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCDD72 second address: DCDD8A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5298B5D256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F5298B5D25Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCDEB9 second address: DCDEC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5298732F0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD14A8 second address: DD14B2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5298B5D256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD16A7 second address: DD16AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD16AB second address: DD16B9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F5298B5D256h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD1749 second address: DD176B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5298732F18h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD176B second address: DD1779 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F5298B5D256h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD1FB7 second address: DD1FCD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5298732F0Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD254F second address: DD2553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD2553 second address: DD255A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD255A second address: DD257C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5298B5D267h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD257C second address: DD258F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD4159 second address: DD416E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5298B5D261h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD416E second address: DD41BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F5298732F12h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 mov di, si 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007F5298732F08h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 add edi, 36E16F9Ah 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD41BC second address: DD41C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD41C0 second address: DD41C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD41C4 second address: DD41CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD5BC0 second address: DD5C16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F5298732F08h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov dword ptr [ebp+122D1906h], eax 0x00000027 push 00000000h 0x00000029 mov esi, edx 0x0000002b push 00000000h 0x0000002d xchg eax, ebx 0x0000002e push eax 0x0000002f push ebx 0x00000030 jmp 00007F5298732F17h 0x00000035 pop ebx 0x00000036 pop eax 0x00000037 push eax 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD5C16 second address: DD5C1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDD78F second address: DDD837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F5298732F08h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 call 00007F5298732F10h 0x00000027 jng 00007F5298732F0Ch 0x0000002d jo 00007F5298732F06h 0x00000033 pop ebx 0x00000034 push 00000000h 0x00000036 jmp 00007F5298732F16h 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push eax 0x00000040 call 00007F5298732F08h 0x00000045 pop eax 0x00000046 mov dword ptr [esp+04h], eax 0x0000004a add dword ptr [esp+04h], 00000015h 0x00000052 inc eax 0x00000053 push eax 0x00000054 ret 0x00000055 pop eax 0x00000056 ret 0x00000057 add edi, 25A7EB7Ch 0x0000005d xchg eax, esi 0x0000005e jno 00007F5298732F1Ch 0x00000064 push eax 0x00000065 js 00007F5298732F14h 0x0000006b pushad 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDD837 second address: DDD83D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDE717 second address: DDE75F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5298732F0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F5298732F08h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 push 00000000h 0x00000029 mov dword ptr [ebp+122D1A3Bh], esi 0x0000002f push 00000000h 0x00000031 clc 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 push ecx 0x00000036 pushad 0x00000037 popad 0x00000038 pop ecx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDBA5A second address: DDBA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDF6A6 second address: DDF6AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDBA5F second address: DDBA69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F5298B5D256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDBA69 second address: DDBA80 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5298732F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007F5298732F06h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDBA80 second address: DDBA91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D25Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDBA91 second address: DDBA96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DDD954 second address: DDD964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 je 00007F5298B5D264h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE084E second address: DE087C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jg 00007F5298732F06h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F5298732F1Fh 0x00000015 jmp 00007F5298732F19h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE087C second address: DE0882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE0882 second address: DE0886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE0886 second address: DE0907 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 add dword ptr [ebp+122D3936h], ebx 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov di, 8B48h 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007F5298B5D258h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b mov bh, al 0x0000003d mov eax, dword ptr [ebp+122D06EDh] 0x00000043 pushad 0x00000044 mov edx, dword ptr [ebp+122D299Fh] 0x0000004a mov di, 5349h 0x0000004e popad 0x0000004f push FFFFFFFFh 0x00000051 call 00007F5298B5D263h 0x00000056 jbe 00007F5298B5D259h 0x0000005c mov di, bx 0x0000005f pop ebx 0x00000060 nop 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 jo 00007F5298B5D256h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE0907 second address: DE090B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE6EE7 second address: DE6EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE6EEB second address: DE6EF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F5298732F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE1A00 second address: DE1A06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DE2AB3 second address: DE2B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d add dword ptr [ebp+122D1B10h], ebx 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov bx, 22E8h 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F5298732F08h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 00000016h 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f push ebx 0x00000040 mov ebx, 380E4E66h 0x00000045 pop edi 0x00000046 mov edi, esi 0x00000048 mov eax, dword ptr [ebp+122D0F81h] 0x0000004e jg 00007F5298732F06h 0x00000054 push FFFFFFFFh 0x00000056 push 00000000h 0x00000058 push eax 0x00000059 call 00007F5298732F08h 0x0000005e pop eax 0x0000005f mov dword ptr [esp+04h], eax 0x00000063 add dword ptr [esp+04h], 0000001Ah 0x0000006b inc eax 0x0000006c push eax 0x0000006d ret 0x0000006e pop eax 0x0000006f ret 0x00000070 pushad 0x00000071 mov esi, 5F75D756h 0x00000076 jmp 00007F5298732F11h 0x0000007b popad 0x0000007c push eax 0x0000007d push eax 0x0000007e push edx 0x0000007f jnc 00007F5298732F08h 0x00000085 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEA04D second address: DEA058 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F5298B5D256h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEA058 second address: DEA0EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 jns 00007F5298732F0Ch 0x0000000f pop edi 0x00000010 nop 0x00000011 mov dword ptr [ebp+122D1EBEh], eax 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007F5298732F08h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 jmp 00007F5298732F14h 0x00000038 mov edi, dword ptr [ebp+122D17BEh] 0x0000003e push 00000000h 0x00000040 jns 00007F5298732F28h 0x00000046 sub dword ptr [ebp+122D281Ah], ecx 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push esi 0x00000050 push edi 0x00000051 pop edi 0x00000052 pop esi 0x00000053 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEB1B9 second address: DEB1C3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5298B5D256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEB1C3 second address: DEB1C8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEB1C8 second address: DEB229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F5298B5D258h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 mov edi, dword ptr [ebp+122D2797h] 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ebx 0x0000002d call 00007F5298B5D258h 0x00000032 pop ebx 0x00000033 mov dword ptr [esp+04h], ebx 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc ebx 0x00000040 push ebx 0x00000041 ret 0x00000042 pop ebx 0x00000043 ret 0x00000044 sub dword ptr [ebp+122D2C39h], eax 0x0000004a push 00000000h 0x0000004c and edi, 3654D11Eh 0x00000052 xchg eax, esi 0x00000053 jc 00007F5298B5D260h 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEC1FA second address: DEC218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5298732F16h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEC218 second address: DEC21C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEA24E second address: DEA258 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5298732F0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEA332 second address: DEA337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEA337 second address: DEA33D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEB30D second address: DEB312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEB312 second address: DEB31C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F5298732F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEE2CF second address: DEE375 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F5298B5D258h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 and edi, 527EA13Ah 0x00000029 mov ebx, dword ptr [ebp+122D21B3h] 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007F5298B5D258h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b mov ebx, dword ptr [ebp+122D29A3h] 0x00000051 mov dword ptr [ebp+122D27D3h], edx 0x00000057 push 00000000h 0x00000059 jmp 00007F5298B5D269h 0x0000005e mov edi, 669D0215h 0x00000063 xchg eax, esi 0x00000064 jmp 00007F5298B5D267h 0x00000069 push eax 0x0000006a push eax 0x0000006b push edx 0x0000006c ja 00007F5298B5D25Ch 0x00000072 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEB3F6 second address: DEB3FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEB3FA second address: DEB3FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DEB3FE second address: DEB404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DF4331 second address: DF4338 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DF4CF0 second address: DF4CF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DF4CF6 second address: DF4CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DF87B8 second address: DF87DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F5298732F10h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5298732F0Ch 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DF8947 second address: DF8951 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5298B5D256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DF8951 second address: DF895F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DFD9DD second address: DFD9F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D268h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DFD9F9 second address: DFDA12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5298732F15h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DFDBA7 second address: DFDBAD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DFDBAD second address: DFDBD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jng 00007F5298732F06h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 js 00007F5298732F21h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F5298732F0Fh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DFDBD6 second address: DFDBF0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5298B5D256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5298B5D25Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02E8E second address: E02EAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F19h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0237D second address: E0239F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5298B5D256h 0x00000008 jmp 00007F5298B5D260h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0239F second address: E023AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298732F0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E023AE second address: E023BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D25Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E023BF second address: E023C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E023C9 second address: E023CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0250F second address: E02515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02515 second address: E02530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F5298B5D25Eh 0x0000000b jnp 00007F5298B5D256h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E026AC second address: E026B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E026B2 second address: E026BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E026BF second address: E026C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E026C3 second address: E026CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E026CF second address: E026F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F0Ch 0x00000007 jmp 00007F5298732F13h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E026F6 second address: E026FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02AD6 second address: E02AFD instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5298732F06h 0x00000008 jmp 00007F5298732F11h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 je 00007F5298732F06h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02AFD second address: E02B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02B01 second address: E02B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F5298732F16h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02B25 second address: E02B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02B2B second address: E02B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02B30 second address: E02B37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02CD8 second address: E02CE2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5298732F06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02CE2 second address: E02CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F5298B5D25Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02CF8 second address: E02CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E02CFE second address: E02D02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D881AA second address: D881B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D881B0 second address: D881B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D881B5 second address: D881C3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 jng 00007F5298732F0Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8670A second address: D86727 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F5298B5D256h 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007F5298B5D256h 0x00000017 jbe 00007F5298B5D256h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DCFE14 second address: DB69FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D1B5Fh], eax 0x0000000f call dword ptr [ebp+122D17E3h] 0x00000015 jc 00007F5298732F12h 0x0000001b push edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD0038 second address: DD0042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F5298B5D256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD0042 second address: DD0046 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD0422 second address: DD04C3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5298B5D25Ch 0x00000008 jl 00007F5298B5D256h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jno 00007F5298B5D25Ah 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push esi 0x0000001c jnp 00007F5298B5D26Dh 0x00000022 jmp 00007F5298B5D267h 0x00000027 pop esi 0x00000028 mov eax, dword ptr [eax] 0x0000002a jno 00007F5298B5D260h 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 jmp 00007F5298B5D261h 0x00000039 pop eax 0x0000003a push 00000000h 0x0000003c push eax 0x0000003d call 00007F5298B5D258h 0x00000042 pop eax 0x00000043 mov dword ptr [esp+04h], eax 0x00000047 add dword ptr [esp+04h], 0000001Dh 0x0000004f inc eax 0x00000050 push eax 0x00000051 ret 0x00000052 pop eax 0x00000053 ret 0x00000054 mov ecx, 4A3B27D4h 0x00000059 jnc 00007F5298B5D258h 0x0000005f push 63BB719Eh 0x00000064 pushad 0x00000065 pushad 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD04C3 second address: DD04C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD074B second address: DD0768 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5298B5D256h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5298B5D25Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD0BE0 second address: DD0BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD0BE6 second address: DD0BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD0BEA second address: DD0C19 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a js 00007F5298732F0Ch 0x00000010 jnp 00007F5298732F06h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F5298732F17h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD1005 second address: DB75EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D269h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F5298B5D258h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov ecx, dword ptr [ebp+122D2B43h] 0x0000002a call dword ptr [ebp+122D1918h] 0x00000030 push eax 0x00000031 push edx 0x00000032 jno 00007F5298B5D267h 0x00000038 push eax 0x00000039 push edx 0x0000003a push edi 0x0000003b pop edi 0x0000003c push edx 0x0000003d pop edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DB75EF second address: DB75F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DB75F5 second address: DB75FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DB75FB second address: DB7609 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F5298732F0Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0A9F8 second address: E0AA67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F5298B5D269h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 push edi 0x00000013 jmp 00007F5298B5D25Eh 0x00000018 pop edi 0x00000019 push edx 0x0000001a jmp 00007F5298B5D264h 0x0000001f push eax 0x00000020 pop eax 0x00000021 pop edx 0x00000022 push ebx 0x00000023 push esi 0x00000024 pop esi 0x00000025 pop ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F5298B5D269h 0x0000002d push ebx 0x0000002e pop ebx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0AD38 second address: E0AD43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5298732F06h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0AD43 second address: E0AD69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D261h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F5298B5D268h 0x0000000f pushad 0x00000010 jp 00007F5298B5D256h 0x00000016 push edi 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0AEB5 second address: E0AED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298732F19h 0x00000009 popad 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0AED8 second address: E0AEDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E0B05A second address: E0B0A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F5298732F0Ch 0x00000011 pushad 0x00000012 jmp 00007F5298732F16h 0x00000017 jc 00007F5298732F06h 0x0000001d jne 00007F5298732F06h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D906CC second address: D906F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D25Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5298B5D268h 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E129B1 second address: E129CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E129CE second address: E129D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E129D4 second address: E129D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E12CBA second address: E12CBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E12CBF second address: E12CDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E12CDE second address: E12CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E12CE2 second address: E12CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F5298732F06h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E12E41 second address: E12E46 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E12E46 second address: E12E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e pushad 0x0000000f jmp 00007F5298732F13h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E130F8 second address: E13130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5298B5D256h 0x0000000a jmp 00007F5298B5D25Fh 0x0000000f popad 0x00000010 jp 00007F5298B5D26Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E13410 second address: E1344C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F5298732F17h 0x0000000a jmp 00007F5298732F12h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jnp 00007F5298732F30h 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1344C second address: E1345C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298B5D25Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E13588 second address: E1358D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1358D second address: E13593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E13828 second address: E1382D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E13E2C second address: E13E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E13E35 second address: E13E44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E19CD4 second address: E19CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5298B5D256h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5298B5D25Bh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E19E3A second address: E19E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E19E3E second address: E19E42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1A18E second address: E1A1BB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F5298732F0Fh 0x00000008 jmp 00007F5298732F10h 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jnp 00007F5298732F06h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1A330 second address: E1A335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8D215 second address: D8D232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5298732F16h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1D274 second address: E1D27B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1D27B second address: E1D281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1FD7F second address: E1FD85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1F8AD second address: E1F8B7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5298732F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1F8B7 second address: E1F8BC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E1F8BC second address: E1F8EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5298732F06h 0x0000000a pop edi 0x0000000b jc 00007F5298732F08h 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jno 00007F5298732F15h 0x0000001c jmp 00007F5298732F0Dh 0x00000021 push esi 0x00000022 pop esi 0x00000023 push edi 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E25D9A second address: E25DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F5298B5D261h 0x0000000b popad 0x0000000c pop esi 0x0000000d js 00007F5298B5D26Dh 0x00000013 push ebx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E262EB second address: E262FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F5298732F08h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E26464 second address: E2646E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5298B5D256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2646E second address: E26474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD0AA1 second address: DD0AA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E27129 second address: E2712E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2712E second address: E27150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F5298B5D256h 0x0000000a jmp 00007F5298B5D268h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2A68D second address: E2A69A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5298732F06h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2A69A second address: E2A6B8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F5298B5D25Ch 0x00000008 jnl 00007F5298B5D256h 0x0000000e pop edx 0x0000000f jl 00007F5298B5D25Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2A963 second address: E2A976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5298732F0Bh 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2AD5F second address: E2AD93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298B5D25Eh 0x00000009 pop ecx 0x0000000a jnc 00007F5298B5D271h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2AF0C second address: E2AF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2AF12 second address: E2AF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2AF16 second address: E2AF1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2AF1A second address: E2AF2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5298B5D256h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2AF2C second address: E2AF31 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2E51F second address: E2E531 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D25Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2E531 second address: E2E541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jng 00007F5298732F06h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2DC23 second address: E2DC28 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2DDC7 second address: E2DDE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298732F16h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2DDE1 second address: E2DDE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E2DDE7 second address: E2DE03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5298732F10h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E34CC3 second address: E34CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 js 00007F5298B5D256h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E35514 second address: E3553B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5298732F21h 0x00000008 jmp 00007F5298732F15h 0x0000000d jo 00007F5298732F06h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E36147 second address: E3614C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E3614C second address: E36156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F5298732F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E36156 second address: E3615C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E36714 second address: E3671E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E3A933 second address: E3A946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5298B5D25Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E39B97 second address: E39B9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E39B9B second address: E39BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E39BA1 second address: E39BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5298732F14h 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E3A644 second address: E3A648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E3A648 second address: E3A64E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E3A64E second address: E3A661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5298B5D25Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E3A661 second address: E3A666 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E3F406 second address: E3F40D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E3F40D second address: E3F418 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop edi 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E47E9E second address: E47EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jnc 00007F5298B5D256h 0x00000010 jnp 00007F5298B5D256h 0x00000016 popad 0x00000017 popad 0x00000018 push edi 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E46221 second address: E46227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E46227 second address: E4622B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4622B second address: E4626D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298732F0Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F5298732F14h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F5298732F18h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E46629 second address: E46645 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5298B5D256h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5298B5D25Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E46645 second address: E46655 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jne 00007F5298732F06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E46655 second address: E46659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E46AE4 second address: E46AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F5298732F12h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E45C0D second address: E45C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4CDA0 second address: E4CDB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F5298732F0Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4CDB7 second address: E4CDBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4CDBC second address: E4CDCC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5298732F12h 0x00000008 ja 00007F5298732F06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4CDCC second address: E4CDF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5298B5D265h 0x0000000e jl 00007F5298B5D256h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4CDF0 second address: E4CE14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5298732F14h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F5298732F06h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D81858 second address: D8189F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D260h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F5298B5D267h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F5298B5D264h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D8189F second address: D818A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4FB9D second address: E4FBB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D263h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4FD74 second address: E4FDB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F0Dh 0x00000007 jmp 00007F5298732F0Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop esi 0x00000012 pushad 0x00000013 jc 00007F5298732F06h 0x00000019 jmp 00007F5298732F15h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E4FDB5 second address: E4FDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5298B5D266h 0x0000000d pushad 0x0000000e jp 00007F5298B5D256h 0x00000014 jmp 00007F5298B5D269h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E51A97 second address: E51AB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F11h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F5298732F06h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E51AB2 second address: E51AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E5DEEB second address: E5DEF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E5DEF1 second address: E5DEF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E5DEF5 second address: E5DEF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E63431 second address: E63466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298B5D265h 0x00000009 pop esi 0x0000000a push ecx 0x0000000b jmp 00007F5298B5D269h 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E635B1 second address: E635B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E635B7 second address: E635BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E635BB second address: E635C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F5298732F06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E635C7 second address: E635D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007F5298B5D256h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E635D5 second address: E635D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E6821F second address: E6823F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298B5D263h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F5298B5D256h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E6823F second address: E68243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E68243 second address: E68249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E7002F second address: E70038 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E70038 second address: E70041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E795B3 second address: E795B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E795B7 second address: E795CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F5298B5D25Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E795CD second address: E795D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D956A4 second address: D956A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E7850D second address: E78511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E78511 second address: E7852C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F5298B5D265h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E7AC3A second address: E7AC45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F5298732F06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E7F130 second address: E7F13A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5298B5D256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E7F13A second address: E7F140 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8CEEB second address: E8CEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pushad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8CEF9 second address: E8CF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8CF02 second address: E8CF1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298B5D267h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8CF1D second address: E8CF38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F5298732F06h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8CF38 second address: E8CF44 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8CF44 second address: E8CF48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: D831ED second address: D831F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8F5D6 second address: E8F621 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F5298732F11h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jg 00007F5298732F06h 0x00000012 jmp 00007F5298732F16h 0x00000017 jg 00007F5298732F06h 0x0000001d jg 00007F5298732F06h 0x00000023 popad 0x00000024 jbe 00007F5298732F0Eh 0x0000002a push eax 0x0000002b pop eax 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8F621 second address: E8F62B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8F62B second address: E8F632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E91071 second address: E91075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E91075 second address: E9107B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E90F1C second address: E90F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F5298B5D256h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E8AC47 second address: E8AC4D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: E9E470 second address: E9E474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB276B second address: EB2782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e pushad 0x0000000f jl 00007F5298732F06h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2908 second address: EB2938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298B5D260h 0x00000009 jmp 00007F5298B5D263h 0x0000000e popad 0x0000000f jns 00007F5298B5D262h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2938 second address: EB297D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5298732F06h 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007F5298732F10h 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F5298732F0Ch 0x0000001e popad 0x0000001f pushad 0x00000020 jmp 00007F5298732F11h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB297D second address: EB2983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2983 second address: EB2988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2ABE second address: EB2AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2AC4 second address: EB2ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2ACC second address: EB2AEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5298B5D25Ah 0x00000009 jmp 00007F5298B5D264h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2AEF second address: EB2B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5298732F0Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2B02 second address: EB2B26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298B5D269h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2B26 second address: EB2B39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 jc 00007F5298732F06h 0x0000000c ja 00007F5298732F06h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2B39 second address: EB2B42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2E31 second address: EB2E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5298732F06h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5298732F11h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2E4F second address: EB2E59 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5298B5D25Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB2FB5 second address: EB2FBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB326D second address: EB3279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB3279 second address: EB3283 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5298732F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB33E6 second address: EB33EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB8D03 second address: EB8D14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F5298732F06h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB8D14 second address: EB8D18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB8D18 second address: EB8D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB8DA0 second address: EB8DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F5298B5D258h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB8EDC second address: EB8F0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jmp 00007F5298732F15h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB8F0B second address: EB8F1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5298B5D25Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB8FB7 second address: EB8FFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jns 00007F5298732F08h 0x0000000d popad 0x0000000e nop 0x0000000f add dword ptr [ebp+122D1BE9h], ecx 0x00000015 push 00000004h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007F5298732F08h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 sbb dl, 00000001h 0x00000034 push 14ED59ADh 0x00000039 pushad 0x0000003a pushad 0x0000003b pushad 0x0000003c popad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB8FFB second address: EB901B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5298B5D269h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB901B second address: EB901F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EB9306 second address: EB932F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5298B5D258h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jnl 00007F5298B5D258h 0x00000013 jno 00007F5298B5D258h 0x00000019 popad 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EBA884 second address: EBA8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5298732F06h 0x0000000a jc 00007F5298732F06h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jns 00007F5298732F0Ch 0x00000019 pop ecx 0x0000001a pushad 0x0000001b pushad 0x0000001c jc 00007F5298732F06h 0x00000022 jne 00007F5298732F06h 0x00000028 jng 00007F5298732F06h 0x0000002e jnp 00007F5298732F06h 0x00000034 popad 0x00000035 push eax 0x00000036 push edx 0x00000037 push ecx 0x00000038 pop ecx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EBA8C5 second address: EBA8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EBC7B9 second address: EBC7C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EBC7C1 second address: EBC7C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: EBC7C5 second address: EBC7EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5298732F16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5298732F0Dh 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD561E second address: DD5623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD5821 second address: DD5839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5298732F06h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5298732F0Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	RDTSC instruction interceptor: First address: DD5839 second address: DD583D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Special instruction interceptor: First address: DF4D68 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Special instruction interceptor: First address: E57566 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Code function: 0_2_00C180C1 rdtsc

