Edit tour

Windows Analysis Report
x.exe

Overview

General Information

Sample name:	x.exe
Analysis ID:	1589152
MD5:	a0f063b82ce5a44aba075f17b9284bab
SHA1:	e1c46fb92ff3827347c47362511ccb0b1b09f123
SHA256:	0567b98365f8f5e5a3adf508dc7234ea7b50270a8106c3a66a0da96f38058118
Tags:	amsi-bypass-clrexelummastealerps1user-marsomx
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

x.exe (PID: 7060 cmdline: "C:\Users\user\Desktop\x.exe" MD5: A0F063B82CE5A44ABA075F17B9284BAB)

x.exe (PID: 2004 cmdline: "C:\Users\user\Desktop\x.exe" MD5: A0F063B82CE5A44ABA075F17B9284BAB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["robinsharez.shop", "versersleep.shop", "crowdwarek.shop", "apporholis.shop", "femalsabler.shop", "chipdonkeruz.shop", "charminammoc.cyou", "soundtappysk.shop", "handscreamny.shop"], "Build id": "jMw1IE--SHELLS"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1689301402.0000000005630000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1685653683.0000000003B80000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: x.exe PID: 7060	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: x.exe PID: 7060	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.x.exe.5630000.6.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.x.exe.5630000.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:01:00.108167+0100	2028371	3	Unknown Traffic	192.168.2.4	49733	104.102.49.254	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (apporholis .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:00:59.342247+0100	2059035	1	Domain Observed Used for C2 Detected	192.168.2.4	62894	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chipdonkeruz .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:00:59.387195+0100	2059037	1	Domain Observed Used for C2 Detected	192.168.2.4	63610	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crowdwarek .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:00:59.353172+0100	2059039	1	Domain Observed Used for C2 Detected	192.168.2.4	49206	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (femalsabler .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:00:59.330112+0100	2059041	1	Domain Observed Used for C2 Detected	192.168.2.4	63028	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (handscreamny .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:00:59.397294+0100	2059043	1	Domain Observed Used for C2 Detected	192.168.2.4	56329	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (robinsharez .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:00:59.407900+0100	2059049	1	Domain Observed Used for C2 Detected	192.168.2.4	56501	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soundtappysk .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:00:59.320912+0100	2059051	1	Domain Observed Used for C2 Detected	192.168.2.4	54051	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (versersleep .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:00:59.364510+0100	2059057	1	Domain Observed Used for C2 Detected	192.168.2.4	57446	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-11T13:01:01.032537+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49733	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://charminammoc.cyou:443/api	Avira URL Cloud: Label: malware
Source: https://handscreamny.shop:443/api	Avira URL Cloud: Label: malware
Source: https://robinsharez.shop:443/api	Avira URL Cloud: Label: malware
Source: charminammoc.cyou	Avira URL Cloud: Label: malware
Source: https://chipdonkeruz.shop:443/apiUC	Avira URL Cloud: Label: malware
Source: https://versersleep.shop:443/apil	Avira URL Cloud: Label: malware
Source: https://apporholis.shop:443/api	Avira URL Cloud: Label: malware
Source: https://femalsabler.shop:443/api	Avira URL Cloud: Label: malware

Found malware configuration

Source: 1.2.x.exe.400000.0.raw.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["robinsharez.shop", "versersleep.shop", "crowdwarek.shop", "apporholis.shop", "femalsabler.shop", "chipdonkeruz.shop", "charminammoc.cyou", "soundtappysk.shop", "handscreamny.shop"], "Build id": "jMw1IE--SHELLS"}

Multi AV Scanner detection for submitted file

Source: x.exe	Virustotal: Detection: 61%			Perma Link
Source: x.exe	ReversingLabs: Detection: 52%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 90.4% probability

Machine Learning detection for sample

Source: x.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: robinsharez.shop
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: handscreamny.shop
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: chipdonkeruz.shop
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: versersleep.shop
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: crowdwarek.shop
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: apporholis.shop
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: femalsabler.shop
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: soundtappysk.shop
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: charminammoc.cyou
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: jMw1IE--SHELLS

Source: x.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49733 version: TLS 1.2

Source: x.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: x.exe, 00000000.00000002.1685653683.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000000.00000002.1690143938.0000000005990000.00000004.08000000.00040000.00000000.sdmp, x.exe, 00000000.00000002.1685653683.0000000003AB9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: x.exe, 00000000.00000002.1685653683.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000000.00000002.1690143938.0000000005990000.00000004.08000000.00040000.00000000.sdmp, x.exe, 00000000.00000002.1685653683.0000000003AB9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_0576D7F0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then jmp 059F6128h	0_2_059F6070
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then jmp 059F6128h	0_2_059F6068
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov edx, ecx	1_2_0040B82F
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edi, byte ptr [eax+esi]	1_2_0040C0DB
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov dword ptr [edi], 00000000h	1_2_0040B60A
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-12h]	1_2_00428040
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-12h]	1_2_00428040
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	1_2_0043A0C0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], edi	1_2_004438D0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+542E9FD2h]	1_2_004438D0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [edi], bl	1_2_004090F0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+35F56427h]	1_2_00409880
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00415090
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [esi], cx	1_2_00415090
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov edx, ecx	1_2_00415090
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [esi], cx	1_2_00415090
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0044209C
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov ecx, eax	1_2_004258B5
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [edx], al	1_2_0041B158
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h	1_2_0041815F
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [eax], cl	1_2_0042F178
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+44h]	1_2_0042F178
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [esi], cl	1_2_0042F178
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 6A911B6Ch	1_2_0041612C
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [eax], cl	1_2_004169C8
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0042B1D6
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [ecx], al	1_2_004311E3
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then test esi, esi	1_2_0043D9F0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov ecx, eax	1_2_004258B5
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h	1_2_004181AB
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov eax, dword ptr [edi+0Ch]	1_2_00402250
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi-18069758h]	1_2_0041C250
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [eax], cl	1_2_0042F25D
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+44h]	1_2_0042F25D
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [esi], cl	1_2_0042F25D
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h	1_2_00418208
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 01FCE602h	1_2_00440220
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	1_2_0041CA30
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 53585096h	1_2_0042BA3F
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov ebx, eax	1_2_00405AC0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov ebp, eax	1_2_00405AC0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov ecx, eax	1_2_0043CAC0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00418F7E
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [esi], cl	1_2_0042F363
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov dword ptr [esp+28h], edx	1_2_0043C370
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00425300
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then lea edx, dword ptr [eax+00000270h]	1_2_00408B10
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	1_2_0042C3E0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov esi, eax	1_2_00428B90
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx ecx, word ptr [esi]	1_2_00442C50
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 53585096h	1_2_0040DC27
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edx-2868E0D1h]	1_2_0041DCE0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	1_2_0042DD40
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	1_2_0040C561
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then add ebx, edi	1_2_00408D00
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	1_2_0041F510
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then jmp ecx	1_2_0042BDEA
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov dword ptr [esi+04h], edi	1_2_0040D5F2
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+14h]	1_2_0043D5F0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [eax], cl	1_2_00416D98
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov dword ptr [esp+edx*4+0000008Ch], ecx	1_2_00407620
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, word ptr [esp+eax*4+00001118h]	1_2_00407620
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	1_2_00420E30
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then lea edi, dword ptr [edx+ecx]	1_2_004286F0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx ebx, bx	1_2_00425EB1
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0000027Ch]	1_2_00430749
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+41h]	1_2_00427760
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00418F7E
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then add edx, ebp	1_2_00408F20
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-5562E25Dh]	1_2_00443F30
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edx+18h]	1_2_0040A7C8
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov word ptr [ebx], ax	1_2_00441FCB
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	1_2_004437F0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 27BE92A4h	1_2_004437F0
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [eax], cl	1_2_004307F6
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+44h]	1_2_004307F6
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [esi], cl	1_2_004307F6
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+2D632546h]	1_2_004317A4
Source: C:\Users\user\Desktop\x.exe	Code function: 4x nop then mov byte ptr [esi], cl	1_2_004317A4

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2059035 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (apporholis .shop) : 192.168.2.4:62894 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059049 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (robinsharez .shop) : 192.168.2.4:56501 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059043 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (handscreamny .shop) : 192.168.2.4:56329 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059039 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crowdwarek .shop) : 192.168.2.4:49206 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059057 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (versersleep .shop) : 192.168.2.4:57446 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059041 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (femalsabler .shop) : 192.168.2.4:63028 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059051 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soundtappysk .shop) : 192.168.2.4:54051 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2059037 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chipdonkeruz .shop) : 192.168.2.4:63610 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49733 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: robinsharez.shop
Source: Malware configuration extractor	URLs: versersleep.shop
Source: Malware configuration extractor	URLs: crowdwarek.shop
Source: Malware configuration extractor	URLs: apporholis.shop
Source: Malware configuration extractor	URLs: femalsabler.shop
Source: Malware configuration extractor	URLs: chipdonkeruz.shop
Source: Malware configuration extractor	URLs: charminammoc.cyou
Source: Malware configuration extractor	URLs: soundtappysk.shop
Source: Malware configuration extractor	URLs: handscreamny.shop