0_2_00C180C1

Source: C:\Users\user\Desktop\r06aMlvVyM.exe TID: 2820	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe TID: 1292	Thread sleep time: -42021s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe TID: 3292	Thread sleep time: -46023s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe TID: 7156	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: r06aMlvVyM.exe, r06aMlvVyM.exe, 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: r06aMlvVyM.exe, 00000000.00000003.2511268001.0000000001777000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512272386.0000000001777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512401569.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511447964.00000000017B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: r06aMlvVyM.exe, 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	File opened: NTICE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	File opened: SICE
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\r06aMlvVyM.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Code function: 0_2_00C180C1 rdtsc

0_2_00C180C1

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Code function: 0_2_00BFE110 LdrInitializeThunk,

0_2_00BFE110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: r06aMlvVyM.exe	String found in binary or memory: hummskitnj.buzz
Source: r06aMlvVyM.exe	String found in binary or memory: appliacnesot.buzz
Source: r06aMlvVyM.exe	String found in binary or memory: cashfuzysao.buzz
Source: r06aMlvVyM.exe	String found in binary or memory: inherineau.buzz
Source: r06aMlvVyM.exe	String found in binary or memory: screwamusresz.buzz
Source: r06aMlvVyM.exe	String found in binary or memory: rebuildeso.buzz
Source: r06aMlvVyM.exe	String found in binary or memory: scentniej.buzz
Source: r06aMlvVyM.exe	String found in binary or memory: mindhandru.buzz
Source: r06aMlvVyM.exe	String found in binary or memory: prisonyfork.buzz

Source: r06aMlvVyM.exe, r06aMlvVyM.exe, 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: tProgram Manager

Source: C:\Users\user\Desktop\r06aMlvVyM.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	24 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	23 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
r06aMlvVyM.exe	58%	ReversingLabs	Win32.Trojan.LummaC
r06aMlvVyM.exe	53%	Virustotal		Browse
r06aMlvVyM.exe	100%	Avira	TR/Crypt.XPACK.Gen
r06aMlvVyM.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://mindhandru.buzz/apiX	0%	Avira URL Cloud	safe
https://mindhandru.buzz:443/apilY	0%	Avira URL Cloud	safe
https://mindhandru.buzz/d	0%	Avira URL Cloud	safe
https://mindhandru.buzz/apithor	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mindhandru.buzz	172.67.165.185	true	false		high

Contacted URLs

Name	Malicious	Reputation
scentniej.buzz	false	high
prisonyfork.buzz	false	high
rebuildeso.buzz	false	high
appliacnesot.buzz	false	high
hummskitnj.buzz	false	high
mindhandru.buzz	false	high
screwamusresz.buzz	false	high
cashfuzysao.buzz	false	high
inherineau.buzz	false	high
https://mindhandru.buzz/api	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://mindhandru.buzz/apithor	r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512401569.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511447964.00000000017B2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.micro	r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511373266.00000000017FB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mindhandru.buzz/	r06aMlvVyM.exe, 00000000.00000003.2511447964.00000000017B2000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512329361.0000000001792000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mindhandru.buzz:443/apilY	r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/apiX	r06aMlvVyM.exe, 00000000.00000002.2512210725.000000000174E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mindhandru.buzz/d	r06aMlvVyM.exe, 00000000.00000003.2511173364.00000000017AC000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000002.2512401569.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, r06aMlvVyM.exe, 00000000.00000003.2511447964.00000000017B2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.165.185	mindhandru.buzz	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580879
Start date and time:	2024-12-26 12:48:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	r06aMlvVyM.exe renamed because original name is a hash value
Original Sample Name:	d1f6c2083d94c10bf23c7364e0553d90.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
06:49:19	API Interceptor	46x Sleep call for process: r06aMlvVyM.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.165.185	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse
	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse
	dEugughckk.exe	Get hash	malicious	LummaC	Browse
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse
	https://click.jipolismall.de/i86/	Get hash	malicious	Unknown	Browse
	https://ser.optimalesi.de/i87/	Get hash	malicious	Unknown	Browse
	https://ser.optimalesi.de/i68	Get hash	malicious	Unknown	Browse
	https://cpanel.vivatell.de/i105/	Get hash	malicious	Unknown	Browse
	https://cpanel.vivatell.de/i105/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mindhandru.buzz	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	ZX2M0AXZ56.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.11.101
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	dEugughckk.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Solara-v3.0.exe	Get hash	malicious	LummaC	Browse	172.67.165.185

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	i8Vwc7iOaG.exe	Get hash	malicious	LummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, Vidar	Browse	172.67.150.49
	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	104.21.66.86
	ZX2M0AXZ56.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	104.21.11.101
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	104.21.11.101
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	172.67.157.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	XM6cn2uNux.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	ZX2M0AXZ56.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	6GNqkkKY0j.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	0Pm0sadcCP.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	172.67.165.185
	TTsfmr1RWm.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	COBYmpzi7q.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	rwFNJ4pHWG.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	Ebgl8jb6CW.exe	Get hash	malicious	LummaC	Browse	172.67.165.185
	lBsKTx65QC.exe	Get hash	malicious	LummaC	Browse	172.67.165.185

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949754081918627
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	r06aMlvVyM.exe
File size:	1'888'256 bytes
MD5:	d1f6c2083d94c10bf23c7364e0553d90
SHA1:	73c77c7c0a0e07970cfea13a3032fd214836849c
SHA256:	3fd3fd24c4062b35ebab8f893be3c41be54d687dda4236c8f17121dc85a426dc
SHA512:	8d2fc6d97a487ade3d335fcb17d04db3b4850a6f72a09a9dae15522705b1f7e633c86a1820ee8fb67278d9fe7f8d442e5bc28755a69160fb8a6337cc2d4c11fc
SSDEEP:	49152:jkX0ECGPXmvFaJaNWKCSK75kVmeTUzQAfBcQB29:jM1PGooNx2UvTUzQqi9
TLSH:	B19533833E8BE20EF3AE1373EE721122B719FF034E5A56D5B8AC91F5042B7548891579
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................J...........@...........................J...........@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8aa000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F52993A4A6Ah
stmxcsr dword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F52993A6A65h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	e4b5b77be0dd0173f7384243293df991	False	0.9996170343137255	data	7.977710247290401	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1ac	0x200	c4249243ceaeb236e3ce8ce2ab2c9a69	False	0.5390625	data	5.249019796122045	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x2b1000	0x200	549027bb12ea7b92dccc9e390412fad0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
kyqqejaz	0x306000	0x1a3000	0x1a3000	8befc8fbcb297597509a63b88840f0c3	False	0.9945479144913485	data	7.953521262056772	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rffdicvy	0x4a9000	0x1000	0x400	10b03a9795b38f51bd855f9edd38c2db	False	0.755859375	data	5.86793174332557	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4aa000	0x3000	0x2200	1d87788c06cc512fc3bb10cade673e24	False	0.0646829044117647	DOS executable (COM)	0.7232042425668372	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T12:49:05.560879+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49704	172.67.165.185	443	TCP
2024-12-26T12:49:20.572167+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49704	172.67.165.185	443	TCP
2024-12-26T12:49:20.572167+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49704	172.67.165.185	443	TCP
2024-12-26T12:49:21.922096+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49713	172.67.165.185	443	TCP
2024-12-26T12:49:43.638626+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49713	172.67.165.185	443	TCP
2024-12-26T12:49:43.638626+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49713	172.67.165.185	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:49:04.237426043 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:04.237488985 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:04.237571001 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:04.246721029 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:04.246736050 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:05.560693026 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:05.560878992 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:05.565320015 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:05.565341949 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:05.565805912 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:05.606625080 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:05.619337082 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:05.619363070 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:05.619560957 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:20.572180033 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:20.572277069 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:20.572331905 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:20.607372046 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:20.607415915 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:20.607434034 CET	49704	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:20.607441902 CET	443	49704	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:20.617742062 CET	49713	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:20.617767096 CET	443	49713	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:20.617860079 CET	49713	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:20.618179083 CET	49713	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:20.618192911 CET	443	49713	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:21.921888113 CET	443	49713	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:21.922096014 CET	49713	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:21.923959017 CET	49713	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:21.923970938 CET	443	49713	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:21.924231052 CET	443	49713	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:21.926019907 CET	49713	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:21.926049948 CET	49713	443	192.168.2.5	172.67.165.185
Dec 26, 2024 12:49:21.926151991 CET	443	49713	172.67.165.185	192.168.2.5
Dec 26, 2024 12:49:43.637886047 CET	49713	443	192.168.2.5	172.67.165.185

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 12:49:03.674170971 CET	49421	53	192.168.2.5	1.1.1.1
Dec 26, 2024 12:49:04.194399118 CET	53	49421	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 12:49:03.674170971 CET	192.168.2.5	1.1.1.1	0x86f	Standard query (0)	mindhandru.buzz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 12:49:04.194399118 CET	1.1.1.1	192.168.2.5	0x86f	No error (0)	mindhandru.buzz		172.67.165.185	A (IP address)	IN (0x0001)	false
Dec 26, 2024 12:49:04.194399118 CET	1.1.1.1	192.168.2.5	0x86f	No error (0)	mindhandru.buzz		104.21.11.101	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mindhandru.buzz

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	172.67.165.185	443	2272	C:\Users\user\Desktop\r06aMlvVyM.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:49:05 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mindhandru.buzz
2024-12-26 11:49:05 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-26 11:49:20 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 26 Dec 2024 11:49:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=v8t30p4teu6hhg80i6r29mbtbh; expires=Mon, 21 Apr 2025 05:35:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CxX59ySxJ1OqKByiYxRLHrMT4jA1%2F6FYyEYj1Pvg60Us4VN4foI46z1M7ZduaMMEYfgSdfd48deZjgE3CmcPkXivc78Zt7SST9WlaXmODWjknU8G%2FQeZNlqt%2F1w4gUXJOvw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f80d8777cca0f4b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1478&min_rtt=1470&rtt_var=568&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1896103&cwnd=230&unsent_bytes=0&cid=86a06e70e6aaaf98&ts=15028&x=0"
2024-12-26 11:49:20 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-26 11:49:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	172.67.165.185	443	2272	C:\Users\user\Desktop\r06aMlvVyM.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 11:49:21 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: mindhandru.buzz
2024-12-26 11:49:21 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=

Target ID:	0
Start time:	06:49:02
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\r06aMlvVyM.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\r06aMlvVyM.exe"
Imagebase:	0xbc0000
File size:	1'888'256 bytes
MD5 hash:	D1F6C2083D94C10BF23C7364E0553D90
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	22%
Total number of Nodes:	59
Total number of Limit Nodes:	3

Executed Functions

Function 00BC8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00BC8A4A

Part of subcall function 00BCB7B0: FreeLibrary.KERNEL32(00BC8A31), ref: 00BCB7B6
Part of subcall function 00BCB7B0: FreeLibrary.KERNEL32 ref: 00BCB7D7

Strings

b]u), xrefs: 00BC8877
}, xrefs: 00BC8913
}, xrefs: 00BC890C

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: 77413afbcc234f78f6becf27d7cafe4cf79b4a22f800fa985d68771fc14a1c7a
Instruction ID: f56e3936dd20d2d835c4897bdb2a6c41b5503e96b00a26eb5a5c6444c321985c
Opcode Fuzzy Hash: 77413afbcc234f78f6becf27d7cafe4cf79b4a22f800fa985d68771fc14a1c7a
Instruction Fuzzy Hash: FAC1F573E187154BC708DF69C84135AF7D6ABC8710F0AC56EA898EB391EA74DC048BC6

Function 00BFE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00C0148A,?,00000018,?,?,00000018,?,?,?), ref: 00BFE13E

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00C01720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=<32, xrefs: 00C0176D

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: 92dbc3ac6eb1629802fceac24331b84cc2f7153cf41b2a9911aa62c605977be3
Instruction ID: aa04a78902909c7d3a23a6b3b4c5f1cd1be04fe69639ad0432f19b4b669ca86f
Opcode Fuzzy Hash: 92dbc3ac6eb1629802fceac24331b84cc2f7153cf41b2a9911aa62c605977be3
Instruction Fuzzy Hash: BB312538608304ABE7149A599C91B3FF3A6EB84750F1D862CFA95572E0D771DE80D782

Function 00BC9D1E Relevance: 3.1, APIs: 2, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00BC9D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00BC9E78

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 50247b300a3e55962113310dced366c155fd2e037b4e974129cd5ad895d54b1f
Instruction ID: 4d59574dec27ec0dfe3c45493b9bf21e7e9405c0b623f16304f3b5ccf11b91d0
Opcode Fuzzy Hash: 50247b300a3e55962113310dced366c155fd2e037b4e974129cd5ad895d54b1f
Instruction Fuzzy Hash: D341E5B4D003409FEB159F7899D6A5A7FB1EB06324F51529CD4902F3E6C631540ACBE2

Function 00BCEF53 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00BCF09D

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 821de123be6c643a81222857e92475e295776ec96e74f4671c5f8543a5fa5796
Instruction ID: da4df3578fbf987084e306bc23ad87e8d9248293feb3d2e622c9a2862f45aee8
Opcode Fuzzy Hash: 821de123be6c643a81222857e92475e295776ec96e74f4671c5f8543a5fa5796
Instruction Fuzzy Hash: 3541D8B4910B40AFD370EF3D9A4B7137EB8AB05250F504B1EF9E6866D4E231A4198BD7

Function 00BCEC77 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00BCECA2

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: a8c1bf6d7072debb839069c33ce425b2454cd073f9e36d7b803b955499d7a2f4
Instruction ID: 0ab68e7c9ab8a0febc5c1eb8f035c16c25639b520aecdba831d5c5d0d0f2eb57
Opcode Fuzzy Hash: a8c1bf6d7072debb839069c33ce425b2454cd073f9e36d7b803b955499d7a2f4
Instruction Fuzzy Hash: 07E092343DA3427BF63992259C63F2A31065B42F29E316B05B3253E3D4CAD03101C50C

Function 00BC9EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00BC9ED2

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 155052ea8ea81f823bc36993345a3bcb1103cc8415f08f7a864a6ec4efba1df8
Instruction ID: f3dc4ab78c4bfa1a287e0799ff9945ffae74001b16a834abcb261adcfa699534
Opcode Fuzzy Hash: 155052ea8ea81f823bc36993345a3bcb1103cc8415f08f7a864a6ec4efba1df8
Instruction Fuzzy Hash: 82E02B336406029BD700EB34EC47F5E3356DB153417078438E205C2175EA729410DE10

Function 00BFC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,00BFE0F9), ref: 00BFC590

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 3764802ed27abd73c1b6d9934a088a6b72aebc627ec14832c530d89254fd799e
Instruction ID: 212e730fec73e2e46a8a2e844e44bdb668b4c7889571a6927fb41316b8e21892
Opcode Fuzzy Hash: 3764802ed27abd73c1b6d9934a088a6b72aebc627ec14832c530d89254fd799e
Instruction Fuzzy Hash: 75D0C931816122EBCA502F28BC06BDB3B94EF49320F078891B5046A1B5C665EC91CAD0

Function 00BFC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00BFC561

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 7cf0e95230580dd98df0544ec49d146fded7e06e187b2bfeb038537a3663085c
Instruction ID: 79c3ffb898026aa3553e5d997681d533df0aeb46614519afd5d26754a3febd3d
Opcode Fuzzy Hash: 7cf0e95230580dd98df0544ec49d146fded7e06e187b2bfeb038537a3663085c
Instruction Fuzzy Hash: 14A001751841109ADA562B64BC09BC87A21AB59621F128191F101590FAC66198A29A84

Function 00BCDDBB Relevance: 1.3, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 00BCDDC4

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: 59e7aa081e3b209abff4b3cf3d543a8735d2d75dfdd62092a9ec5eeb30ee37f0
Instruction ID: 3564e36ea74f7106edb11ecb8d3a8a670d1220560049412d508956b140eee89e
Opcode Fuzzy Hash: 59e7aa081e3b209abff4b3cf3d543a8735d2d75dfdd62092a9ec5eeb30ee37f0
Instruction Fuzzy Hash: CBC0122526C40187C7489224EEA6B3F32968B87288325A86E84979235AE6A4E9018E84

Function 00C198E4 Relevance: 1.3, APIs: 1, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00C19FCA

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8756417f423f592c532a1df87223a2bba622ded021eb13c123648eaa50cb59dd
Instruction ID: 0327463d13f425ef1fdcc6591e71637ce123676beca7aa2d748c18d7f61392c1
Opcode Fuzzy Hash: 8756417f423f592c532a1df87223a2bba622ded021eb13c123648eaa50cb59dd
Instruction Fuzzy Hash: 33E06D7640C604DFDB016FA084082FD77A0EF46321F250918EAD583680D6314CA0EB46

Function 00C19670 Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00C19675

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c712d3a140aa5c6de9e7b137ad294a671e54e7f6a496950bc7a333cb37401f00
Instruction ID: b213f5404fb35aa6108d2e5800caf11c92ce7bd0577fcb4fb1f8758d796ecec9
Opcode Fuzzy Hash: c712d3a140aa5c6de9e7b137ad294a671e54e7f6a496950bc7a333cb37401f00
Instruction Fuzzy Hash: 74E0E2F014DA05DFD7006FA6A4883B9BAE0EB0A300F92482DDAC686700E63218C0AA17

Non-executed Functions

Function 00BE42D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00BE43AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00BE443E

Strings

%r?p, xrefs: 00BE595F
13, xrefs: 00BE5BFC
b`, xrefs: 00BE55F9
=:, xrefs: 00BE57CE
N~4|, xrefs: 00BE593E
e>n<, xrefs: 00BE588E
r:i8, xrefs: 00BE5899
uw, xrefs: 00BE5B57
ut, xrefs: 00BE5CE3
+$e, xrefs: 00BE4365, 00BE437A
+$e, xrefs: 00BE43FA, 00BE442B
y{, xrefs: 00BE5B36
|r, xrefs: 00BE53A8
<j:h, xrefs: 00BE5975
=?, xrefs: 00BE5BF1
gd, xrefs: 00BE5E60
Xs, xrefs: 00BE5CD8
tj, xrefs: 00BE53BE
DD, xrefs: 00BE5CEE
n l, xrefs: 00BE596A

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1429676654
Opcode ID: 27e54609ea0070bfbf4557433a3a84273129bc0980aeda570eedaf7d631041db
Instruction ID: 4e98625f0fe78454325701190aea3e7f2306051419b0262d633884312b678837
Opcode Fuzzy Hash: 27e54609ea0070bfbf4557433a3a84273129bc0980aeda570eedaf7d631041db
Instruction Fuzzy Hash: 83C20CB560C3848AD334CF14C452BDFBAF2EB82304F00892DD5E96B255D7B5864A8B9B