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.102.49.254:443

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=b893774ec124e5935fe65a12; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 11 Jan 2025 12:01:00 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlF equals www.youtube.com (Youtube)
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: charminammoc.cyou
Source: global traffic	DNS traffic detected: DNS query: soundtappysk.shop
Source: global traffic	DNS traffic detected: DNS query: femalsabler.shop
Source: global traffic	DNS traffic detected: DNS query: apporholis.shop
Source: global traffic	DNS traffic detected: DNS query: crowdwarek.shop
Source: global traffic	DNS traffic detected: DNS query: versersleep.shop
Source: global traffic	DNS traffic detected: DNS query: chipdonkeruz.shop
Source: global traffic	DNS traffic detected: DNS query: handscreamny.shop
Source: global traffic	DNS traffic detected: DNS query: robinsharez.shop
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: x.exe	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: x.exe, 00000001.00000002.1687332943.0000000001383000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: x.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: x.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: x.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: x.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: x.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: x.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: x.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: x.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: x.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: x.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: x.exe, 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apporholis.shop:443/api
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://charminammoc.cyou:443/api
Source: x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chipdonkeruz.shop:443/apiUC
Source: x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=SCXpgixTDzt4&a
Source: x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A
Source: x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=lviE
Source: x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://femalsabler.shop:443/api
Source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://handscreamny.shop:443/api
Source: x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://robinsharez.shop:443/api
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: x.exe	String found in binary or memory: https://sectigo.com/CPS0
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp, x.exe, 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1686777124.000000000133C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: x.exe, 00000001.00000002.1686777124.000000000131C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/5
Source: x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: x.exe, 00000001.00000002.1686777124.000000000133C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: x.exe, 00000001.00000002.1687008499.000000000134F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/765611997243319000
Source: x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://versersleep.shop:443/apil
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49733 version: TLS 1.2

Source: C:\Users\user\Desktop\x.exe

Code function: 1_2_00437CF0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

1_2_00437CF0

Source: C:\Users\user\Desktop\x.exe

Code function: 1_2_00437CF0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

1_2_00437CF0

Source: C:\Users\user\Desktop\x.exe

Code function: 1_2_00437EB0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

1_2_00437EB0

Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_059F7948 NtProtectVirtualMemory,	0_2_059F7948
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_059FBB20 NtResumeThread,	0_2_059FBB20
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_059F7940 NtProtectVirtualMemory,	0_2_059F7940
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_059FBB18 NtResumeThread,	0_2_059FBB18

Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_00F70F20	0_2_00F70F20
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EAB23B	0_2_04EAB23B
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA73A0	0_2_04EA73A0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA98CA	0_2_04EA98CA
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA34C0	0_2_04EA34C0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA34B0	0_2_04EA34B0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA27B8	0_2_04EA27B8
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA27B0	0_2_04EA27B0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA2A48	0_2_04EA2A48
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA3A40	0_2_04EA3A40
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA3A50	0_2_04EA3A50
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA2A3A	0_2_04EA2A3A
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04EA2A3F	0_2_04EA2A3F
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05621F50	0_2_05621F50
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0562D6B8	0_2_0562D6B8
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05624CF0	0_2_05624CF0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05621F40	0_2_05621F40
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05620040	0_2_05620040
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05620006	0_2_05620006
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05621AE8	0_2_05621AE8
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05621AD8	0_2_05621AD8
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05702B38	0_2_05702B38
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0570EDD8	0_2_0570EDD8
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0570EDC8	0_2_0570EDC8
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05702B28	0_2_05702B28
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05704AF0	0_2_05704AF0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05704AE0	0_2_05704AE0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_057275E0	0_2_057275E0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05729C9E	0_2_05729C9E
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_057275D1	0_2_057275D1
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05729CCE	0_2_05729CCE
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0572A948	0_2_0572A948
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0572A939	0_2_0572A939
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05720007	0_2_05720007
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0572F2B8	0_2_0572F2B8
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0573A0F8	0_2_0573A0F8
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05750448	0_2_05750448
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05757C78	0_2_05757C78
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0575040F	0_2_0575040F
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05757C88	0_2_05757C88
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05758340	0_2_05758340
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0575EEE0	0_2_0575EEE0
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0576EC68	0_2_0576EC68
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05760040	0_2_05760040
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0576001B	0_2_0576001B
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_059F4558	0_2_059F4558
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_059F4552	0_2_059F4552
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05A1FC60	0_2_05A1FC60
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05A00006	0_2_05A00006
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05A00040	0_2_05A00040
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05A1E7B0	0_2_05A1E7B0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0040AD30	1_2_0040AD30
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00406840	1_2_00406840
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0042A04C	1_2_0042A04C
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0042385D	1_2_0042385D
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043C860	1_2_0043C860
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00410064	1_2_00410064
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00443000	1_2_00443000
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004438D0	1_2_004438D0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004090F0	1_2_004090F0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0040F0F0	1_2_0040F0F0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00409880	1_2_00409880
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00415090	1_2_00415090
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004378B0	1_2_004378B0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041F960	1_2_0041F960
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0042F178	1_2_0042F178
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043C110	1_2_0043C110
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00403920	1_2_00403920
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041612C	1_2_0041612C
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041813F	1_2_0041813F
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043B9C2	1_2_0043B9C2
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041D9F0	1_2_0041D9F0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041A990	1_2_0041A990
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043B1A4	1_2_0043B1A4
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041C250	1_2_0041C250
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00425A70	1_2_00425A70
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00412A00	1_2_00412A00
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00418208	1_2_00418208
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00444210	1_2_00444210
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00416230	1_2_00416230
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00405AC0	1_2_00405AC0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041D2C0	1_2_0041D2C0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043CAC0	1_2_0043CAC0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004042D0	1_2_004042D0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0042AA85	1_2_0042AA85
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00440290	1_2_00440290
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00402B40	1_2_00402B40
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0040F357	1_2_0040F357
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0042F363	1_2_0042F363
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043DB70	1_2_0043DB70
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043C370	1_2_0043C370
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00417377	1_2_00417377
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00425300	1_2_00425300
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00408B10	1_2_00408B10
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00427BC0	1_2_00427BC0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00418BE2	1_2_00418BE2
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004093F0	1_2_004093F0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00428B90	1_2_00428B90
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00443390	1_2_00443390
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004063B0	1_2_004063B0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043FC40	1_2_0043FC40
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00443C40	1_2_00443C40
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00431C20	1_2_00431C20
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00436CE5	1_2_00436CE5
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0042C480	1_2_0042C480
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004224B0	1_2_004224B0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00442D50	1_2_00442D50
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00434561	1_2_00434561
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0042E570	1_2_0042E570
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0040DD77	1_2_0040DD77
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00425D20	1_2_00425D20
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043DDC9	1_2_0043DDC9
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00404DD0	1_2_00404DD0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00411DDB	1_2_00411DDB
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00419DE0	1_2_00419DE0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041D5F0	1_2_0041D5F0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0043D5F0	1_2_0043D5F0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00428D9A	1_2_00428D9A
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00435D9F	1_2_00435D9F
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041BE45	1_2_0041BE45
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00433E54	1_2_00433E54
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0041DE70	1_2_0041DE70
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00407620	1_2_00407620
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00420E30	1_2_00420E30
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00415E3F	1_2_00415E3F
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004426CB	1_2_004426CB
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_0042FED7	1_2_0042FED7
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00426ED9	1_2_00426ED9
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00425EE0	1_2_00425EE0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004286F0	1_2_004286F0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00425EB1	1_2_00425EB1
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00436753	1_2_00436753
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00427760	1_2_00427760
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00434F60	1_2_00434F60
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00442F60	1_2_00442F60
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00402F10	1_2_00402F10
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00441720	1_2_00441720
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00421F30	1_2_00421F30
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00443F30	1_2_00443F30
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004187E4	1_2_004187E4
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004217F0	1_2_004217F0
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_004317A4	1_2_004317A4

Source: C:\Users\user\Desktop\x.exe	Code function: String function: 00415080 appears 102 times
Source: C:\Users\user\Desktop\x.exe	Code function: String function: 00408220 appears 44 times