Function 00BCB100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON

Download Yara Rule

Strings

hI2K, xrefs: 00BCB25D
XyR{, xrefs: 00BCB2D5
zMzO, xrefs: 00BCB267
k=W?, xrefs: 00BCB23F
b6j4, xrefs: 00BCB57D
(Y6[, xrefs: 00BCB285
Gq\s, xrefs: 00BCB2C1
Ym]o, xrefs: 00BCB2B7
yQrS, xrefs: 00BCB271
.AtC, xrefs: 00BCB249
D!M#, xrefs: 00BCB1F9
Gu@w, xrefs: 00BCB2CB
S%U', xrefs: 00BCB203
pE}G, xrefs: 00BCB253
9]_, xrefs: 00BCB28F

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: c97349b543112e45b6b8574e480a8a1394a72923350f6212131f283f8c9a816a
Instruction ID: d52175b6b458f9e4b60cbcfd882b0c75f4aee66c96833b796b617668e3d8c34b
Opcode Fuzzy Hash: c97349b543112e45b6b8574e480a8a1394a72923350f6212131f283f8c9a816a
Instruction Fuzzy Hash: A30255B1210B01CFD724CF25D891BABBBF1FB49314F118A2CE5AA8BAA0D775A445CF50

Function 00BF9280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32 ref: 00BF98DF
SysFreeString.OLEAUT32(?), ref: 00BF98E5

Strings

b{tu, xrefs: 00BF92D9, 00BF939B
:;$%, xrefs: 00BF99C0
t"j, xrefs: 00BF966E
Jtuj, xrefs: 00BF92E5
O^, xrefs: 00BF97A6
SB, xrefs: 00BF979E
gd, xrefs: 00BF968E
=hn, xrefs: 00BF9676

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: FreeString
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 3341692771-1335595022
Opcode ID: 06859de7625e125e7b54a877f4137e578f9f80343bbebc5b742929df68701d57
Instruction ID: fa1685a3f26d5d0946a456984ee39f01202cb68adfa52879a6dac5acac4fe59d
Opcode Fuzzy Hash: 06859de7625e125e7b54a877f4137e578f9f80343bbebc5b742929df68701d57
Instruction Fuzzy Hash: EE222276A083419BD310CF28C880B6BBBE2EFC5354F29896CE6949B391D775D845CB82

Function 00BD60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

3F&D, xrefs: 00BD6273
t~v:, xrefs: 00BD61E7
JyTK, xrefs: 00BD6160
L4, xrefs: 00BD6780
pt}w, xrefs: 00BD61F2
qRb`, xrefs: 00BD6133
L4, xrefs: 00BD6BA0
{zdy, xrefs: 00BD611D
~mfQ, xrefs: 00BD613E
*,-", xrefs: 00BD66EF
uqrs, xrefs: 00BD6AF0
ntxE, xrefs: 00BD6112
w}MI, xrefs: 00BD6128

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: 28eadd7a137ad97ad5a57a23403491b180cb382e11194bc8fca3947d8df11671
Instruction ID: c27a6fc71494276bbdb79c6e8e79de7d8d128597340d66e6fd52c3f149fb35a6
Opcode Fuzzy Hash: 28eadd7a137ad97ad5a57a23403491b180cb382e11194bc8fca3947d8df11671
Instruction Fuzzy Hash: 994212B26083518FC7248F28D8917AFB7E2FB95314F19897DE4D98B356EB358805CB42

Function 00BD1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON

Download Yara Rule

Strings

L, xrefs: 00BD1846
F, xrefs: 00BD184E
@, xrefs: 00BD17D0
>, xrefs: 00BD16FF
+, xrefs: 00BD17CB
`, xrefs: 00BD13A4
), xrefs: 00BD1A4D
[, xrefs: 00BD1555

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: )$+$>$@$F$L$[$`
API String ID: 0-4163809010
Opcode ID: 0b48b2fe1af0fdf3d0c6aba0191cd39e0065b9bd241e653c3433a255da0f4f8a
Instruction ID: 0449de6b2a8c25351b757a3187ea1c8bd86d520f1abf90d90039723a07ec6e19
Opcode Fuzzy Hash: 0b48b2fe1af0fdf3d0c6aba0191cd39e0065b9bd241e653c3433a255da0f4f8a
Instruction Fuzzy Hash: 3652917260D7808BD324DB3CC4957AEFBE1AB95320F194E6EE4D9C7382E67489418B53

Function 00D85057 Relevance: 11.6, Strings: 8, Instructions: 1632COMMON

Download Yara Rule

Strings

~dEF, xrefs: 00D859D0
;O^, xrefs: 00D85F0E
Rn, xrefs: 00D85AD3
n'/o, xrefs: 00D860D0
1jo, xrefs: 00D85338
YSE, xrefs: 00D85CB9
HW__, xrefs: 00D857D4
afm, xrefs: 00D853DE

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: ;O^$HW__$Rn$afm$n'/o$~dEF$1jo$YSE
API String ID: 0-4157196691
Opcode ID: 460f76b49abcb6b399243c174ff951b32c7d3f67a4017b317fa3f810352e5fda
Instruction ID: 5d08f10d1e4bb2dc8992d9fc5c35fbfceafc10e2efeda776d3518361ca68f1f1
Opcode Fuzzy Hash: 460f76b49abcb6b399243c174ff951b32c7d3f67a4017b317fa3f810352e5fda
Instruction Fuzzy Hash: A3B238F390C2049FE3046E2DDC8567AFBE9EF94720F1A4A3DEAC583744EA3558058697

Function 00D8A151 Relevance: 10.4, Strings: 7, Instructions: 1603COMMON

Download Yara Rule

Strings

PI~, xrefs: 00D8B2F7
p{n, xrefs: 00D8A4AF
g~, xrefs: 00D8B31F
o 7~, xrefs: 00D8ACDB
F6yW, xrefs: 00D8AEFF
S~, xrefs: 00D8A340
km, xrefs: 00D8B026

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: km$F6yW$PI~$S~$o 7~$p{n$g~
API String ID: 0-1162185939
Opcode ID: c1f28dc312408143253115a6b2cffa990fb22ea1611ed6ab6bf3deb16edce66b
Instruction ID: a0ed3209693d5efcca12acc473a5c08eb3fb46c81a34a5b9aa8132cd939f73a3
Opcode Fuzzy Hash: c1f28dc312408143253115a6b2cffa990fb22ea1611ed6ab6bf3deb16edce66b
Instruction Fuzzy Hash: 21B2F6F3A0C2049FE3046E2DEC8567AFBE9EB98720F16463DE6C5C3744E63598058697

Function 00BD747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00BD75C5

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 26b15031e0491a1dc195d85ae97f5f0fd1cdc255084cb0635114645c45bccbc2
Instruction ID: bbce080251e425b35338f338608676f3c8d5ecc407d5383f7c6539bbd53ff02a
Opcode Fuzzy Hash: 26b15031e0491a1dc195d85ae97f5f0fd1cdc255084cb0635114645c45bccbc2
Instruction Fuzzy Hash: E38214715083518BC724CF28C8917ABB7E1EFC9314F198AADE8D5973A5FB358805CB52

Function 00BC9310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON

Download Yara Rule

Strings

;"I, xrefs: 00BC944E
,6.2, xrefs: 00BC9446
cbrn, xrefs: 00BC93EE
FM, xrefs: 00BC9370
A, xrefs: 00BC9698
PTvu, xrefs: 00BC96F3
WAg., xrefs: 00BC943E

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
API String ID: 0-3116088196
Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction ID: a78dfc39d081dbe34bf9d94dba175a0880e8a18305600d753421dfc47d25555b
Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction Fuzzy Hash: 05C1257160C3D58BE322CF6994A075BBFD1DFE6300F094AACE4D51B382D365890ACB92

Function 00BE81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00BE84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00BE85B4

Strings

_^]\, xrefs: 00BE8A15
LF7Y, xrefs: 00BE8951

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: f6ca5ccb258b6846889ccac6542ea738621b0c44dfb536506cb8984585fe0730
Instruction ID: afd2897332613d15cd3a6cc6a55c949cb38e2f61f2af14b38e94a3b1bfa308bb
Opcode Fuzzy Hash: f6ca5ccb258b6846889ccac6542ea738621b0c44dfb536506cb8984585fe0730
Instruction Fuzzy Hash: 9D22F371A08381CFD7248F29D88072FB7E1FF85310F1A4AACE999573A1DB35A945CB52

Function 00BE83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00BE84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00BE85B4

Strings

_^]\, xrefs: 00BE8A15
LF7Y, xrefs: 00BE8951

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 901a40f306c4464cdba05f311af880fc460f43209280f7fe6fbc13fd7149c755
Instruction ID: f02417781ff87ae010987babcac413e68bfc1883baf1d637c899ea3f48c2fb53
Opcode Fuzzy Hash: 901a40f306c4464cdba05f311af880fc460f43209280f7fe6fbc13fd7149c755
Instruction Fuzzy Hash: 2312E171A08381CFD7248F29D88072FBBE1FF85310F1A4AACE999572A1D735A945CB52

Function 00D9411C Relevance: 6.6, Strings: 4, Instructions: 1558COMMON

Download Yara Rule

Strings

GPo, xrefs: 00D94530
p[{W, xrefs: 00D94951
zO, xrefs: 00D94DD6
8IN], xrefs: 00D94DD0

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: 8IN]$GPo$p[{W$zO
API String ID: 0-654625476
Opcode ID: b7e239fde68ceb97ad26fe148777409ab326e88bbd19b45780595edaafe4e393
Instruction ID: 8e04c0e3805e3f635e734760f20b09dc7a94b2fb43003d87796fffc0223689a5
Opcode Fuzzy Hash: b7e239fde68ceb97ad26fe148777409ab326e88bbd19b45780595edaafe4e393
Instruction Fuzzy Hash: A7A2F4F360C200AFE708AE2DEC8567AFBE9EF94720F16493DE6C583344E63558018697

Function 00BE24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

;GsA, xrefs: 00BE2520
pCj], xrefs: 00BE2528
.[TU, xrefs: 00BE2538
"_,Y, xrefs: 00BE2530
=K0E, xrefs: 00BE2544

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: b8994ea27608297af414667a52c331d7c69740ba814b699e3478076e79b03192
Instruction ID: a5cee0f5d5b21945de305c56e0180ee82d856daedc7f7f40df63d3e28df80f53
Opcode Fuzzy Hash: b8994ea27608297af414667a52c331d7c69740ba814b699e3478076e79b03192
Instruction Fuzzy Hash: 1D9124B16083409BDB10DF25C892B67B3F9EF95314F18846CF88A8B292E374DD05C752

Function 00BD8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

gfff, xrefs: 00BD8458
SP, xrefs: 00BD8396
7, xrefs: 00BD8419
^`/4, xrefs: 00BD81E1
2h?n, xrefs: 00BD83A0

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: 4cce4045701c434591618f75df6037cdd0407fd3933c5ec863cb88294ed4de2b
Instruction ID: 94c95179c6afda719c50c2ef3082dc1b341b65f2cb86836107d59bec9b86769a
Opcode Fuzzy Hash: 4cce4045701c434591618f75df6037cdd0407fd3933c5ec863cb88294ed4de2b
Instruction Fuzzy Hash: 68A13772A143514BD314CF28D85176FB7E2FBC4319F198A7EE489D7391EA3888068781

Function 00BE1340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON

Download Yara Rule

Strings

{s, xrefs: 00BE1520
9deZ, xrefs: 00BE1818
sp, xrefs: 00BE1528
eb, xrefs: 00BE16F6

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: 9deZ$eb$sp${s
API String ID: 0-3993331145
Opcode ID: 1e4555a0132773561342724e405a0ea4af669e60c72deba8dbd79141605081cb
Instruction ID: e2268b18ed085448994f92b501cb5b064385b734222ba526edfac3677341eb19
Opcode Fuzzy Hash: 1e4555a0132773561342724e405a0ea4af669e60c72deba8dbd79141605081cb
Instruction Fuzzy Hash: 3CD126B12183448BC728DF29C89166BB7F2FFD1354F18CA5CE4968B3A0E7789904C792

Function 00BE91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00BE91DA

Strings

wpq, xrefs: 00BE92B7
+Ku, xrefs: 00BE92AF

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 84ccfff776a5258a40dbcaf9aff738830019c96af930a5a82d66da841335d72a
Instruction ID: 000bfe8ee4a46963c2cc1333557e4e6c43a848cdc77105c7350c9d979a5a5c4f
Opcode Fuzzy Hash: 84ccfff776a5258a40dbcaf9aff738830019c96af930a5a82d66da841335d72a
Instruction Fuzzy Hash: 9451BC7220C3528FC324CF29984076FB7E2EBC5310F15892DE5AACB285DB30D50ACB92

Function 00D8F101 Relevance: 5.3, Strings: 3, Instructions: 1582COMMON

Download Yara Rule

Strings

>lw9, xrefs: 00D8F28E
/>., xrefs: 00D8F21F
*(/u, xrefs: 00D8F2F3

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: *(/u$/>.$>lw9
API String ID: 0-3228025221
Opcode ID: aa77a127e9c758dc4e8c448d43c4feeeb4956e1208c533a40493022257a9a9ab
Instruction ID: d4e0c400211190ff4a67eb50ee673a1ee7be863b9d627d38905f159bec07f01b
Opcode Fuzzy Hash: aa77a127e9c758dc4e8c448d43c4feeeb4956e1208c533a40493022257a9a9ab
Instruction Fuzzy Hash: C7B2F5F3A0C2009FE7046E29DC8577AB7E9EF94720F1A493DEAC4C7740EA3598458697

Function 00BE90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00BE9170

Strings

M/(, xrefs: 00BE913D
M/(, xrefs: 00BE919E

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: 9ebd8bed2a7c12a9f3901a2fc5d5ec46cd42a7641c77a67c3f38ce75e6e66db2
Instruction ID: 82cec22907c194f952931f099684f589477ef45b59df18fa807595907cbe7182
Opcode Fuzzy Hash: 9ebd8bed2a7c12a9f3901a2fc5d5ec46cd42a7641c77a67c3f38ce75e6e66db2
Instruction Fuzzy Hash: 91212371A5C3515FE714CE349881B9FB7AAEBC2700F01892CE0D1EB1C5D675880BC752

Function 00BEA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON

Download Yara Rule

Strings

i, xrefs: 00BEA527
VN, xrefs: 00BEA520
VN, xrefs: 00BEA5C6
i, xrefs: 00BEA5CD

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: VN$VN$i$i
API String ID: 0-1885346908
Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction ID: 10151f6067539d832501a2ad4876e3eaebf6fec2e37ddaf066bd66c197d71cff
Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
Instruction Fuzzy Hash: 1021D82114C3C18AD3058E7680412A6FBEBEBD6718F2946AED0F15F391E73BD9094757

Function 00D874BD Relevance: 4.6, Strings: 3, Instructions: 899COMMON

Download Yara Rule

Strings

b]{w, xrefs: 00D87AAF
@`c, xrefs: 00D875E0
b]{w, xrefs: 00D87ABD

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: @`c$b]{w$b]{w
API String ID: 0-3141370741
Opcode ID: 6c95ceb15a19dba4cc7762d5a22655d94f3a6700cfc0458df7d02f43f50e553b
Instruction ID: 927930d29015a499ecf08ae41f750ceea87d06fe9226391ae4d5727c0f70c719
Opcode Fuzzy Hash: 6c95ceb15a19dba4cc7762d5a22655d94f3a6700cfc0458df7d02f43f50e553b
Instruction Fuzzy Hash: 6542FAF360C2049FE3046E2DECC577ABBE9EB94720F1A4A3DEAC4D3744E53598058696

Function 00BEA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00BEA49C, 00BEA188
<\hX, xrefs: 00BEA236
.txt, xrefs: 00BEA371

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 8697b6156acd36dbf3cfe1cec0847703505d407d4cfd5e300738ce10783ed3ec
Instruction ID: 38912bc482862110e74d6f85adfdfa82ac7e1d1b2efb0f72a353ba079e67d907
Opcode Fuzzy Hash: 8697b6156acd36dbf3cfe1cec0847703505d407d4cfd5e300738ce10783ed3ec
Instruction Fuzzy Hash: 94C1037190C380DFE7089F29D88172EBBE6AF85310F198AACF595472A2D735A945CB13

Function 00BCD4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON

Download Yara Rule

Strings

mindhandru.buzz, xrefs: 00BCD819
Fm, xrefs: 00BCD6DD
V], xrefs: 00BCD6E4

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: Fm$V]$mindhandru.buzz
API String ID: 0-77585785
Opcode ID: 5c76838266ae0278bd5e5e5373d00a4989deaca25884b29feb02a806f24ad580
Instruction ID: 8c2db95783ada2a9770c582eb00a12b0b9361c60526e95e71a68c1b7c3eda0f1
Opcode Fuzzy Hash: 5c76838266ae0278bd5e5e5373d00a4989deaca25884b29feb02a806f24ad580
Instruction Fuzzy Hash: 3491A0B52557408FD325CF29C480A56BFE2EF9631872986ECC0994F766C73AA807CB50

Function 00BDD003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 00BDD4DD
bh, xrefs: 00BDD4D6

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: a17215104961e58e7c8fbfe7e32ebd8e965caabbdfd4c95238322206d1906920
Instruction ID: 7e083c864042bba70bf407cc8298f67afab3f6c695a07d4a1bff8241ead0fdd7
Opcode Fuzzy Hash: a17215104961e58e7c8fbfe7e32ebd8e965caabbdfd4c95238322206d1906920
Instruction Fuzzy Hash: 263215B1A01612CBCB24CF28C8916B7F7F1FFA5310B19829DD8969B394F734A941CB95

Function 00CA7437 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

=, xrefs: 00CA754C
;W6/, xrefs: 00CA7950

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: ;W6/$=
API String ID: 0-446516737
Opcode ID: 00942bc64fe01f88d5e76d509f73debd5529932d3db33b4c9ed17da4a6bd22c8
Instruction ID: 828f8a86060f7a8b794b3a59698823a35fb311c559cd5b51004582a2df4f4736
Opcode Fuzzy Hash: 00942bc64fe01f88d5e76d509f73debd5529932d3db33b4c9ed17da4a6bd22c8
Instruction Fuzzy Hash: 65E1E1B3F142218BF3045D39DD583667683EBD4324F2B823D9A999B7C8E97E5C064384

Function 00C6D2D9 Relevance: 3.0, Strings: 2, Instructions: 459COMMON

Download Yara Rule

Strings

V_7, xrefs: 00C6D848
_5?, xrefs: 00C6D7CF

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: V_7$_5?
API String ID: 0-24832360
Opcode ID: f8d68ebdf21c7dc7026ef7fdee1c79af0cd45041efbf324c6590e8202bb4b8bc
Instruction ID: 7665a3a5cd6ca9b5fb1c4ad083c2a9f1931001c610b491c105811ab62c976f9c
Opcode Fuzzy Hash: f8d68ebdf21c7dc7026ef7fdee1c79af0cd45041efbf324c6590e8202bb4b8bc
Instruction Fuzzy Hash: F4E1D2B3F146108BF3049E28DC89366B6D2EBD4320F2B863DDA88977C5D97D9C068785

Function 00C3712C Relevance: 2.9, Strings: 2, Instructions: 441COMMON

Download Yara Rule

Strings

S}, xrefs: 00C37456
&>{_, xrefs: 00C37477

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: &>{_$S}
API String ID: 0-3239928942
Opcode ID: ceebcf6e6b7c2a203711fcd5b0ff9dd7202e9da3e39c9862806142226ed768d9
Instruction ID: b8aa0f43b2b1e24a2f5071385ae391974962fd962cf8f7810fd214531af2644d
Opcode Fuzzy Hash: ceebcf6e6b7c2a203711fcd5b0ff9dd7202e9da3e39c9862806142226ed768d9
Instruction Fuzzy Hash: F1E120F3F146108BF3145E29DC443B6B7D2EBD5321F2A813D9A88977C4E97D9C058285

Function 00BC4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 00BC4661
), xrefs: 00BC42EB

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 23a6a49c9491c2877a52c2c2944be1f01fbf8134ecc034304b78848798e58fce
Instruction ID: 2320c5f49f1a681b5f5fca3a7fcbdab653200d1a6054580f985002905f5e447a
Opcode Fuzzy Hash: 23a6a49c9491c2877a52c2c2944be1f01fbf8134ecc034304b78848798e58fce
Instruction Fuzzy Hash: 99D1D0B19083849FD720CF14D895B9FBBE0EB94304F14496DF9999B382D775EA08CB92