Source: x.exe

Static PE information: invalid certificate

Source: x.exe, 00000000.00000002.1687914730.0000000005390000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameHhjxkossnmp.dll" vs x.exe
Source: x.exe, 00000000.00000002.1685653683.0000000003A15000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs x.exe
Source: x.exe, 00000000.00000002.1690143938.0000000005990000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs x.exe
Source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs x.exe
Source: x.exe, 00000000.00000002.1685653683.0000000003AB9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs x.exe
Source: x.exe, 00000000.00000002.1668098035.0000000000A1E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs x.exe
Source: x.exe, 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs x.exe

Source: x.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: x.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/0@10/1

Source: C:\Users\user\Desktop\x.exe

Code function: 1_2_0043CAC0 RtlExpandEnvironmentStrings,RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,

1_2_0043CAC0

Source: C:\Users\user\Desktop\x.exe

Mutant created: NULL

Source: x.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: x.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\x.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: x.exe	Virustotal: Detection: 61%
Source: x.exe	ReversingLabs: Detection: 52%

Source: C:\Users\user\Desktop\x.exe

File read: C:\Users\user\Desktop\x.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\x.exe "C:\Users\user\Desktop\x.exe"
Source: C:\Users\user\Desktop\x.exe	Process created: C:\Users\user\Desktop\x.exe "C:\Users\user\Desktop\x.exe"
Source: C:\Users\user\Desktop\x.exe	Process created: C:\Users\user\Desktop\x.exe "C:\Users\user\Desktop\x.exe"	Jump to behavior

Source: C:\Users\user\Desktop\x.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\x.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\x.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: x.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: x.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: x.exe

Static file information: File size 1410128 > 1048576

Source: x.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x154c00

Source: x.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: x.exe, 00000000.00000002.1685653683.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000000.00000002.1690143938.0000000005990000.00000004.08000000.00040000.00000000.sdmp, x.exe, 00000000.00000002.1685653683.0000000003AB9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: x.exe, 00000000.00000002.1685653683.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, x.exe, 00000000.00000002.1690143938.0000000005990000.00000004.08000000.00040000.00000000.sdmp, x.exe, 00000000.00000002.1685653683.0000000003AB9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.x.exe.5630000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.x.exe.5630000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1689301402.0000000005630000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1685653683.0000000003B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: x.exe PID: 7060, type: MEMORYSTR

Source: x.exe

Static PE information: real checksum: 0x16b4357 should be: 0x160804

Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_00F7A9B0 push eax; ret	0_2_00F7A9B1
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_04E36658 pushfd ; retf	0_2_04E36661
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05530F6E push ebp; iretd	0_2_05530F78
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_055343C0 push eax; iretd	0_2_055346B9
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_055343BB push eax; iretd	0_2_055346B9
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05723578 push edx; retf	0_2_05723583
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05722C0A push E9000000h; ret	0_2_05722C11
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_057201F3 push ecx; ret	0_2_057201F9
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_057238E3 push ds; iretd	0_2_057238E4
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_0573DE78 pushad ; retf	0_2_0573DE79
Source: C:\Users\user\Desktop\x.exe	Code function: 0_2_05737068 push dword ptr [esp+edx*2-75h]; iretd	0_2_05737001
Source: C:\Users\user\Desktop\x.exe	Code function: 1_2_00448421 pushfd ; iretd	1_2_0044844F

Source: x.exe

Static PE information: section name: .text entropy: 7.966973160540014

Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: x.exe PID: 7060, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: x.exe, 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\x.exe	Memory allocated: F70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Memory allocated: 28D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Memory allocated: 48D0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\x.exe TID: 6180

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: x.exe, 00000000.00000002.1687914730.0000000005390000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: JcvMCipUuI
Source: x.exe, 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1686777124.000000000131C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: x.exe, 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual

Source: C:\Users\user\Desktop\x.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\x.exe

Code function: 1_2_004415B0 LdrInitializeThunk,

1_2_004415B0

Source: C:\Users\user\Desktop\x.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\x.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\x.exe

Memory written: C:\Users\user\Desktop\x.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: robinsharez.shop
Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: handscreamny.shop
Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: chipdonkeruz.shop
Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: versersleep.shop
Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: crowdwarek.shop
Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: apporholis.shop
Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: femalsabler.shop
Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: soundtappysk.shop
Source: x.exe, 00000000.00000002.1669251366.0000000002E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: charminammoc.cyou

Source: C:\Users\user\Desktop\x.exe

Process created: C:\Users\user\Desktop\x.exe "C:\Users\user\Desktop\x.exe"

Jump to behavior

Source: C:\Users\user\Desktop\x.exe	Queries volume information: C:\Users\user\Desktop\x.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\x.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\x.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	111 Process Injection	2 Virtualization/Sandbox Evasion	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Screen Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	111 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	2 Clipboard Data	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Deobfuscate/Decode Files or Information	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	4 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
x.exe	61%	Virustotal		Browse
x.exe	53%	ReversingLabs	Win32.Trojan.Generic
x.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://charminammoc.cyou:443/api	100%	Avira URL Cloud	malware
https://handscreamny.shop:443/api	100%	Avira URL Cloud	malware
https://robinsharez.shop:443/api	100%	Avira URL Cloud	malware
charminammoc.cyou	100%	Avira URL Cloud	malware
https://chipdonkeruz.shop:443/apiUC	100%	Avira URL Cloud	malware
https://versersleep.shop:443/apil	100%	Avira URL Cloud	malware
https://apporholis.shop:443/api	100%	Avira URL Cloud	malware
https://femalsabler.shop:443/api	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	false	high
femalsabler.shop	unknown	unknown	false	high
robinsharez.shop	unknown	unknown	false	high
charminammoc.cyou	unknown	unknown	true	unknown
soundtappysk.shop	unknown	unknown	false	high
crowdwarek.shop	unknown	unknown	false	high
versersleep.shop	unknown	unknown	false	high
chipdonkeruz.shop	unknown	unknown	false	high
apporholis.shop	unknown	unknown	false	high
handscreamny.shop	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
robinsharez.shop	false		high
charminammoc.cyou	true	Avira URL Cloud: malware	unknown
versersleep.shop	false		high
crowdwarek.shop	false		high
femalsabler.shop	false		high
https://steamcommunity.com/profiles/76561199724331900	false		high
soundtappysk.shop	false		high
apporholis.shop	false		high
handscreamny.shop	false		high
chipdonkeruz.shop	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://player.vimeo.com	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	x.exe	false		high
https://github.com/mgravell/protobuf-netJ	x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	false		high
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	x.exe	false		high
http://ocsp.sectigo.com0	x.exe	false		high
https://charminammoc.cyou:443/api	x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://versersleep.shop:443/apil	x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.gstatic.cn/recaptcha/	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/subscriber_agreement/	x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	x.exe	false		high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net/recaptcha/;	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0	x.exe	false		high
https://handscreamny.shop:443/api	x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/mgravell/protobuf-neti	x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://medal.tv	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://broadcast.st.dl.eccdnx.com	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.steampowered.com/	x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	x.exe, 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/legal/	x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=lviE	x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/	x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steam.tv/	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/5	x.exe, 00000001.00000002.1686777124.000000000131C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://apporholis.shop:443/api	x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	x.exe	false		high
https://sectigo.com/CPS0	x.exe	false		high
https://stackoverflow.com/q/14436606/23354	x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp, x.exe, 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://store.steampowered.com/privacy_agreement/	x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com:443/profiles/76561199724331900	x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	x.exe	false		high
https://github.com/mgravell/protobuf-net	x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://recaptcha.net	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/	x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com	x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sketchfab.com	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com/	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://127.0.0.1:27060	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://chipdonkeruz.shop:443/apiUC	x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A	x.exe, 00000001.00000002.1687008499.0000000001371000.00000004.00000020.00020000.00000000.sdmp	false		high
https://robinsharez.shop:443/api	x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	x.exe	false		high
https://stackoverflow.com/q/2152978/23354	x.exe, 00000000.00000002.1689540645.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	false		high
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	x.exe	false		high
https://femalsabler.shop:443/api	x.exe, 00000001.00000002.1686777124.0000000001332000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/recaptcha/	x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/	x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.steampowered.com/	x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/account/cookiepreferences/	x.exe, 00000001.00000002.1687523771.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1686777124.000000000133C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/765611997243319000	x.exe, 00000001.00000002.1687008499.000000000134F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;	x.exe, 00000001.00000002.1687236972.0000000001377000.00000004.00000020.00020000.00000000.sdmp, x.exe, 00000001.00000002.1687332943.00000000013A7000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589152
Start date and time:	2025-01-11 13:00:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	x.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@3/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 91% Number of executed functions: 458 Number of non-executed functions: 50
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