Function 00CE9250 Relevance: 2.7, Strings: 2, Instructions: 196COMMON

Download Yara Rule

Strings

H m, xrefs: 00CE9484
yuv, xrefs: 00CE942A

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: yuv$H m
API String ID: 0-201462077
Opcode ID: 23f4b2f47de9afb54ac2c9de94d4144304b3f449d430d6f11ddcdcbb3230fde3
Instruction ID: ef89d0a6ca41396ec16f21d187b81a0cf3a51f7d1c1de6f2feae05d68b7f3690
Opcode Fuzzy Hash: 23f4b2f47de9afb54ac2c9de94d4144304b3f449d430d6f11ddcdcbb3230fde3
Instruction Fuzzy Hash: 8F5126F3D086249FD3486E29DC4423AB7E9EB94720F134A3EE9C9D7344EA795840C782

Function 00CD32C2 Relevance: 1.8, Strings: 1, Instructions: 512COMMON

Download Yara Rule

Strings

Ju_, xrefs: 00CD383B

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: Ju_
API String ID: 0-3297940421
Opcode ID: ba1861066bd818fbbcaad39661f24ff14d36885aebaaf7e002efc27f1b2a3c7b
Instruction ID: 3bdf4dadd297b432f75eefcb7479f396a88ca980bb78138d527c6ac798ea3e03
Opcode Fuzzy Hash: ba1861066bd818fbbcaad39661f24ff14d36885aebaaf7e002efc27f1b2a3c7b
Instruction Fuzzy Hash: 5DF1DEB3E015204BF3184939DC59366BA92ABD4320F2B863DCE9DAB7C4D93E5C0A43C4

Function 00CDB5AC Relevance: 1.8, Strings: 1, Instructions: 504COMMON

Download Yara Rule

Strings

][o, xrefs: 00CDBC0F

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: ][o
API String ID: 0-2187919407
Opcode ID: 6ca0f2698823e5d324974458a3fa1e7465f099990a68f0a2044c53f3b5a4f1da
Instruction ID: a3eb94a87eedd33500eb6f8f10ee431522362dfaba97aa59fef0a33ed6e3af2e
Opcode Fuzzy Hash: 6ca0f2698823e5d324974458a3fa1e7465f099990a68f0a2044c53f3b5a4f1da
Instruction Fuzzy Hash: D902EEF3E146104BF3548E29DC983667692EBA1310F2F853D9F889B7C5E97E9C058385

Function 00C9401A Relevance: 1.7, Strings: 1, Instructions: 405COMMON

Download Yara Rule

Strings

a1, xrefs: 00C94364

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: a1
API String ID: 0-1385677540
Opcode ID: 6abcde5dac5cdde51bbe474b7c28c580fa3938116bdd2093551b6dd681c61b85
Instruction ID: 2924621155da1b7dea641dab5b18730151bab8a95a6ccc5aa5107a8ef7a0a1fd
Opcode Fuzzy Hash: 6abcde5dac5cdde51bbe474b7c28c580fa3938116bdd2093551b6dd681c61b85
Instruction Fuzzy Hash: 52D104B3F102144BF3584D29DC98376B296EBD9320F2F813D9A89A73C5D97E5D094385

Function 00BED17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 00BED2A4

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 988a2623f336c301b0bd36ee0212cb266f21a31c53de08b2dce4ac5fa0a051fd
Instruction ID: 943a0d67de7197b4f9376b9e177100d1e66126a9da32edd760c81fa9e6b10aa5
Opcode Fuzzy Hash: 988a2623f336c301b0bd36ee0212cb266f21a31c53de08b2dce4ac5fa0a051fd
Instruction Fuzzy Hash: 5941A0706043829BE3158F39C9A0B62BBE1EF57314F28868CE5D64F3A3D765984ACB51

Function 00BED34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

><+, xrefs: 00BED353

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: ><+
API String ID: 0-2918635699
Opcode ID: 91e883f88fc0246b0b8853e2d8b900a939345ef46c85901336ed5bb1600a15cc
Instruction ID: c6f687273a0cc0305e1c8a2ada6b39d63709b20c5ed6741fdf25e50f86d7552c
Opcode Fuzzy Hash: 91e883f88fc0246b0b8853e2d8b900a939345ef46c85901336ed5bb1600a15cc
Instruction Fuzzy Hash: 8AC1C3756047818FD725CF2AC490762FBE2FF9A310B28859DC4DA8B792D775E806CB50

Function 00BEB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 00BEB458

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction ID: d7d402df27073f720e623e184c9c4ddb650edbe960df07d29ac9818f1e2d6da5
Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction Fuzzy Hash: DBC14CB2A043855FD7158E26C4A1F6BB7D9EF90310F1D89ADE89587382E734DC44C792

Function 00C52249 Relevance: 1.6, Strings: 1, Instructions: 304COMMON

Download Yara Rule

Strings

{, xrefs: 00C5237D

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 9966430c37df8561067f27dc3a3246c2982083b168a2f80bab30f56bba97303e
Instruction ID: a1de70dd9fac1c72f029a678c8cf86542cc7188a0e68e9e77bf642cb50cc5b1d
Opcode Fuzzy Hash: 9966430c37df8561067f27dc3a3246c2982083b168a2f80bab30f56bba97303e
Instruction Fuzzy Hash: 17A1A9B3F1252547F3540878CC683A266839BE2325F2F82798F2C6B7C6DC7E5C4A5284

Function 00CBB378 Relevance: 1.6, Strings: 1, Instructions: 300COMMON

Download Yara Rule

Strings

tcj, xrefs: 00CBB59E

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: tcj
API String ID: 0-2601546200
Opcode ID: ca04642609a9540de5fa3fb5877b68c5a025f084bdeb9b14f1fb0dd6552b2e69
Instruction ID: 36fb7c2a9b0de98e0cbd3859315fde8386395badfc7da0d21d9611547ee18173
Opcode Fuzzy Hash: ca04642609a9540de5fa3fb5877b68c5a025f084bdeb9b14f1fb0dd6552b2e69
Instruction Fuzzy Hash: 84A1A9B3F1113547F3644969CC583A2A683ABE5324F2F82798E9C6B7C6D97E5C0A43C4

Function 00CBA18C Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

DL', xrefs: 00CBA2AC

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: DL'
API String ID: 0-4020989459
Opcode ID: 32e90a190ba61ac0697bb76bc629e99a2456abfe77292d85adefa3af3229c436
Instruction ID: 47e76325a615c151752aa6c42a3bb66aaebe47ee3619b1ae4a22f97f6814a8e7
Opcode Fuzzy Hash: 32e90a190ba61ac0697bb76bc629e99a2456abfe77292d85adefa3af3229c436
Instruction Fuzzy Hash: 9DA1AEE3F216254BF3844968CCA93627283EBA5314F2F81798F59EB3C6D97D9C095384

Function 00BE7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00BE7465

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 5ad5da77246442946572e3cefd94044a676d537812bb473fa3026aec20cc69bb
Instruction ID: 8dabade3ef19087b5543881868ce700ccd41f805c9a019f4763c8eeec1b35db7
Opcode Fuzzy Hash: 5ad5da77246442946572e3cefd94044a676d537812bb473fa3026aec20cc69bb
Instruction Fuzzy Hash: CC712BB16883805BE7149E2ADCD2B3B76E1DF91318F1885BCE58687292EB34DC059752

Function 00BCD021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00BCD455

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 313971def9ecc1042b866046b599db32781033ed28b8accbe97b47059facad8d
Instruction ID: bf01dcc3e152fbf6b4b4c5f477faa6ebce8e30d60915ecedb2a67e87b8673e8b
Opcode Fuzzy Hash: 313971def9ecc1042b866046b599db32781033ed28b8accbe97b47059facad8d
Instruction Fuzzy Hash: E151F1783017008FC7248B29D8D0F3BB7E2EB95714B5988ACE69787662C271FC46CB55

Function 00BEC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 00BEC173

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: c8764da066c3c0b6ff656779f9fab737b65c23fb9e33ee0bba94adc9a32fb5ca
Instruction ID: 42006e3189ea1cd9da1e083961a695024bf1614a7ae6725d5f5198dacf9f6aca
Opcode Fuzzy Hash: c8764da066c3c0b6ff656779f9fab737b65c23fb9e33ee0bba94adc9a32fb5ca
Instruction Fuzzy Hash: 1F51E521604B804AD729CB3A88513B7BFD3EBDB310B58969DC4E7D7686CB3CA4068711

Function 00BEC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 00BEC173

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: a1934c6860a34079666e0304e21ab1817d6ac1779f8d438db0217ab0c8922d1c
Instruction ID: e134f6ddfe9ce097a2853c1f53a9ac88d72acb5a7b3ca18d932ee8bd36a848f3
Opcode Fuzzy Hash: a1934c6860a34079666e0304e21ab1817d6ac1779f8d438db0217ab0c8922d1c
Instruction Fuzzy Hash: 5551D525614BC04AD72A8B3A88513B7BFD3AF9B310F5896DDC4D7DBA86CB2894078711

Function 00D03229 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

]z`, xrefs: 00D03326

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: ]z`
API String ID: 0-55022805
Opcode ID: de2ee256790b3ec8208aeafed1fee611a7f211f2a0191f7a71b09996b94a313f
Instruction ID: 377586bcc663ea792b73466f2bd5625c8296ff3941b08e218edbd85ce1838228
Opcode Fuzzy Hash: de2ee256790b3ec8208aeafed1fee611a7f211f2a0191f7a71b09996b94a313f
Instruction Fuzzy Hash: 8B5157F3E182105BE3046A69DC9576AB7DADBD4721F2A863DEBC8C3784E8795C014292

Function 00C571CD Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

_*_-, xrefs: 00C572F8

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: _*_-
API String ID: 0-4278984240
Opcode ID: 5936a370fc994b5c35f00271edb447d1cba5a4e0b8139c29a9eda741c10530c1
Instruction ID: 0d5447bac13641a90495f44848bb402b545b92952b4749be129c8f265d361f0d
Opcode Fuzzy Hash: 5936a370fc994b5c35f00271edb447d1cba5a4e0b8139c29a9eda741c10530c1
Instruction Fuzzy Hash: F761F5B3A092009FE344AA39DC5477BBBD7EFD4720F2B853DDAC883784E97558068642

Function 00C6635F Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

Q, xrefs: 00C66409

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: Q
API String ID: 0-3463352047
Opcode ID: c0eb8ad666359713eb98766b66e995b0fe70edc1f98fcd0ac4259262d5baced9
Instruction ID: 4c55bebc6747f8a0f397091aea05820a73a872acecd09e8daa69bb0d07a19d2d
Opcode Fuzzy Hash: c0eb8ad666359713eb98766b66e995b0fe70edc1f98fcd0ac4259262d5baced9
Instruction Fuzzy Hash: 20619AB3F1122547F3644D69DC883A2A683D7D0315F2F81798E5C6BBC6D97EAD0A8384

Function 00CC5074 Relevance: 1.5, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

8, xrefs: 00CC51CC

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 44d6c4b4854aac9500882a7a28426e45bccb5dc363f5c12ecd84b4201c338019
Instruction ID: 6186333dc8349e3bb795fde989b5e2d9fea623b3c08b28c6640a5ea795b9e457
Opcode Fuzzy Hash: 44d6c4b4854aac9500882a7a28426e45bccb5dc363f5c12ecd84b4201c338019
Instruction Fuzzy Hash: 9C6186B3F1113647F3640968CC483A2B683AB91321F2F82798E9CAB7C5D97E5D4A57C4

Function 00C485C0 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

<;y, xrefs: 00C48759

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: <;y
API String ID: 0-4110558036
Opcode ID: 8c4ba5b446b41f33a956ebd95f54439c0ae5445132a913492d787003554e5f40
Instruction ID: 0d8848bb94dc778f0adf159eaf8fc6332c2cd13bf66c2cd4485566779dc03752
Opcode Fuzzy Hash: 8c4ba5b446b41f33a956ebd95f54439c0ae5445132a913492d787003554e5f40
Instruction Fuzzy Hash: 78513AF3A087149FE3086E2EEC4576AB7D9DBD4720F2A8A3DE5C4C7784E97948018691

Function 00CA0036 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

r, xrefs: 00CA0125

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 47d5122b188007b4d57b94097b96cef0189bf5b0db0b1fcedebcdb56de758683
Instruction ID: fd7092a29411a4f3e3b59cb388e0962140a46385e3b672e5b2289aea7d84c5fb
Opcode Fuzzy Hash: 47d5122b188007b4d57b94097b96cef0189bf5b0db0b1fcedebcdb56de758683
Instruction Fuzzy Hash: F961A9B7F116214BF3544E24CC583A2B293EB99314F2F813D8A586B3C5DA3E6D0A9784

Function 00BCF3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,, xrefs: 00BCF3E0

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 262be7a4a346f399358e16ed96304c70816a28cdd04da4193890e3aa3ee135ae
Instruction ID: 60ca78d2315bb90de5759f6e7a0df52d50f37c5da4f2e4640700013316a2b566
Opcode Fuzzy Hash: 262be7a4a346f399358e16ed96304c70816a28cdd04da4193890e3aa3ee135ae
Instruction Fuzzy Hash: 2161E93260C7918BC7249B3888517AFBBD19B96324F294BBED9E5D73D2E234C901C752

Function 00C69585 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

G, xrefs: 00C695E5

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: dd658dfc28c28b6069ca6567688afc52e01ce894a8a573b23437a7a76dac4758
Instruction ID: 690bea4f34a88d395b2239c300559eb0766fe1003f397db6b57c122761cc04d3
Opcode Fuzzy Hash: dd658dfc28c28b6069ca6567688afc52e01ce894a8a573b23437a7a76dac4758
Instruction Fuzzy Hash: 4A61D0B3F1122547F3944D28CCD83617282EB95321F2F427D8E996B3CAD97E6D098784

Function 00CD2215 Relevance: 1.4, Strings: 1, Instructions: 190COMMON

Download Yara Rule

Strings

?, xrefs: 00CD2277

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: ?
API String ID: 0-1684325040
Opcode ID: 2a53b496b9fe38168e8cdf1f4aed1b84b53cbce8417c0855d47cf7f822faa91c
Instruction ID: 0e3a8c096ae6f12c0a59737f5ae355b72b56591c9904bdb94e3f09bf85d5be31
Opcode Fuzzy Hash: 2a53b496b9fe38168e8cdf1f4aed1b84b53cbce8417c0855d47cf7f822faa91c
Instruction Fuzzy Hash: C561AFB3F125214BF3804D29CC983A26243DBD5321F2F82798B685B7C9DC7D5D0A5384

Function 00C874B1 Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

0, xrefs: 00C875A4

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: a7853386ea2e4632e6d9d50a1540995b77fa43a10cee8d59e0114724c2ef9bc8
Instruction ID: aa5a8f3e236758890b29872a02bac9d7e3785b83f98f85b3e5b0743660e7f771
Opcode Fuzzy Hash: a7853386ea2e4632e6d9d50a1540995b77fa43a10cee8d59e0114724c2ef9bc8
Instruction Fuzzy Hash: 8A5178B3F1112647F3540968CC683A2B683ABD1314F3F82398E596B7C5DE7E9E099784

Function 00CB2494 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

0, xrefs: 00CB256A

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: da7552c16337c3d9146a2ace596a6ca1e842c1b82fd6de376e1870220b5db937
Instruction ID: f7825cbab62c8691a85dae276077474ac843a8553b16ae2952e2f0c5012b2855
Opcode Fuzzy Hash: da7552c16337c3d9146a2ace596a6ca1e842c1b82fd6de376e1870220b5db937
Instruction Fuzzy Hash: F9516DB3F1152547F3644D29CCA83A17692EBA1320F2F427D8E886B7C5D97E6D099384

Function 00C01160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 00C0123B

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: f4af7d3474999dd2babef89f6f824bb56ed153cbf8b9080a42f51994f94b9d2a
Instruction ID: 5c520c0d72488926ccffc972a547e9cedaab8cc230e223a988448ef9b00095c2
Opcode Fuzzy Hash: f4af7d3474999dd2babef89f6f824bb56ed153cbf8b9080a42f51994f94b9d2a
Instruction Fuzzy Hash: FA4100B2A043109BD7198F14CC56B7BBBE1FF95354F088A1CE9955B2E0E3759A04CB82

Function 00C180C1 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

V, xrefs: 00C194BD

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: a86aebf22a1d9b67acc90c22d0a02bc58239d92238cfc134f50d8e3c6b42941d
Instruction ID: 85839bfa0a63ca54a4ee9a26595cd1e0898e79659610ed8bd519fd594a0dbc3c
Opcode Fuzzy Hash: a86aebf22a1d9b67acc90c22d0a02bc58239d92238cfc134f50d8e3c6b42941d
Instruction Fuzzy Hash: 2A516BB350C10EDFE7008E7ADC546EF3AA5EB47360F70423AE443D6644E6B64D85B664

Function 00BEC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 00BED9F4

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: 443a88e499a48ba903d0210a3523eda9991f189b8398d403591741410a2db18f
Instruction ID: a75561900d9cd5e0d1d5ab41da01ee786be4a8c4fe06dbecd04332c553bb72bf
Opcode Fuzzy Hash: 443a88e499a48ba903d0210a3523eda9991f189b8398d403591741410a2db18f
Instruction Fuzzy Hash: 6541E2751046928FD7228F3AC860776BBE2FF97310B1996D8C4E28B796C738E945CB50

Function 00C00340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 00C003AD

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: dd1edca3f8132540757774079df3ec9798f28ada31058ae747b89408fb51da93
Instruction ID: cfe7a69995eede634683341291776f230c9b7911c3a32739ece43b7a28dae13c
Opcode Fuzzy Hash: dd1edca3f8132540757774079df3ec9798f28ada31058ae747b89408fb51da93
Instruction Fuzzy Hash: FF31EE715083048BC314DF58D8C276FBBF4EB85324F29892CE6A883290D3359948CB96

Function 00BEE180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 727aad62cab42526433c943367d218a45b5c3d884bd6a33db26588c1548dd16a
Instruction ID: 768cf16bbaf09448751595e76f85016516aa677edb8a0233db5acca866b1aa76
Opcode Fuzzy Hash: 727aad62cab42526433c943367d218a45b5c3d884bd6a33db26588c1548dd16a
Instruction Fuzzy Hash: D762C3F1911B019FC7A0CF29C881B93BBE9AB89710F15891EE1AED7351CB706505CFA6

Function 00BC65F0 Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0141bb7cce2c2901431dec0f02c0df402507b3245b8a4a470c52feab21867657
Instruction ID: 53c382433ca14224c2008c106e79bb72d02ca445f62b038cf9698c1ba6dd8b27
Opcode Fuzzy Hash: 0141bb7cce2c2901431dec0f02c0df402507b3245b8a4a470c52feab21867657
Instruction Fuzzy Hash: 9552D670A08B848FE735CF24C484FA7BBE1EB95314F1489AED5E747682C379A985C712

Function 00CCB40D Relevance: .6, Instructions: 583COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3524df0dc227a0ae71da80ff9bac9bd3ea8e613ea28bb53f460a539649c51495
Instruction ID: 90599575c522e2beae343aeacd2df2c223ee0bd49cfb6a56e096a89add67cc32
Opcode Fuzzy Hash: 3524df0dc227a0ae71da80ff9bac9bd3ea8e613ea28bb53f460a539649c51495
Instruction Fuzzy Hash: 6A12ECF3E146204BF3105E38CC98366B692DB95320F2B42398F98AB7C4D97E9D098285

Function 00C9229A Relevance: .5, Instructions: 536COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af6840bd62e9e906e5a91459632ab4f1dbeb398fd4106571b651e5fb74ae8fc3
Instruction ID: 2084fd714b24bcbcad6141c61bccb7e4404e79ab346f226e471a359ef00ad2c2
Opcode Fuzzy Hash: af6840bd62e9e906e5a91459632ab4f1dbeb398fd4106571b651e5fb74ae8fc3
Instruction Fuzzy Hash: 9F02F3F3F146254BF3145D68DC88366B6C2DBA4320F2F86389E98A77C5E97E9C058385

Function 00C641EC Relevance: .5, Instructions: 491COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17c118cbea2f592d98d8efcb2bdfde0faed10913e2ddfffef90b918881cc7343
Instruction ID: 5745318ebd80566f58ec6294a40a3512a3cc06d20e4441a97fd67aed6227555b
Opcode Fuzzy Hash: 17c118cbea2f592d98d8efcb2bdfde0faed10913e2ddfffef90b918881cc7343
Instruction Fuzzy Hash: B4F1F1B3E146244BF3145E38DC89366B6D2EB94320F2B863DCB98A77C4E97E9C054785

Function 00C992A2 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c336fec173a72abe886e72a89d85856af1e9b98b642265fa5c0e49a61e0685c2
Instruction ID: 42c3b2a0a1c3aa4ab6d0209a2b99d0f4c2260024848cdaa930d2584ad15a390d
Opcode Fuzzy Hash: c336fec173a72abe886e72a89d85856af1e9b98b642265fa5c0e49a61e0685c2
Instruction Fuzzy Hash: 22E1EDF3E156240BF3545929DC593A27682EBD0320F2F86399E9CA77C5E87E9D0A42C4

Function 00CB4120 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef7ae0d2d0f5482509734e192351214cb68d23e0c61d972f598648be74927b67
Instruction ID: 8235db449a2e9678a2fa7f83007e8696270392ed4214e27bb3893a9f34f30543
Opcode Fuzzy Hash: ef7ae0d2d0f5482509734e192351214cb68d23e0c61d972f598648be74927b67
Instruction Fuzzy Hash: 92C1BCB3F5062147F3584979DC983626282DBA5320F2F82798F5C6B7C6DCBE5C0A5284

Function 00CC14B6 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7654ee85e2a9fd60a09fca890e1cc94b575b81db1b24c4c8c7d016506edefce
Instruction ID: 9cadb553cc53eabc5e92d4a9d5fc730bac4fe587f879a1d690eda9bea3fd5c82
Opcode Fuzzy Hash: a7654ee85e2a9fd60a09fca890e1cc94b575b81db1b24c4c8c7d016506edefce
Instruction Fuzzy Hash: 90C19DF3F1162147F3544978CD983626683DBE5321F2F82398E58AB7C9EDBE4D464284

Function 00C8A2E3 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e308b17587643152f1c99a4a0e69dd85b8f02e41b1a5b063c974a518876b227
Instruction ID: 21ea6e43d949184e0d8516a135119844920ad3e2556e18a2f6da67573a703797
Opcode Fuzzy Hash: 0e308b17587643152f1c99a4a0e69dd85b8f02e41b1a5b063c974a518876b227
Instruction Fuzzy Hash: 67C187B3F105254BF3544D39CC98362A682EB95320F2F82798E4DABBC5D97E9D0A53C4

Function 00C2504B Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b59bf1ee092c34100fea6d11384a930e06b0b20828436d7069de2779f81e5c15
Instruction ID: 20352e1f866d0560c7dc8c26803c3a1868df1b92e3f95dddc9a432f15fdd1af9
Opcode Fuzzy Hash: b59bf1ee092c34100fea6d11384a930e06b0b20828436d7069de2779f81e5c15
Instruction Fuzzy Hash: E1C1BEB3F516254BF3540829CC983A26683DBD5321F3F82398E9C6B7C6D87E9D4A5384

Function 00C7F2F9 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b30a8e7b9e168ebf7e5614fc8e0b879fe70496121fee5b15032673ea00c868
Instruction ID: b6f2ee69b67c9c86eecd71bb4221f53e8ebbdd32e3b128847077b415b822a2f0
Opcode Fuzzy Hash: a9b30a8e7b9e168ebf7e5614fc8e0b879fe70496121fee5b15032673ea00c868
Instruction Fuzzy Hash: 14C1A9B3F102254BF3584979CC983626683DBA5320F2F81788F5C6B7C6D97EAD0A5384

Function 00CAC009 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 947649dfdca653ff0025649efd2a4f0bb7542d18d75d8d5cb7740a1f56a4521e
Instruction ID: 2a4ed4ab872780ac98284b4d3d3264e235d7abcdfc6bab95c401e48c7fd2895c
Opcode Fuzzy Hash: 947649dfdca653ff0025649efd2a4f0bb7542d18d75d8d5cb7740a1f56a4521e
Instruction Fuzzy Hash: DDC16AB3F1162647F3544928CD983A26683AB91324F2F82798F4C6B7C6DD7E9D4A43C4

Function 00CB0142 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d4653c113d88e011f64600076bd1a76b4c9c76220d38407409a9a7f42cfbc0
Instruction ID: 4d435d1d3c4fe17e5590c39bb6f5b23ea347e15f3ae19aca37fc411357774e9e
Opcode Fuzzy Hash: f1d4653c113d88e011f64600076bd1a76b4c9c76220d38407409a9a7f42cfbc0
Instruction Fuzzy Hash: ECC1ACF7F6162147F3444978DD983A22A93DB91311F2F82388E1CAB7C5D87E9D099384

Function 00BDE220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f22cad626b68c51ddb3d89cfc65600a97e634799b7c62d58047fa28edef68b
Instruction ID: 9510d5e1854de11759043ed416f89e85004225a4b6cb699049e828b56994da64
Opcode Fuzzy Hash: 47f22cad626b68c51ddb3d89cfc65600a97e634799b7c62d58047fa28edef68b
Instruction Fuzzy Hash: D6B1D875504302AFD710AF24DC41B2ABBE1EF94354F154A7EF9A8973A1E732D914CB42

Function 00CDE599 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd67702824d9689339eeb31a1c67d0c5624235bc128dcd869981229ed3a2d7ac
Instruction ID: 56a780827ec4437f40039afbff5b0b80650b17388b06757ec06ed67f7138590d
Opcode Fuzzy Hash: fd67702824d9689339eeb31a1c67d0c5624235bc128dcd869981229ed3a2d7ac
Instruction Fuzzy Hash: D5C16AF3F115254BF3544938CD983626683DB91324F2F82788F58AB7C6D87E9E0A5284

Function 00C71044 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 236539816860067443730f6c6d5e40cd789c2b6bc0ce0a5df01cd1f6cde80449
Instruction ID: 6a125e49a1941e8722ebcecb6d27e0fbe3ee892af6f1bd190b91129d7f78c783
Opcode Fuzzy Hash: 236539816860067443730f6c6d5e40cd789c2b6bc0ce0a5df01cd1f6cde80449
Instruction Fuzzy Hash: D7B1BAB3F115214BF3580D28CC583A266839BE5321F2F82798E9CAB7C6DD7E9D064384

Function 00C465C7 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5dd06e213f04a1559efd3aef733ee9b700018415ee5b733ce4720b11c587865
Instruction ID: 56d52e2294143cda975fb2a4c08eccff59d7b822dce4bacb44c3bcc68f7dfcf7
Opcode Fuzzy Hash: b5dd06e213f04a1559efd3aef733ee9b700018415ee5b733ce4720b11c587865
Instruction Fuzzy Hash: 40B1ACF3F1122547F3544938CD583A26682DB95324F2F02798F98AB7C6EC7E9D0A5384

Function 00C33182 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ca54f94fbab3e3b331e268465f2f889c8f9ca45246a7deec6a5f937adc2ffc4
Instruction ID: 70a9f28488753f2a9369d25a630d22cc4c99450935d58a2681e3d9479ee67122
Opcode Fuzzy Hash: 1ca54f94fbab3e3b331e268465f2f889c8f9ca45246a7deec6a5f937adc2ffc4
Instruction Fuzzy Hash: 77B1ACB3F112254BF3584978DC983A27283E795324F2F42388F596B7C6DD7E6D095284

Function 00C2B5E3 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e934d764a5892c5ce6e61fb533a1d70b6c2dcb0de7a08330a521f04f34c7440
Instruction ID: 457189639994250a6c0a12a788d2ddec7bc413939eb55379b828f59482608ee6
Opcode Fuzzy Hash: 7e934d764a5892c5ce6e61fb533a1d70b6c2dcb0de7a08330a521f04f34c7440
Instruction Fuzzy Hash: A6B179B3F2162507F3584979DCA83626283DBE4320F2F82398F59AB7C5DD7E5D0A4284

Function 00CA6006 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 349c66bd146d9505b275b9062a171baa1fb3328e1a1cde213119ad6e015522ce
Instruction ID: a0445fa7ffabd4e6110e4e0903d195825cb1448cd12cf6c574848ff7b4c4dd23
Opcode Fuzzy Hash: 349c66bd146d9505b275b9062a171baa1fb3328e1a1cde213119ad6e015522ce
Instruction Fuzzy Hash: 90B1AFB3F1162647F3640964DC983A2B643EB91324F3F41788E5DAB3C1D97E9D465384

Function 00CBC4D4 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 208bd61212dcde44abc7c816ec52323fa91883e7d61dcdbd201317d64af42841
Instruction ID: 44e9baa467221338afe64d209acc6b83a2c1ae0433c1304c823230b578179be9
Opcode Fuzzy Hash: 208bd61212dcde44abc7c816ec52323fa91883e7d61dcdbd201317d64af42841
Instruction Fuzzy Hash: B0B1BFB3F515254BF3544838CC483A266839BD5321F2F82798E5CABBC9D97E9D0A5384

Function 00CB82D7 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e5c9bbf17d169ba832e812b23ee53f28a4fc12f13410a1d944fca2c3470e786
Instruction ID: e664e0a6d54e6de26d44861d367d17d20f51f1bf173350b8aa2c409bc6748b5c
Opcode Fuzzy Hash: 8e5c9bbf17d169ba832e812b23ee53f28a4fc12f13410a1d944fca2c3470e786
Instruction Fuzzy Hash: B1B19CB3F506254BF3540D78CCA83A26683EBA5321F2F42798E596B7C6D8BE5D094780

Function 00C3C357 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a96feb7378df2b1022c2d2136538fb2c1cb46fc38ab46584538576e7cf44ef7a
Instruction ID: 0d1383b88462d24fd9e9969ab779c7d6dc19d07c326619ef96cc47b3150162b1
Opcode Fuzzy Hash: a96feb7378df2b1022c2d2136538fb2c1cb46fc38ab46584538576e7cf44ef7a
Instruction Fuzzy Hash: FDB19FB3F116254BF3504D68CC983627283DB95321F2F82798E58AB7C6DD7EAD0A5384

Function 00C4F3F8 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b82e7045c9e3e9e7fdaeed0791719a70f6bdf9ef6c85fb81903cdeda06759eb
Instruction ID: 737c2804291d7ff390ddcee78fbbb96bc720f602abb39b16baa400962d980b4a
Opcode Fuzzy Hash: 6b82e7045c9e3e9e7fdaeed0791719a70f6bdf9ef6c85fb81903cdeda06759eb
Instruction Fuzzy Hash: 13B179F3F2152147F3548879CD683626583DBD1324F2F82798E5DABBCAD83E8D0A5284

Function 00CAE3DA Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a35794eb66d053e34d48a3e87336a058427492304e2fa5993cdb45d419de904c
Instruction ID: 894a3ed1b27d6bd03d27d8f4e086125da0be8cc5366587fd01d7b218feb7f8a9
Opcode Fuzzy Hash: a35794eb66d053e34d48a3e87336a058427492304e2fa5993cdb45d419de904c
Instruction Fuzzy Hash: 94B1C0B3F2162547F3404979CC983A26283DBE5324F2F82798E5CAB7C6D87E5D4A5384

Function 00C315E1 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f7e447083c162222dcd3867686fb63a7db21bfdfc6d25e797baaf877caa5e94
Instruction ID: 762165dbee3099119e571bd6c7cf858d012439ef4b48076b9c0445e56058c0db
Opcode Fuzzy Hash: 3f7e447083c162222dcd3867686fb63a7db21bfdfc6d25e797baaf877caa5e94
Instruction Fuzzy Hash: 22B19BB3F1062547F3584868CCA93626683EB95324F2F82398F59AB7C5DD7E9C0A53C4

Function 00CDD024 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d3334a6c9060de5f3bd05bc931c9da65d727e48940c31cd3c1a3b5f6470a3e7
Instruction ID: f27244353abc36b050a3f8d33b7af7475b3a846706b969226a93fc626f4aac8a
Opcode Fuzzy Hash: 4d3334a6c9060de5f3bd05bc931c9da65d727e48940c31cd3c1a3b5f6470a3e7
Instruction Fuzzy Hash: 11B18EF7F2152507F3544839CD583A26683A7E1325F2F82388A9DAB7C9DC7E9D0A5384

Function 00CD0598 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c41ae3faba668321b59607a75703356069fa1d94e7509d278c4075859e630f2
Instruction ID: 39d5aadfeb8489df19c36ec0bff5e75efebf06bd9a0a0c82bf3439617a4db958
Opcode Fuzzy Hash: 7c41ae3faba668321b59607a75703356069fa1d94e7509d278c4075859e630f2
Instruction Fuzzy Hash: 7EB1BFB3F1162547F3544939CDA83622683EBD6311F2F82788E986BBC9DC7E5D0A5384

Function 00C42183 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57bd49e8eb5d4d6e901b821895c6c4544417c73521420269e66515c94961043c
Instruction ID: efe45343962e15da9ff7321613e337147d4290a3c63967dc6509d6fefc5d5772
Opcode Fuzzy Hash: 57bd49e8eb5d4d6e901b821895c6c4544417c73521420269e66515c94961043c
Instruction Fuzzy Hash: 37B1BBB3F1052547F3544D28CC583A27683DB92311F2F827D8E99AB7C9D87E9D0A9384

Function 00CAB0F6 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39643d7c457efa8da3f6a14f2a58cebf4f4b2d8dc3301d0c75ea61612ad8c04f
Instruction ID: 465ef4bb41d2a425a4c2fceb8818d39ed22a5041b4111ee9c7291e3fb201a239
Opcode Fuzzy Hash: 39643d7c457efa8da3f6a14f2a58cebf4f4b2d8dc3301d0c75ea61612ad8c04f
Instruction Fuzzy Hash: 01B189F3F116254BF3544868CCA83A22543DBE6314F2F82798E5C6B7C6E87E9D0A5384

Function 00CB6033 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcb0081ef175ca567c1b14e9a9426757c885b7fe98d163768a33f14478b765c3
Instruction ID: 8d9e67c0f59f6f72b91b2ba346db12e5e5c9489dfd5fdcfb1a322751f7697a16
Opcode Fuzzy Hash: dcb0081ef175ca567c1b14e9a9426757c885b7fe98d163768a33f14478b765c3
Instruction Fuzzy Hash: 5BA199F3F6162547F3588838CD983A26583D7D5321F2F82798E18AB7C9DC7E9D0A5284

Function 00CA91BC Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f84b4b9035816dccbb41e18fbebca0221992e0e0569f5d20baf87121904aba51
Instruction ID: 3816fb33f6de5d224a3e40c08e58db1e476e6f8bb580d68f86955cf0d0ab1e75
Opcode Fuzzy Hash: f84b4b9035816dccbb41e18fbebca0221992e0e0569f5d20baf87121904aba51
Instruction Fuzzy Hash: 65A17AB3F1122647F3584D38CC983A26683DBE5314F2F827C8E596B7C9E97E5D0A5284

Function 00BC6160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: 0f1681e478b20f775f2b41b1b3544aa56ee320d3d8f6b0d8e15fe8d033a05d65
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: 3AC159B2A587418FC360CF68DC86BABB7E1FF85318F08496DD1D9C6242E778A155CB06

Function 00CA034D Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce117d5988d42c6d238d2ed5e6885bbd998531866b072a0885cf49611926982c
Instruction ID: fcd08740f62b429c8d13b311b93452e52ec9654536666a0d3c474f85285d7e4e
Opcode Fuzzy Hash: ce117d5988d42c6d238d2ed5e6885bbd998531866b072a0885cf49611926982c
Instruction Fuzzy Hash: F0A1DEB3F5162547F3584928CCA83A22183DBE5324F2F82798E5D6B7C6D87E5D0A53C4

Function 00CD64C4 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c3090184f0333dc2baadccb2d5f98c336556752352c71b5914fee2362b3b027
Instruction ID: afb0d402b6202f32be4e187b09a3fcc31d8fae4c6c0dbd9d8753447873cc9299
Opcode Fuzzy Hash: 8c3090184f0333dc2baadccb2d5f98c336556752352c71b5914fee2362b3b027
Instruction Fuzzy Hash: 32A17AB7F1062507F3584878CCA836266839BD4314F2F82798F5DAB7C6E87E9D0A52C4

Function 00C4D297 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3737247c65199085e696da0a853d566ca6e3d5223c942b84e2136eec67e869db
Instruction ID: 3e7518b49beffd7f5a6d2e6fc1a5ae95c607800929ef6cf1d63b9c0a2b2235c9
Opcode Fuzzy Hash: 3737247c65199085e696da0a853d566ca6e3d5223c942b84e2136eec67e869db
Instruction Fuzzy Hash: FEA16AB3F1022647F3544878CDA83666582DB95324F2F82788F49ABBCAD87E5D0A52C4

Function 00CBE214 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b57cbeb30bba11bf0d25629a90d9df2fea6b8881e5e317db040f7d4a4794f05f
Instruction ID: 063827e3695253d74a62b9af3739863990fac32c6feff74af0847654b265df78
Opcode Fuzzy Hash: b57cbeb30bba11bf0d25629a90d9df2fea6b8881e5e317db040f7d4a4794f05f
Instruction Fuzzy Hash: DEA1ACB3F1122547F3544939CC983627683DBD5324F2F82798A589B7C6DD3EAD0A5384

Function 00CD6022 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75553614145bc516ce45061ca8d6ccb4cd3de027203997c9a75f62e0a962349f
Instruction ID: c9ffb632eb56a80325432b1779f6a3c057ae4c35bc062bb31320ff041d770791
Opcode Fuzzy Hash: 75553614145bc516ce45061ca8d6ccb4cd3de027203997c9a75f62e0a962349f
Instruction Fuzzy Hash: 1AA1DEB3E1152547F3544928CC583B2B683EB91320F2F82798E9DAB7C6D97EAD0953C4

Function 00CC4093 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9db4e9acd11e67960c93fa236bba4d4cc0b079e21719756cc9eaa7da5305c409
Instruction ID: 6cc4c6e7b1d78451c183a91e12d6fa8a0c0cec34282717d06db3dd12406fc597
Opcode Fuzzy Hash: 9db4e9acd11e67960c93fa236bba4d4cc0b079e21719756cc9eaa7da5305c409
Instruction Fuzzy Hash: 05A18BB3F1122147F3944979CD58362A6839BD4320F2F82398E9CABBC5ED7E5D0A52C4

Function 00C55448 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d07c73e28945aaff9d9eca59d7ea8d4e6b7d477d67440d08294d9d04907e626
Instruction ID: 561e63033eac4c07200cd8254ed29fb098a471c3d0accdca4343a2803419ffa3
Opcode Fuzzy Hash: 5d07c73e28945aaff9d9eca59d7ea8d4e6b7d477d67440d08294d9d04907e626
Instruction Fuzzy Hash: 5FA1FFB3F105254BF3544D68CC583627293DBD5310F2F81798A48AB7CAD97EAC4A9384

Function 00C23076 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 349a2dd107758d27b0850156be96b4b228be640a53affdf06e6e4ae9894f62c6
Instruction ID: 82d087a223a087f7fca3482f11310e84f4df7df9fcd860ca93db56f0e1bdf6c8
Opcode Fuzzy Hash: 349a2dd107758d27b0850156be96b4b228be640a53affdf06e6e4ae9894f62c6
Instruction Fuzzy Hash: DFA16CF3F2162547F3544868CC883A26683DBA4325F2F81798F5CAB7C6D97E9D0A5384

Function 00C7536D Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 177e52e64bc3e3b60318b763d0f1f5f1f939a2d6680d3b019ea225dd4184a5ba
Instruction ID: 9f134cde29225483780bc991a24ee3058f823435989891a4e76a1dd449a99d0d
Opcode Fuzzy Hash: 177e52e64bc3e3b60318b763d0f1f5f1f939a2d6680d3b019ea225dd4184a5ba
Instruction Fuzzy Hash: B2A1AAF3F116250BF3544968CCA83626683DB95321F2F42798F5D6B3C5E8BE9D0A4788

Function 00C4B3D4 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c9722f386bb8a6aa0f839a109cba16d783fc8abea7867745f241a208b702c90
Instruction ID: 12c00225f6190859bc7e01b58c23a9bdef524166adbf1e7b22cfcc8e0d94ed12
Opcode Fuzzy Hash: 7c9722f386bb8a6aa0f839a109cba16d783fc8abea7867745f241a208b702c90
Instruction Fuzzy Hash: 86A1CEB3F5152547F3544928CCA83A26683DBD5321F3F82788F586BBC5DC3E9D0A9284

Function 00CA50CD Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 692c9e9f941e55c749156a3b19d35efab2f972064d1a7d21ab87f43aff72d027
Instruction ID: 085645043ea2ce0a4ea13c7cfe8f1a94772cf854e49a5c5af99562c4f3efa29a
Opcode Fuzzy Hash: 692c9e9f941e55c749156a3b19d35efab2f972064d1a7d21ab87f43aff72d027
Instruction Fuzzy Hash: DFA1BEB3F105254BF3648D39DD983622683DBD5310F2F82798E9CAB7CAD87E5D0A5284

Function 00C6245D Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea14235a2216b180dd5a4fdcfee264f5ce83728a120ad69e8dccd8d11a8695b
Instruction ID: c019869f9279177f95dc6ed90085b545ecfbe187e6a2e8109776eb3ca6882257
Opcode Fuzzy Hash: cea14235a2216b180dd5a4fdcfee264f5ce83728a120ad69e8dccd8d11a8695b
Instruction Fuzzy Hash: 2EA17BB3F112254BF3584D38CD583626683DBE5320F2F427D8E99AB7C6E87E5D069284

Function 00C2A3DB Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb5f4e7628dca07a1357093fcc644196320b7fcc18f63dc7db5b2c75eb889112
Instruction ID: f5eb3b519bfb45d27bd3dcd5496d54d9e1a1175ebc782561b3aef39bf805d8de
Opcode Fuzzy Hash: fb5f4e7628dca07a1357093fcc644196320b7fcc18f63dc7db5b2c75eb889112
Instruction Fuzzy Hash: F7A1AFF3E1162547F3404939CC883626683EBA1325F2F82398F48AB7C9D97E9D0A5384

Function 00C5A4B6 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 654789f6681ce71320b44fe9c9554699b2ae9b4d37c320a8eac7cc8857992891
Instruction ID: 508560d0c4c1bd0356db48cea77dad200d664476f4edeff6c4d2a45e01b5f98a
Opcode Fuzzy Hash: 654789f6681ce71320b44fe9c9554699b2ae9b4d37c320a8eac7cc8857992891
Instruction Fuzzy Hash: F9A1BDB3F106264BF3544D78CCA83626683DBA5321F2F82798E59AB7C6D93E5D0953C0

Function 00CC2005 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bda43ac9666145bb3c47a38447315424d82a6b6876f770f74226c777c9c6bce4
Instruction ID: d1e56d36bae0fe8f396e11387ac849bf93fbed1f614c834bb63563275d76ace8
Opcode Fuzzy Hash: bda43ac9666145bb3c47a38447315424d82a6b6876f770f74226c777c9c6bce4
Instruction Fuzzy Hash: 90A1BCB3F116254BF3544829CC983A26283DBD5321F3F81788A5C9BBC6ED7E9D4A5384

Function 00C2E497 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b71b6bf5a45bc113790abf35bf374f739173714b23a2d11b9b5dc757b7ebc9d5
Instruction ID: b97cb9ddb7022d3c984e13c213a2d7c1d64dac9891a35ec2f1372dbf7f16aabe
Opcode Fuzzy Hash: b71b6bf5a45bc113790abf35bf374f739173714b23a2d11b9b5dc757b7ebc9d5
Instruction Fuzzy Hash: 73A1C2B3F116254BF3544D28CCA83A27683E7D1310F2F81798E986B7CAD97E5D0A9384

Function 00C95217 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53eabf43628ddc256aca0f0216e5551d2d99761b459c5297498369d95c44fe8
Instruction ID: cd2355c687b3e73e1a025272b4686ef5683da7b8e744c233c5045a643c21fc8d
Opcode Fuzzy Hash: f53eabf43628ddc256aca0f0216e5551d2d99761b459c5297498369d95c44fe8
Instruction Fuzzy Hash: 97A1BFB3F115254BF3404A78CC583A2B683EB96311F2F82788E58AB7C5DD7E9D499384

Function 00CBD1B6 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ac5d149b3de0e5c42d6517e9533b7c80959cc2e0ee565baeddd843d1074f93
Instruction ID: 92464cef53648ee6e402a78d4d9e650d2b824f917429acb12725ff57b712a0e2
Opcode Fuzzy Hash: 61ac5d149b3de0e5c42d6517e9533b7c80959cc2e0ee565baeddd843d1074f93
Instruction Fuzzy Hash: 1D919FB3F1122647F3544C79CC983A26683DBD4321F2F82398E98A77C9DD7E9D065284

Function 00CAF32F Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46bcc8bb2cb516927da1a31752ece78946ea5d9e8e34f05b5078f99d9294bfb2
Instruction ID: dabec7a9b838b46c90b91e30472b0f8b37ba737f4dbd4f0af01c8260da158f10
Opcode Fuzzy Hash: 46bcc8bb2cb516927da1a31752ece78946ea5d9e8e34f05b5078f99d9294bfb2
Instruction Fuzzy Hash: A5A1CEB3F515254BF3584978CC983A22683DBD5310F2F82398F186B7CAD97E9D0A5384

Function 00C385FB Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18348a4384de30c68d4b7308dc4bca7ca98c1395eca37eb34b632309ed493947
Instruction ID: 6308002bdc2060176fb52b1935affcffa908f3829d08558b327684a0c3c4d53a
Opcode Fuzzy Hash: 18348a4384de30c68d4b7308dc4bca7ca98c1395eca37eb34b632309ed493947
Instruction Fuzzy Hash: D391A2B3F2152647F3544D28CC983B27693DB95310F2F41798E099B7C9D97EAD09A384

Function 00CD5089 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e5958464e1698a09ccd33de795192bf2b37a7bd2fa87e5267539c31a7ae852c
Instruction ID: 58bbc32758d0d9af3e1f47dffa7cac5bb686b07142e52737ae18dddb0bbb414f
Opcode Fuzzy Hash: 1e5958464e1698a09ccd33de795192bf2b37a7bd2fa87e5267539c31a7ae852c
Instruction Fuzzy Hash: F3A1EEB3F1062547F3540929CC983A2B683DBD5324F2F42798E586B7C5D97EAD0A5384

Function 00C6B01B Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1392070d934174123a19061857094677e822d2dc7a386d45e4d8bbe7eb57b13e
Instruction ID: 6cbcb1449079d16a4f8108e8cfc928294fa47728f8ac157467c11d18099ec66d
Opcode Fuzzy Hash: 1392070d934174123a19061857094677e822d2dc7a386d45e4d8bbe7eb57b13e
Instruction Fuzzy Hash: 3E910FB3F1122647F3504968CC883A27283DB95320F2F82798E58AB7C6D97E9D4693C4

Function 00C54403 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eb660bd979c4353c25033937eeed31f9ee3e6d478e0930e016cee9491dc2058
Instruction ID: 4491d9bb3d973e383a28bf2e9091cf282af8ae090df95afcd14d51eacdf6073a
Opcode Fuzzy Hash: 6eb660bd979c4353c25033937eeed31f9ee3e6d478e0930e016cee9491dc2058
Instruction Fuzzy Hash: AE917CB3F116264BF3540878CC983A26683DBD5324F2F82798E68AB7C5DD7E5D0A52C4

Function 00C9004E Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b343c0fc625b986e46f355e278689828055e15c06623ed6193aac063ba786f27
Instruction ID: c9907262deb9f8331196c208396396dcea37eaaf1f667a8d73ea3ff37f67a071
Opcode Fuzzy Hash: b343c0fc625b986e46f355e278689828055e15c06623ed6193aac063ba786f27
Instruction Fuzzy Hash: CDA1EDB3F102244BF3944928CC983A23683DBD5314F2F81798F58AB7C6D87E9D0A9384

Function 00C2227B Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c0c8e48fd151e396c3637fd75438442ff7623a442742d3f23ec5c06de7b7024
Instruction ID: 232da69cf58e8f00efcca789bbc824cea3c96fb10a31673a800ab95aeaecea8b
Opcode Fuzzy Hash: 5c0c8e48fd151e396c3637fd75438442ff7623a442742d3f23ec5c06de7b7024
Instruction Fuzzy Hash: 6BA177F3E1122587F3544D38CC683627683ABA1324F2F82798F996B7C6D97E9D065384

Function 00C8F3E0 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64b668541ac56820b4918912b26b6402cc584c46fa6a6ce4e94fd4d25e483fd2
Instruction ID: 28b7af48446e58b429d4316588873ae268bf8379ce78a32465a49272be2b3cb5
Opcode Fuzzy Hash: 64b668541ac56820b4918912b26b6402cc584c46fa6a6ce4e94fd4d25e483fd2
Instruction Fuzzy Hash: 3591AFB3F2162547F3544D78CC983A26283D7E5321F2F82798E686B7C5DC7E9D0A5284

Function 00CD54E8 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638de002b324cb44cd31fc69935b1d651494f7e0d9b5a290a2c6d946538f13b8
Instruction ID: b49ca13bf5da187f7d5f48f324f545dec939f4817d622840e26c038eba2f334c
Opcode Fuzzy Hash: 638de002b324cb44cd31fc69935b1d651494f7e0d9b5a290a2c6d946538f13b8
Instruction Fuzzy Hash: 58A17AB3F115254BF3944928CC983627683EB95321F2F82798E886B7C5DD3E6D0A9784

Function 00C4C04C Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8087d6a45dff3eeadfae1d91fdb3a74bedfad1a5a9239a8efc803f3e27038efd
Instruction ID: b4032eb3c13156c2bd65af7dfbf51aee9a1ada43cd5bf3fd6e5f829ecbfef5d7
Opcode Fuzzy Hash: 8087d6a45dff3eeadfae1d91fdb3a74bedfad1a5a9239a8efc803f3e27038efd
Instruction Fuzzy Hash: 9F91DDB7F116214BF3944969CC98362A283EBE5311F2F82398F986B7C5ED7E5C065384

Function 00C60038 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1763fe3786027a34a39dfc43cb4d8b475e4598d4425168d24362f7cbed80403
Instruction ID: fc27a9d9b2ff4338906d01eb62db0dbf71a6ba5bd05424e523e7f576f1d5e367
Opcode Fuzzy Hash: d1763fe3786027a34a39dfc43cb4d8b475e4598d4425168d24362f7cbed80403
Instruction Fuzzy Hash: 6F919DB3F1022507F3644D69DC983A26683DB95320F2F42798E5CAB7C6D9BF9D4A4384

Function 00CC3057 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91576206ef40bf88e6c3590c3b62622d924a8ad9378621006cefa8fba5add973
Instruction ID: e6726a9b8a0a805ecb5f8f7e67f5b421441fe6c8fb944905fc6c737db7c67af5
Opcode Fuzzy Hash: 91576206ef40bf88e6c3590c3b62622d924a8ad9378621006cefa8fba5add973
Instruction Fuzzy Hash: A69189B3F1022547F3544939CC683A22683DBD5320F2F82798E5DAB7C6DD7E9D0A5284

Function 00C834DD Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4eb914f85c45a0d31db3472088fb32d0aa999774a80c07a33a5b86797ccd6ce3
Instruction ID: cc65f8a2551267b81530957b11211b684bab68131b1a3534dd01f87d32ca6fb5
Opcode Fuzzy Hash: 4eb914f85c45a0d31db3472088fb32d0aa999774a80c07a33a5b86797ccd6ce3
Instruction Fuzzy Hash: 3D9138F3F1162507F3444839DC683A26583E7D5325F2F82398A599BBCADD7E9D064384

Function 00C56230 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01c9b7d075448df379d678d42dc14a0ab71a976f267465f941397137fa6c6c66
Instruction ID: 09223ebe4be75a8665588b3ba5dd8f8891524dc33d4201a13e56f7788b7573e7
Opcode Fuzzy Hash: 01c9b7d075448df379d678d42dc14a0ab71a976f267465f941397137fa6c6c66
Instruction Fuzzy Hash: A891DDB3F1162547F3944938CC983A22683DBD5324F2F82798E5C6B7C6E87E5D0A5384

Function 00C2E067 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 317411e6dd8f1e4750308b5c379e949b51368c4e813a8420639ad2c69ef3054b
Instruction ID: 7b7b1fb293fd5c1b2faa95de092b7efc03098f0a7914809a5fe87a0862d8e4af
Opcode Fuzzy Hash: 317411e6dd8f1e4750308b5c379e949b51368c4e813a8420639ad2c69ef3054b
Instruction Fuzzy Hash: 3091B0B3F1112647F3644978CC8836266839B95324F3F42788E5CAB7C6E97E9D0A53C4

Function 00C731C4 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83efbf2c6b7848b242cac3be42dd9f163e0f5f0e386fc0a7e2fa07227615da7c
Instruction ID: e53cc4163d04a299aca0e394faaffc67efd590c127b4db5c75c4702e7fdd043a
Opcode Fuzzy Hash: 83efbf2c6b7848b242cac3be42dd9f163e0f5f0e386fc0a7e2fa07227615da7c
Instruction Fuzzy Hash: A891C0B3F105344BF3544928CC983A27693DBA5310F2F82798F49AB7C6D97EAD099384

Function 00C945AD Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18282c8c0e09217ec5ed081a2884189ddc83ccdb7966e11e8bc96fbbfb561aa0
Instruction ID: 009f9226c8294d09b6dcf913ed8c2b4e1e9aaa8e7f4dcba89d6fd423c31fad1b
Opcode Fuzzy Hash: 18282c8c0e09217ec5ed081a2884189ddc83ccdb7966e11e8bc96fbbfb561aa0
Instruction Fuzzy Hash: A7918BB3F115264BF3540D28CC983A276439BD5321F2F42798E586B7C5D97E9E0A9384

Function 00C7C11C Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5153bae45a463b25fcd51fd8f73775237de0e7e2c9b18e5435cd428481eb0fb5
Instruction ID: a00cb1ce6018ddd852a319af866d930ae67b7dce91cd762c46db882b660bf543
Opcode Fuzzy Hash: 5153bae45a463b25fcd51fd8f73775237de0e7e2c9b18e5435cd428481eb0fb5
Instruction Fuzzy Hash: ED918AB3F116354BF3504929CC883A27283ABD9324F2F42798E5CAB7C6D97E5D0A5384

Function 00C893E6 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26bae0d2577b7ce1c1d99c3199918a07a1cc2f4c313e99e0270e86b7c800cb78
Instruction ID: d9be8c078fe711ef25da7f6db406c3daa0d49a4aa9a3849a564c136e785711c6
Opcode Fuzzy Hash: 26bae0d2577b7ce1c1d99c3199918a07a1cc2f4c313e99e0270e86b7c800cb78
Instruction Fuzzy Hash: AB91C0B3F5162647F3540878CC983A26683DBE5320F2F42798E5CAB7C6E87E5D095384

Function 00C4C4B3 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5c969172d2307be42a19bbe68793402d898e810cd9aaef31997bd641af3d1d9
Instruction ID: 675e779812062237cf58c557c6853b425fb47ee3d98a41c91da711345b455df5
Opcode Fuzzy Hash: e5c969172d2307be42a19bbe68793402d898e810cd9aaef31997bd641af3d1d9
Instruction Fuzzy Hash: FE915BB3F215254BF3944939CC683A26183E7D5324F2F82798A4DAB3C5DC7E9D0A5384

Function 00C72233 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bf97980290ce925643d8c7c3e6572a7e34c32c33c62880062748c5826497f8e
Instruction ID: fa87631df061d49738bcadfafad2fb4edfea1d8d6674726ea0653c224fcad63d
Opcode Fuzzy Hash: 8bf97980290ce925643d8c7c3e6572a7e34c32c33c62880062748c5826497f8e
Instruction Fuzzy Hash: ED919AB3F116254BF3944C78CC983627683DBA1320F2F82798E886B3C6D97E5C0A5384

Function 00C2F0BC Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ee1c5a21baa451ce4330cbb23599af0f09d0fdc1f21778a1bb166aa99ff161c
Instruction ID: cec8a130b04e52327c25c9486125cec5ee5b83eb6d2f537f519185eeefe65cd9
Opcode Fuzzy Hash: 3ee1c5a21baa451ce4330cbb23599af0f09d0fdc1f21778a1bb166aa99ff161c
Instruction Fuzzy Hash: 33917AB3F512254BF3544D38DC983622683EB95311F2F82788E986BBC9D87E5D4A5380

Function 00CDF118 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0176fcc09c54e9bd827583680b36d284c3b1464a49e0cf3ef02b9a78bf411767
Instruction ID: cb430769a3979c9f3a47716c5690f10e837cc5a9d9ee579208fca9e9bad817b1
Opcode Fuzzy Hash: 0176fcc09c54e9bd827583680b36d284c3b1464a49e0cf3ef02b9a78bf411767
Instruction Fuzzy Hash: 76915BF3F1152547F3584968CC583A26243ABE5321F2F82788E5C6BBC9DD3E9D4A5384

Function 00C6049E Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f11df78c08e156751ff4e72b85f0c57dee7c9fceb44791e9980146c8b34f305
Instruction ID: ef803114898bdab9d3d3128c077d46b9f32a135c65baa0245650106bdddbe5b7
Opcode Fuzzy Hash: 3f11df78c08e156751ff4e72b85f0c57dee7c9fceb44791e9980146c8b34f305
Instruction Fuzzy Hash: 6F91AEB3F1162547F3948879CD9836265839BE5315F2F82798E5C6BBCAD8BE4D0A43C0

Function 00C630AD Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fddf13404e0a9fa26ab547c8b0005133817e5c58648513938ba154b76ddddf20
Instruction ID: c8b2f4a616918aa68909c193c0632d10a80245de9b5af03cd6b8d0617bc81b77
Opcode Fuzzy Hash: fddf13404e0a9fa26ab547c8b0005133817e5c58648513938ba154b76ddddf20
Instruction Fuzzy Hash: 5491BEB3F106258BF3144928CC983613693DB99324F2F41788E5C6B3C6D97E5D0A9788

Function 00CB52F5 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ea7a5d835d29bbf8563ae90f1810fb4adb76686b465eb2367e73a5181e5f87f
Instruction ID: 8833f70c97d149f77daef365ee1af7490eb9ab179833bf74ad1e2b657ee89c45
Opcode Fuzzy Hash: 9ea7a5d835d29bbf8563ae90f1810fb4adb76686b465eb2367e73a5181e5f87f
Instruction Fuzzy Hash: 4391ABB3F116264BF3544938CC5836266839BE5324F3F42798B5CAB7C6E93E5D0A9384

Function 00C470B8 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b0be8e7a5fe74018aae24b6c39d009e9586e4a5cee65fc9cff65baf130367f1
Instruction ID: 96703ce154b1a394b1e329f500d863f3578e42004589eb6020b12a527693aa2e
Opcode Fuzzy Hash: 6b0be8e7a5fe74018aae24b6c39d009e9586e4a5cee65fc9cff65baf130367f1
Instruction Fuzzy Hash: F691AAB3F115254BF3684D28CC98362B283EB95311F2F82798E5D6B3C1E97E5D4A9384

Function 00C9B36B Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf47c4b90a38fb3f4284984b0a2b00c5114a42cf37f899460385be69cf536350
Instruction ID: 5d02b9cbb148283aeed22e787d8414df8b77a3ae188a558a3f0e306e4ce1584d
Opcode Fuzzy Hash: cf47c4b90a38fb3f4284984b0a2b00c5114a42cf37f899460385be69cf536350
Instruction Fuzzy Hash: E491A0B3F1112547F3504E29CC983A27643EBE5321F3F81798A885B7C9D97EAD0A9384

Function 00BE04C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: 9d8ed3ab7811500cd8e88b680e425b5c1f07963e0b7371787935a78e4bd0098d
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 67B16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715

Function 00C21125 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29a933ce53b1e0290f10e71967c9da9a48e3b9c68fa545c4e5285d0103e5fbc6
Instruction ID: ab2986c3a7cf228488b9cad647669965b906567ae2792ff39ef61c2b56846a4d
Opcode Fuzzy Hash: 29a933ce53b1e0290f10e71967c9da9a48e3b9c68fa545c4e5285d0103e5fbc6
Instruction Fuzzy Hash: 3C91BBB3F1053547F3544928DC983A27282ABA5324F2F427C8E4D6B7C2E97E6D4A93C4

Function 00C88462 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de21276058cb47defc701ce693fdfe77e6fb9830ffb483d8586142f2146e3627
Instruction ID: c6b5adf6f1e5a5e43e6c84f8e98c8ce405472dbb5f55e282adfcace1be4c7681
Opcode Fuzzy Hash: de21276058cb47defc701ce693fdfe77e6fb9830ffb483d8586142f2146e3627
Instruction Fuzzy Hash: FE917AF3F5062647F3580878DDA83A166839BE0324F2F42798E5D6BBC6DD7E5C0A5284

Function 00C3547C Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4772a08420ff08621aac540981025c6ecb19a8a403df1679de1d4968cb69897
Instruction ID: 04b4302cf798d30e57562fbd2cb14351f6c5f7248382ea224760afb3737ddcf2
Opcode Fuzzy Hash: d4772a08420ff08621aac540981025c6ecb19a8a403df1679de1d4968cb69897
Instruction Fuzzy Hash: 2F91BDB3F1122647F3544978CC583A26683DBD5320F3F82788E986B3C5E87E5D4A9384

Function 00CA15EB Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3778fbfdb7c82f6a482f0b8c5da9c39bf3b0478eedf1d7a7f16ffa84e82f625b
Instruction ID: 3e79d9c43833ce377ee9c5515349531107b238bc0917c22e441aef53fb372c5b
Opcode Fuzzy Hash: 3778fbfdb7c82f6a482f0b8c5da9c39bf3b0478eedf1d7a7f16ffa84e82f625b
Instruction Fuzzy Hash: 2C81C0B3F116254BF3544D69CC983627283DBA5314F2F81798F1CAB7C6E97E5C0A5284

Function 00C2800F Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95781ff267e62e247d8394039ba738eb5d971f90cb1f9ac211125bb6342dc615
Instruction ID: 268410bb9e212ffe867941544a2c923c820ca7c055ca4057464adfe60921c4e4
Opcode Fuzzy Hash: 95781ff267e62e247d8394039ba738eb5d971f90cb1f9ac211125bb6342dc615
Instruction Fuzzy Hash: 7A91CDB3F1122547F3440E68CC683627693EB96315F2F82788E486F7C6D97E6D4A9384

Function 00C00460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f698f8bdb5e0a802aa6b2e94a62b82a5c936dfc6b5f0a6a8915e264eeeb58fdd
Instruction ID: 5cf697789f2c8a0c363738b65351b59affac6437c9dd1383151f4f768df63e50
Opcode Fuzzy Hash: f698f8bdb5e0a802aa6b2e94a62b82a5c936dfc6b5f0a6a8915e264eeeb58fdd
Instruction Fuzzy Hash: 666125356083019BD7159F18C891B3FB7A2EBC4720F2A852CF9958B2E1EB31DD91C786

Function 00CD85DB Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03b9bafb2212c0baa95f41d0a5116f7d530cbf816271c4a799d55db134e8e600
Instruction ID: 28bd58c61b1172559e1ef5b3f14abfc5beb246b6354a1ea5af417e3d98e1af19
Opcode Fuzzy Hash: 03b9bafb2212c0baa95f41d0a5116f7d530cbf816271c4a799d55db134e8e600
Instruction Fuzzy Hash: CC818FF3F1152647F3604839CC5836265839BE5325F3F82798E5CABBC6E87E9D0A5284

Function 00CDC5E1 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54e14fed02ce0e27c8f6ace066f1939fc2981af260e0a233c731931e614f6a54
Instruction ID: 4d61f9eda96d846da7cfd104c7097ca51cea73706c586d7359e2cc0128867dd9
Opcode Fuzzy Hash: 54e14fed02ce0e27c8f6ace066f1939fc2981af260e0a233c731931e614f6a54
Instruction Fuzzy Hash: 5B81BAB3F106164BF3584929CCA83B27683EBD5310F2F827D8A5A8B7C5DD7E5D0A5284

Function 00C8507D Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa6a79829624765b1937396849c25a4abcddb6d0f2a7091d9bf3d7513927be4f
Instruction ID: dd084c6566ba0b19013dadbee66bf36f285386d62a9db04891d5fc8dc059782f
Opcode Fuzzy Hash: aa6a79829624765b1937396849c25a4abcddb6d0f2a7091d9bf3d7513927be4f
Instruction Fuzzy Hash: 8881AFB3F1162647F3504D28CC883A26693DBD5321F2F81798A4C9B7C5E97E9D4A5384

Function 00C841CC Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bb24adf3281ccd36f18ffbc3838db210f14d0d5bb1bca462ea7e3a4062b4eb7
Instruction ID: ec5f1cfac36a0a0dcf8e16979c054bd1600114d677e0b713a195984083514862
Opcode Fuzzy Hash: 3bb24adf3281ccd36f18ffbc3838db210f14d0d5bb1bca462ea7e3a4062b4eb7
Instruction Fuzzy Hash: D38177B3F112254BF3544929CC583627283ABD1329F2F827D8E896B7C5D93E6D0A9784

Function 00CD120A Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b94a2d6bbc6a6351a25ffc9703a33df684111e3d981fa5121bd7bc8a6d0524
Instruction ID: 66e5e59ae74fcdc6a819570e4e7eb1d44ee9baca5a40df86dcd97db21e851431
Opcode Fuzzy Hash: 37b94a2d6bbc6a6351a25ffc9703a33df684111e3d981fa5121bd7bc8a6d0524
Instruction Fuzzy Hash: BF819AB3F5062107F3540C38CD983626683DB95315F2F82798F58ABBCAD87E9D0A4384

Function 00C9A18B Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d1cdcf2682a2a3754db064e2ff98d5742ebbe297e223f4b31e5634416676308
Instruction ID: e686b442eba597f2461dda14c4c8d40bbc8932c94ab93d155d505a34bba1b762
Opcode Fuzzy Hash: 8d1cdcf2682a2a3754db064e2ff98d5742ebbe297e223f4b31e5634416676308
Instruction Fuzzy Hash: F58199B3F116264BF3404D29CC983A27283EBD1311F2F41B98E5C5B3C6D93EAD4A9684

Function 00BFC5A0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0c3712d4e374036c388c4f5df09a05c9a676c330796c65c8b3ba951d20411802
Instruction ID: ec044540d91b64d4ab3223f96f44221bdb79eb7aa51abe8f4afa95163df12ddf
Opcode Fuzzy Hash: 0c3712d4e374036c388c4f5df09a05c9a676c330796c65c8b3ba951d20411802
Instruction Fuzzy Hash: 305168B5A0830D4BD718AF28C940B3FBBD2EBD5310F1989ACE685D7391E6319C85CB85

Function 00CD015A Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a150404db0b625863826503c5cf14a502ac45b608e0e5783a360fd1ff48a9ad
Instruction ID: 49ac2137f5a66103e0f6a75f939005ec933df72467937453e5dc51194b0843ae
Opcode Fuzzy Hash: 7a150404db0b625863826503c5cf14a502ac45b608e0e5783a360fd1ff48a9ad
Instruction Fuzzy Hash: 96818AB3F2162547F3544979CC983A27683DBD8311F2F81398A989B7CAD97E9C0A5384

Function 00C242D5 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d05063e4aa6d6ae9454c93a4d78aeaf2cea9168f41ca6b7911710ddb6388186
Instruction ID: 8029b72871e8390179019872c33da4e350811c0d2bb3ad93d4dddd9a7e557f95
Opcode Fuzzy Hash: 9d05063e4aa6d6ae9454c93a4d78aeaf2cea9168f41ca6b7911710ddb6388186
Instruction Fuzzy Hash: 9381ACB3F011268BF3504E68DC983A176939B95320F2F42798E9C6B7C5D93E9D069384

Function 00C6C4E5 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84fba70d7c97117b1a9354fd7e7f1ab4753bb3c27e3eb0a053fc876f85d79d64
Instruction ID: 54f8b57164c95ec41f73e7bff2115edf7313ffa4578b908a232526ad67a5c76b
Opcode Fuzzy Hash: 84fba70d7c97117b1a9354fd7e7f1ab4753bb3c27e3eb0a053fc876f85d79d64
Instruction Fuzzy Hash: B981BBB3F115254BF3544E24CC983B27253EBD2311F2B82798A495B7C5DD3EAD0A9784

Function 00CC7039 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 071cfe58f63847785080f856b95c03d7fe397381e6f5c96165f81ee99378448e
Instruction ID: a329e9cbc1058ad32b6e3886a6ad262608ddf2341df5722817b8127855929273
Opcode Fuzzy Hash: 071cfe58f63847785080f856b95c03d7fe397381e6f5c96165f81ee99378448e
Instruction Fuzzy Hash: 368186B3F111258BF3504E29CC583A17653EB95711F2F41798A882B3C5DA7FAD0A9788

Function 00CCF370 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9723eb15aa61cc2bc51da334f24514b10897fed5c2ebe54de2462b6169ab11f7
Instruction ID: 582428370d9bdc9fa127f8b080a5fdeb6d4266efc6f2374a8e5b0b6a37158580
Opcode Fuzzy Hash: 9723eb15aa61cc2bc51da334f24514b10897fed5c2ebe54de2462b6169ab11f7
Instruction Fuzzy Hash: 4681ABB3F512254BF3544978CD983A266839BA5320F2F827C8E9C6B7C6DC7E5C4A5384

Function 00C77581 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 767f21172591929c96f8febaefbbab9a69b57a074b5a69b72e2fc6ecc79c5828
Instruction ID: 814fce5957b9ffe6a1c7fe79f6b5ba79d07c8ab2a814c13c7ded0bd9540e714c
Opcode Fuzzy Hash: 767f21172591929c96f8febaefbbab9a69b57a074b5a69b72e2fc6ecc79c5828
Instruction Fuzzy Hash: FF81ACB7F106254BF3944D78CC983627282EB95311F2F82798E5CAB3C5E97E5D099384

Function 00C3D2B4 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e47889843ecd0a70cceeba305f3b4a9f1ef002f1ec46bf3322a70b73452306da
Instruction ID: 271121e417910751ca337c0df463e9eed6bd00381ca776492ddf8be7e5416dfe
Opcode Fuzzy Hash: e47889843ecd0a70cceeba305f3b4a9f1ef002f1ec46bf3322a70b73452306da
Instruction Fuzzy Hash: 9881BCB3F1152547F3544E28CC983A17283EB91321F2F82798E8C6B7C9D97E6D099784

Function 00CC248D Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae1da6372674b8ff4b655c14a3439c9b155a564d6e47c7a86244ed40397b1206
Instruction ID: dd691af7ebf1d766bf8728bc8385b06cd35b766104ee3a3b9407083b23777117
Opcode Fuzzy Hash: ae1da6372674b8ff4b655c14a3439c9b155a564d6e47c7a86244ed40397b1206
Instruction Fuzzy Hash: B781ABF3F1152547F3504929CC583A266839BD1325F2F82798F5C6BBCAD87E9D0A5284

Function 00C6F271 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f6b09d0cb83df06fbdcc9fb909472b795f64a4bce6954f07695970afeeb1d7a
Instruction ID: 48f96c7528a0688c53f747fa2e2d4f54b25e9c143704673f3f4440e8af205391
Opcode Fuzzy Hash: 8f6b09d0cb83df06fbdcc9fb909472b795f64a4bce6954f07695970afeeb1d7a
Instruction Fuzzy Hash: 8781DDB3F2152547F3544D28CC983A27793EB95321F2F82398E18AB7C5C97EAE095384

Function 00C4A3FA Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 907730c6b82fa8b8736c9b0e9c33a5de4db71d64a6b2c54e66e6a3aea722b2d0
Instruction ID: e7c3107c093cf5ddd5131d6c09cb1bd3f65acb1f22d79b183a0f16dc87d4f64c
Opcode Fuzzy Hash: 907730c6b82fa8b8736c9b0e9c33a5de4db71d64a6b2c54e66e6a3aea722b2d0
Instruction Fuzzy Hash: ED815AB3F2163547F3508968CC983A272839795324F2F81798E5CAB3C5D9BE9D4A53C8

Function 00C98301 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 316e7f91bcae9f219ee2b70efc9b2e4a1ca52f6e87d5823b8c5669942148c419
Instruction ID: d0cd8ce369243775d4f29b36f31c260fbc73bd026d8da03a4f38d3c2a35463c1
Opcode Fuzzy Hash: 316e7f91bcae9f219ee2b70efc9b2e4a1ca52f6e87d5823b8c5669942148c419
Instruction Fuzzy Hash: 2B81C0B3F106254BF3504D69CC983627293DBD6710F2F81788E482BBC6D97E5D0AA784

Function 00C50307 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e7cc39169ca9b496e793cbf8349e5a183a433273299834b63ddb348cf70dde1
Instruction ID: 0ef48acd14aa8d6265da6a24a589b3f388d967016ff500a0517c6dc8b771b88c
Opcode Fuzzy Hash: 1e7cc39169ca9b496e793cbf8349e5a183a433273299834b63ddb348cf70dde1
Instruction Fuzzy Hash: F7816DF3F5162547F3944878DD9836265839BE0325F2F82388E5CA7BCADC7E8D0A5284

Function 00C822E6 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cb4b11bc2dc698540e927eb11e9e48f066510bdced117f6e44255a7ccea5592
Instruction ID: c4b729b160358b515ac0ba3d7a3ad73e3f04e7d2518322313f3a028c9bc19c0f
Opcode Fuzzy Hash: 2cb4b11bc2dc698540e927eb11e9e48f066510bdced117f6e44255a7ccea5592
Instruction Fuzzy Hash: 058189B7F1152547F3544D25CCA43A27283ABD5320F3F42798A586B3C5ED7E6D0A9384

Function 00CB31E7 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfde5edcacb92bfa4a3e5091bb4744ab14e370ef8920dc482c807a486f769d8b
Instruction ID: 8c3efd670d38f0ef02b91b754f8d8799f1b26d390a15f16b0ea3f1cabb2135d3
Opcode Fuzzy Hash: bfde5edcacb92bfa4a3e5091bb4744ab14e370ef8920dc482c807a486f769d8b
Instruction Fuzzy Hash: 66816EB3F101254BF3504D29CC983627292EB95311F2F8279CE88AB7C5DD7EAD0A9384

Function 00C8E089 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8365063f60d23353b98d67f36f5f93f0c20fd679b4d9913800047f56b7eb3916
Instruction ID: 71f1489ed31b9192c8240cd5f101353a531ecbac76acce05b3200ae561a41197
Opcode Fuzzy Hash: 8365063f60d23353b98d67f36f5f93f0c20fd679b4d9913800047f56b7eb3916
Instruction Fuzzy Hash: 16818DB3F106254BF3204969CC98362B6839BD5321F2F42798E5C6B7C6D9BE5D0A83C4

Function 00C451A8 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6483010fa897806c188b0e3f4d471bab14e82fe43a0eaad826b3a793e810aebf
Instruction ID: 6000a02d02808f200fc53d847ca77e13fbcf31f38abb336a507a25e5353fceb0
Opcode Fuzzy Hash: 6483010fa897806c188b0e3f4d471bab14e82fe43a0eaad826b3a793e810aebf
Instruction Fuzzy Hash: 7181CFB3F116258BF3504D68CC983A13693DB95321F2F41798E4CAB7C5D97EAE0A9384

Function 00C474B3 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2ff204c623ca811f73c2dfc943496f4db494e2b158f99c5041a8618d3c8079d
Instruction ID: aef9ec0591427b584ad63b6c709f0b49b972ac2c1f3700bfa7256eff15d19b7b
Opcode Fuzzy Hash: f2ff204c623ca811f73c2dfc943496f4db494e2b158f99c5041a8618d3c8079d
Instruction Fuzzy Hash: 9F8199B3F012254BF3544D29CCA83A272839B95314F2F427C8E9D6B7C6D97E2D0A9784

Function 00CC539E Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1ae8fab082d08b0170843c000330e41f5687b6f3358871ad9152b1d853080e
Instruction ID: a1558f6919cb3454998878caf1ba21e222b6d424b146677579275f5e145af179
Opcode Fuzzy Hash: 6a1ae8fab082d08b0170843c000330e41f5687b6f3358871ad9152b1d853080e
Instruction Fuzzy Hash: 1771BEB3F1152547F3504939CC583A26283E7E5325F2F82798E5CAB7CADC3E9D0A5284

Function 00CA1243 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff5c00429ce73c4bf47603c7ddc2f1781bdd60696a2b2fc03be4938af40bf1a
Instruction ID: 3de007fdfa4dbcef5969f073911e179b9db1d276fb7501f43a93dd9244e446d3
Opcode Fuzzy Hash: 2ff5c00429ce73c4bf47603c7ddc2f1781bdd60696a2b2fc03be4938af40bf1a
Instruction Fuzzy Hash: 57816BF3F1262547F3544929CC9836226839BE5321F2F82788E9C6B7C6D87E5D4A47C4

Function 00C591D1 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63822c5dcccd9b979ed5f4c93c9668fae4588b6423b5f64988df6fa8772129ff
Instruction ID: ee23cbaf0fffede44b5f969bd0c8768f1d36ade339368c37949ad2deb1419c69
Opcode Fuzzy Hash: 63822c5dcccd9b979ed5f4c93c9668fae4588b6423b5f64988df6fa8772129ff
Instruction Fuzzy Hash: A071FDB3F1162547F3104D69CC943A2B283EBD1321F2F82798E686B7C5D97E5D4A9384

Function 00C8D4BA Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eb69587789ace9b932dc801acf46b03c0a166899bd8817581eb189ba3041809
Instruction ID: 958d917d46adee4b4bd8285dd741a739ea4afefbda5e243bcdec81e575ab9f24
Opcode Fuzzy Hash: 7eb69587789ace9b932dc801acf46b03c0a166899bd8817581eb189ba3041809
Instruction Fuzzy Hash: 5D817AB3F1062647F3644D29CC983A262939BE1320F2F81798E5C6B7C9D93E5C469784

Function 00CC73DF Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e01ae90b08b12a526e2122ea8812010d91cd9734da3ebb9acbdfb8800b07f18a
Instruction ID: c87ff8041673546fd884feb69f539d787a566a234aac5b141ddf4d5489ea4849
Opcode Fuzzy Hash: e01ae90b08b12a526e2122ea8812010d91cd9734da3ebb9acbdfb8800b07f18a
Instruction Fuzzy Hash: 5781BBB7E1152547F3504D24CC58362B283EBA5325F2F82798E9C6BBC6E93E5D0A87C4

Function 00CD9280 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07fb14029a485b83890088c06e5277781725070d1ed75c908763723b7fcdce5
Instruction ID: be28446bcb0e1a9287d68c470a408358c89e9cec7eb8cb7b543acc5f8832cb85
Opcode Fuzzy Hash: a07fb14029a485b83890088c06e5277781725070d1ed75c908763723b7fcdce5
Instruction Fuzzy Hash: D471DBB3F215254BF3580D38CC683B26242EBA1320F2F427D8E6DAB7C5D97E5D096284

Function 00C915C4 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37315bae24b16d3409741622c88516cb43c13d4678bd1c6c12624bd5c3691181
Instruction ID: 5eafa625073b7e3320b537002d8a47df9d696bf98b7b0c9fe1a6a9e0d07bafd4
Opcode Fuzzy Hash: 37315bae24b16d3409741622c88516cb43c13d4678bd1c6c12624bd5c3691181
Instruction Fuzzy Hash: F171AAB3E1112647F3580C28DC693B26643EB91315F2F423D8F5A6B7C6DD7E4D094284

Function 00C58594 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c990e74a7a5af7802a2239e256ef41cf21cb68a9e70544dc0cbb183b2e4e59f5
Instruction ID: 3be11ded7ad10a6d7f818661e5edfb8c85492b124b50ebe95172a450dcc9a246
Opcode Fuzzy Hash: c990e74a7a5af7802a2239e256ef41cf21cb68a9e70544dc0cbb183b2e4e59f5
Instruction Fuzzy Hash: 4671D0B7F1062647F3644D68CC983717682DB95320F2F427C8E98AB3C2D97E6D4A9784

Function 00CCA392 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7f1aabb8d1443a3d44aef0d1e812e8322fdada6d31d1b5508df227289cc639c
Instruction ID: 773924748103bbb419a433371de4dbef499f62f82ae3ecc24c5071024e192de6
Opcode Fuzzy Hash: e7f1aabb8d1443a3d44aef0d1e812e8322fdada6d31d1b5508df227289cc639c
Instruction Fuzzy Hash: 3471BBB3F115254BF3944928CC683A23683EB95324F2F42398F596B7C5DD7E9D0A9384

Function 00CCA00F Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d389507758dd37d707ad102d7198a47bd786b8edec7e2044738516624619bcd
Instruction ID: 79502d0ba339f2412016045be50f40c8da55a65187ca2f3205a5079cc6b3d059
Opcode Fuzzy Hash: 4d389507758dd37d707ad102d7198a47bd786b8edec7e2044738516624619bcd
Instruction Fuzzy Hash: 2171BDB3E5062547F3644924DC983A26282DB94325F2F827D8E9C6B3C5DD7F1C4A93C4

Function 00C7B1CA Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40087cfea7bd50295277ce9242f817dd33af27f1c21c8cc56844e754102360b6
Instruction ID: c098ade8b349a80a3cbe3b93ee20b965996e7bfb60c18c982fd2f0c0047753ac
Opcode Fuzzy Hash: 40087cfea7bd50295277ce9242f817dd33af27f1c21c8cc56844e754102360b6
Instruction Fuzzy Hash: EC718DB3F1022547F3544D39CC983627693DB95314F2F827D8A88AB7C5D97E9C0A5784

Function 00C2704B Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 223284a7c3eb77e3afeb85c8072b2c8c4f120d108a321b3aca7f27d3a51f55e4
Instruction ID: d97d8444586604d4102e618b9c03ce4e1ff84efb11249472a102d8d83b6aa4bd
Opcode Fuzzy Hash: 223284a7c3eb77e3afeb85c8072b2c8c4f120d108a321b3aca7f27d3a51f55e4
Instruction Fuzzy Hash: B571BEB3F116258BF3544D68CC983627283DB96311F2F82798E585B7C9DD3EAD0A9384

Function 00C4928A Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab75e0a5620c67e447d7c4b398ab9191b4515a6132e46281ae840a12b4ab287
Instruction ID: 886dc363de407e1d60ded930942a1f6d76f7809484b48bbf30f6726a01767e6c
Opcode Fuzzy Hash: 8ab75e0a5620c67e447d7c4b398ab9191b4515a6132e46281ae840a12b4ab287
Instruction Fuzzy Hash: E27159B3E111264BF3544E68CC94372B353DB95320F3F41398E496B7C1EA3E6D5A9684

Function 00CCE295 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e875f3f40621b13756dd6489ea88fd629a6839c5eafeb265dc7eec2ef023fc2
Instruction ID: 140de02154f3aaa02a9a64cf17ba9a640806f95e87328209295b75f148279cd7
Opcode Fuzzy Hash: 0e875f3f40621b13756dd6489ea88fd629a6839c5eafeb265dc7eec2ef023fc2
Instruction Fuzzy Hash: 1671ECB3F1162447F3540D28CC583A2B283DB92325F2F82798E59AB7C6D97EAD0953C4

Function 00C904CE Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 643ed5829fe5679ebd1cb7c6e24728765fde8f407772df78c604e7ede1671302
Instruction ID: 6c3198a613d968fbb052ac69ac751f13d25c4d76bfb74fc857795f5f0b23d52f
Opcode Fuzzy Hash: 643ed5829fe5679ebd1cb7c6e24728765fde8f407772df78c604e7ede1671302
Instruction Fuzzy Hash: E87189B3F115244BF3544969CC68362B283DBA1315F2F817D8E49AB7CAD87E9C0A9384

Function 00C38300 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 689f0b25d98e94b62b855883c29fbaad2b7bd6acddc99eb3982b0ae5ca6823d1
Instruction ID: e79ec5642c33c866222b439f5251919c7732e38a15f307500656e91264d24b23
Opcode Fuzzy Hash: 689f0b25d98e94b62b855883c29fbaad2b7bd6acddc99eb3982b0ae5ca6823d1
Instruction Fuzzy Hash: 61719CB3F2022647F3544E28CC943A1B393EB95314F3F41798A489B3C5DA7E6D599784

Function 00C7A235 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ee885f7a0b69af9f8f355508b7763b6ce3c754e8ad06e32e351bcc4f26736b
Instruction ID: 8ca0c469410813a4ce6b2dde0bcc5afbdd74c990049d25d9263c639196b341c9
Opcode Fuzzy Hash: 99ee885f7a0b69af9f8f355508b7763b6ce3c754e8ad06e32e351bcc4f26736b
Instruction Fuzzy Hash: 4861B3B3F105258BF7544E28CC983A17653EB95310F1F82788E48AB7C9D97FAD099784

Function 00C5B586 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a724e728488e0693dc7cf2d7085c82c6249708fffe3c93a516dcdf031bdf54f
Instruction ID: d474f4305cd66528a5ba2722f4601d0b25ab9e4ec9d830d387105428cb890802
Opcode Fuzzy Hash: 9a724e728488e0693dc7cf2d7085c82c6249708fffe3c93a516dcdf031bdf54f
Instruction Fuzzy Hash: 22618CB7F1162547F3544D38CC483A26283E7E5325F2F82798A58AB7C9E97E9D0A4384

Function 00C34009 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb207a31899cf620f5e7d8ee8f9d62fe0a61e7a1fcb752de7e9aceda32d78187
Instruction ID: ead7d0342e240347910e30e3cd030c04af7ef2fb4986ef466dbf395e8cfad1cc
Opcode Fuzzy Hash: eb207a31899cf620f5e7d8ee8f9d62fe0a61e7a1fcb752de7e9aceda32d78187
Instruction Fuzzy Hash: 3561DFB3F106258BF3544D68CC683627293EBA5310F2F417D8E596B3C1DA7E6D099784

Function 00C40243 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bfd036c2c34e40c2c30bed480378bbd61c8a93740108abc66c67c996b359549
Instruction ID: 37acded7d4d96d6d21a2dbc52d8555ba65cb37f0652206f250dd2a39adc35522
Opcode Fuzzy Hash: 2bfd036c2c34e40c2c30bed480378bbd61c8a93740108abc66c67c996b359549
Instruction Fuzzy Hash: 0A619BB3F1162647F3544D38CC983626683DB95310F2F82398F996B7CADC7E9D0A5284

Function 00C9638D Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3df95b58229d5e512443fb80dea6a48d2ea06ba61fe21d10ae2a3caa9611618d
Instruction ID: cc938ab5f0d683916496639516042c3fd77fa4317a57c8faab114d2e55260e29
Opcode Fuzzy Hash: 3df95b58229d5e512443fb80dea6a48d2ea06ba61fe21d10ae2a3caa9611618d
Instruction Fuzzy Hash: AA61CCB3F2242547F3544D28CC583A2A283DBE1326F3F82798A586B7C9DD7E9D465384

Function 00C462CD Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 101d2fdb39a479fea37fcc0216fbde1ee7ab83cb667140941602f3a44cbe8e6f
Instruction ID: 30dfb33a3152692b48cee0e6acfa45ce546dad89d276e2938a13b579be125e5f
Opcode Fuzzy Hash: 101d2fdb39a479fea37fcc0216fbde1ee7ab83cb667140941602f3a44cbe8e6f
Instruction Fuzzy Hash: C5518BB3F106250BF35448B9CC983626682EB95714F2F82798F496B7CADD7E1D0A53C4

Function 00CA32F3 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 490235f7ca8d0d98691ee684a5fa40eca49ee0e6035dec701ba6a1b1056a9d3c
Instruction ID: 1b0ba1b9512aeb39601ada2a3f262bbd6efb200a05cbfb70870ae53e8decc2ae
Opcode Fuzzy Hash: 490235f7ca8d0d98691ee684a5fa40eca49ee0e6035dec701ba6a1b1056a9d3c
Instruction Fuzzy Hash: F451EFB3F201254BF3544D38CC683B17692DB96314F2F427D8E49AB7C1D96E6E099784

Function 00CC6343 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d692495065672f112862491f4a123375fe2547ed8c176c41ee94210b75ab305b
Instruction ID: da88d55d14dbf85b9a9d2a535e73bce45ddcc0bee0e1aa5eaaf837375fb429ad
Opcode Fuzzy Hash: d692495065672f112862491f4a123375fe2547ed8c176c41ee94210b75ab305b
Instruction Fuzzy Hash: 19518CF3E6052547F3644839CD593A266839BA5310F2F827D8E9CAB7C9D87E9D0A5380

Function 00E143B0 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117c670b579092438436618f18c3d1732dae0f1637da5a4095feda21298480f7
Instruction ID: 37daf88386b8dc6d99e83b882a56c85308b739e93d4a0731d116642773fc79cc
Opcode Fuzzy Hash: 117c670b579092438436618f18c3d1732dae0f1637da5a4095feda21298480f7
Instruction Fuzzy Hash: 8A51C3B39087189FD700BE7DED8567AFBE8EF50710F160A2DE6C4C3740E63599448696

Function 00BEF377 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f2e3a530a2e7322a6b3ea6651d0e756b872587a61a00cb21127ac9c51b3bee4
Instruction ID: c329a80e830ecd03aebc30fd8d34bcf351f782c1b139d0535ef39d1bb11992dd
Opcode Fuzzy Hash: 5f2e3a530a2e7322a6b3ea6651d0e756b872587a61a00cb21127ac9c51b3bee4
Instruction Fuzzy Hash: 07610B72744B818FC728CE3CC8953E6BBD29B95314F198A7CD4BBCB385EA78A4058700

Function 00C845A1 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a4cd62ec64631f128ae1c333995a005582642e44631f49889df48fc2c2fc12a
Instruction ID: b68257784dfcfcde878eca80b23488a6975290fdacf75ef6e634901e46166b4d
Opcode Fuzzy Hash: 2a4cd62ec64631f128ae1c333995a005582642e44631f49889df48fc2c2fc12a
Instruction Fuzzy Hash: 075176B3F2152547F3584928CC583627283ABA5325F2F82B98E8D6B3C5D93E6D4947C4

Function 00BFF18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41ec557d71c38504639a28ed50b490cd3440d69100104c626a2f37d553bb20e
Instruction ID: 03666d1924a840315a189ca0c33953589d12349ecd8258cc262eba0c1b2ef76c
Opcode Fuzzy Hash: b41ec557d71c38504639a28ed50b490cd3440d69100104c626a2f37d553bb20e
Instruction Fuzzy Hash: E24106327087564BD718CF38889127BFBD29FDA704F1E887ED9C2C7256D524E90A8B81

Function 00CD7471 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b585ac2bb77e285a842f66d3e4d2e6626524d980a5e7a6e58e3e33367c7c407
Instruction ID: d369493a12650bc403957cfe9cc743d68e7d12ccfd8fd75d881b735ca0b5d3ba
Opcode Fuzzy Hash: 6b585ac2bb77e285a842f66d3e4d2e6626524d980a5e7a6e58e3e33367c7c407
Instruction Fuzzy Hash: 4A519AF3F1152547F3500968CD683A2668397E1321F2F82B98F6CAB7C5DC7E9D0A5284

Function 00C61414 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 934c9b23c3b435a91a372eb502621644fc9746d5515fdca2ed521960dde985eb
Instruction ID: 471121c1b994ccb47c53e3a572e25fdfc1753788859e5c04d8c1bfcdd7975549
Opcode Fuzzy Hash: 934c9b23c3b435a91a372eb502621644fc9746d5515fdca2ed521960dde985eb
Instruction Fuzzy Hash: 4C518EB3F115254BF3644D28CC583617293DB95310F2F82BD8E88AB7C5D93EAD09A384

Function 00C8B10E Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5613c0f03b4df2cc3d8a7398601912bbc188b20fa7dafa11f432585a6f77d127
Instruction ID: bc03c1b7c58e427ea0f89ed113f22a8725be32b17b824f8291fc6f7b27f64fbe
Opcode Fuzzy Hash: 5613c0f03b4df2cc3d8a7398601912bbc188b20fa7dafa11f432585a6f77d127
Instruction Fuzzy Hash: 57518BB3F2052247F3544938CC183626683DB91324F2F86788E9CAB7C5D87E9C4A9384

Function 00C8333B Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fde2f844fe6356f9d7d9bc9b9bac86a511f4891bf3bdd93f7b20898fcf68970
Instruction ID: 1d5e1dc95b6e96b834e380dec98ced6546224147f3bb7c62e4e30b325ff992ce
Opcode Fuzzy Hash: 6fde2f844fe6356f9d7d9bc9b9bac86a511f4891bf3bdd93f7b20898fcf68970
Instruction Fuzzy Hash: 2B4129F361C2046FE318AE6AFC41B3BB7DADBD0324F19853DE685D3340E97659068266

Function 00BF2070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1995860ad9510ca053f4e49045e36969f4480cf8f60469a065985525cb85f262
Instruction ID: f35340769c272e4d20f49638e38997857c3b5c5645bbdfba274113ab94ccb72f
Opcode Fuzzy Hash: 1995860ad9510ca053f4e49045e36969f4480cf8f60469a065985525cb85f262
Instruction Fuzzy Hash: 20813BF450A7808BDBB8DF15D99879BBBE0AB89308F518A1DD4C84B390CBB0554DCF96

Function 0106905B Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbc9724502b32b8ffb1bc1b60304eb8bd1fd2d95053e9bab4e173d28a45ec96
Instruction ID: 6a5feee0683bdbb6b4644eb8420cc87893477347337ad3ff537616e1018f297d
Opcode Fuzzy Hash: 5cbc9724502b32b8ffb1bc1b60304eb8bd1fd2d95053e9bab4e173d28a45ec96
Instruction Fuzzy Hash: C131BEF25087049FE7117F29EC857AAFBE8EF55710F16492DD6D4C7291E2398480CA87

Function 00BFA440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction ID: 05de49234617724aacdf35e189725ba0c7b94c11ed55eceece1634d89541bfc3
Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction Fuzzy Hash: 5E31F6B2A086084FC71D9D3D489027ABAD39BD5334F29C77EEA7A8B3C1DA748C445242

Function 00C701F5 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9246de1d3026783e9e9f95b6687320ca23a3f0d17c001071e9af6f5e81d48a9e
Instruction ID: 8441a0198675549f45dd7da605595d11b287ef7dcd1efc800f35e30d1b89de45
Opcode Fuzzy Hash: 9246de1d3026783e9e9f95b6687320ca23a3f0d17c001071e9af6f5e81d48a9e
Instruction Fuzzy Hash: 0331ABB3F206310BF3548968CD993622582DB95310F2F82798E59AB7C5E8BE9D0952C4

Function 00C3F084 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0318fbbf220ee5b8b8eef9bcbd572622bf357480a86a4277e93eb921da65e912
Instruction ID: faaf51081e37f9c5fa4d920d2614de3c239d84a9ab89185ca19682374d82030a
Opcode Fuzzy Hash: 0318fbbf220ee5b8b8eef9bcbd572622bf357480a86a4277e93eb921da65e912
Instruction Fuzzy Hash: 3931FAB3F6252147F3944875CD58392148397D5325F2FC2798A68ABBCADC7D4C0A5284

Function 00CA63A0 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0621f350db1081fba578ddc172099b459e26993d99521a0e870bc04cc8fa4116
Instruction ID: c6a8b0ea540796c85c3f7005404a898143755289aa9aab471b600e5b34166875
Opcode Fuzzy Hash: 0621f350db1081fba578ddc172099b459e26993d99521a0e870bc04cc8fa4116
Instruction Fuzzy Hash: 383190F3F8162547F35408A4DD683A2A642D7E1314F2F82398F1D6B7C2D8BE9C4A1384

Function 00C31451 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f5e5847aca27b9a3d9abb73096a97b59265b93c163fd6579d9c6afa4fce182
Instruction ID: 0e79477602df628507c54d57c037ffb6b41311ec8ab9210d7119ab4edac194b9
Opcode Fuzzy Hash: f6f5e5847aca27b9a3d9abb73096a97b59265b93c163fd6579d9c6afa4fce182
Instruction Fuzzy Hash: 373157F3F6153603F3588869CD9836265839BD5715F2F82784E5DA7BCAE8BD4C0612C0

Function 00C3E591 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 690ee7af7fa14aa205ca134eec53152a8228864a62e0874d08d2762e8b30d9b9
Instruction ID: daf1c7235e934fb14893a60e5744377ec9942eecba05395817aa7ae44dfa65dc
Opcode Fuzzy Hash: 690ee7af7fa14aa205ca134eec53152a8228864a62e0874d08d2762e8b30d9b9
Instruction Fuzzy Hash: AD3139F3F515210BF3984839DD983625587ABE4315F2F82788E5C67BCAD87E4D0956C0

Function 00C525E4 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d5b46146d1841530f3b665947154399fb078a67e4358b6d54d5da68e3ca2cdf
Instruction ID: 38e8091381007fe09708954321e49f557a3486fc9da6dfb610a0f8b75c383e63
Opcode Fuzzy Hash: 3d5b46146d1841530f3b665947154399fb078a67e4358b6d54d5da68e3ca2cdf
Instruction Fuzzy Hash: 8C3127B7F516264BF36408B4DCA83A2258397D6321F3F43798E2C6B7C5D8BE5C4A5280

Function 00C4D116 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaaffaec0e72693757b482026b9e1f4a50d7f1caec9d375d803c830d06d5b14c
Instruction ID: a1d74ecf355b6c82337b9cd514c4d37e2946c7627216f3edf73c086f742408ed
Opcode Fuzzy Hash: aaaffaec0e72693757b482026b9e1f4a50d7f1caec9d375d803c830d06d5b14c
Instruction Fuzzy Hash: B83169B3F124210BF7944839CD2936615839BD5320F3F823A8B8E6BBC8DC7E590A4684

Function 00CC0277 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 370c4e37414b1baaae85d826bdd8ff10a223c8604fed531438275f77a5bea54a
Instruction ID: b7c24e7fbc5edca95b4bc8c554fa74e3b55d9329a0391669ef37601ad8043da6
Opcode Fuzzy Hash: 370c4e37414b1baaae85d826bdd8ff10a223c8604fed531438275f77a5bea54a
Instruction Fuzzy Hash: CB2125B3F5122547F3844879CD583A26583D7D5324F2B82398F5DAB7CAE87E9C0A5288

Function 00C71447 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d4f6cd1dd4c2e76fae1e4a581bae061b0b551fcff0aeef92ef9737022edb703
Instruction ID: db120cdc4e4bd18f07e01456ac647f518b87bc13051982fa9f9db53eec838846
Opcode Fuzzy Hash: 7d4f6cd1dd4c2e76fae1e4a581bae061b0b551fcff0aeef92ef9737022edb703
Instruction Fuzzy Hash: 24216DF3F616254BF3984869CC543A6628397E5321F2F82798A2CA77C5EC7D9C065284

Function 00C5B42D Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5f6d201bc1fe99766334f822e1aa153c7a292d6260efaacd7edbcf467e153af
Instruction ID: 0593ee9e497521eb773a193fcf223e6f6222649a163f96b8e08b432d8c280335
Opcode Fuzzy Hash: a5f6d201bc1fe99766334f822e1aa153c7a292d6260efaacd7edbcf467e153af
Instruction Fuzzy Hash: F621D5F7F516364BF35408B8DD983626582CBA1324F2F43398F28AB7C6E87E5D051284

Function 00C4948C Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab39c7319536c6ad9a6dabe209de0c4a77229c55c1806e9d87920cb233356f97
Instruction ID: 364ac24623a6c2b1cd192407ee4c23af06fcb0c0e11e5a17756225c81130f0d7
Opcode Fuzzy Hash: ab39c7319536c6ad9a6dabe209de0c4a77229c55c1806e9d87920cb233356f97
Instruction Fuzzy Hash: BF215CB3F516124BF3984878CCA53725583CBD5324F2B82398F19AB7C5D8BE5C0A5288

Function 00C7C42F Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e72d1d6a6d0010ad0d9e156d932037f79b429a4758a9f6cb831f9cf29332a55
Instruction ID: a3fc30f0d83f65ae647be25c4ab19a8abb5505dc6a92d10d9aadffe82e41942c
Opcode Fuzzy Hash: 6e72d1d6a6d0010ad0d9e156d932037f79b429a4758a9f6cb831f9cf29332a55
Instruction Fuzzy Hash: 2C2128B3F405360BF3A04879CD493A2A582AB81324F1B82758F5CBBBC6DD7D5D4A52C4

Function 00BF6210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 9c32a90406869a192cb5bdfa3e245b66a64189ac0163db7fda85a0c5ddc41120
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: E111E933A051D80ED3168E3C8440575BFE35AE3734B1943D9F8B89B2D2D6238D8E9354

Function 00BDC300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: b5be7b648d23b7b51a824ee053a30a4a18700757d86ac978b589386f9d67bf37
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: EEF03160104B928AD7318F398564773FFE09B13328F545A8DC5D3576D2D376D10A8798

Function 00BEE0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: 634da61c678c89195455fee1b3052b0b7ff9b17ae6008a1a4e37f45f1274db7b
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: C2F065104087E28ADB234B3F44616B2AFE0DF63120F181BD5C8F1AB2CBC315D596D366

Function 00BED116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2511602201.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BC0000, based on PE: true

Associated: 00000000.00000002.2511585584.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511602201.0000000000C05000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511645598.0000000000C13000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000C15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000DA8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EAE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511659324.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2511897437.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512014878.0000000001069000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2512029206.000000000106A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bc0000_r06aMlvVyM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686a16f09205d3cb2137829b46f53dd8bf5522f4f1c97baab9993cb8e9dc0bf5
Instruction ID: c60044e8ea2fcaf01d745db365f2120c20cd3c452840f27a538fa2c8d84a61d1
Opcode Fuzzy Hash: 686a16f09205d3cb2137829b46f53dd8bf5522f4f1c97baab9993cb8e9dc0bf5
Instruction Fuzzy Hash: 3501F4706442829BD304CF38CCE066BFBE1EB86364B09CB9CD5568B796CA34D846C799

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report r06aMlvVyM.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
r06aMlvVyM.exe

Function 00BC8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 00BFE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00C01720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Function 00BC9D1E Relevance: 3.1, APIs: 2, Instructions: 142
libraryCOMMON

Function 00BCEF53 Relevance: 1.6, APIs: 1, Instructions: 118
COMMON

Function 00BCEC77 Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Function 00BC9EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Function 00BFC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Function 00BFC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON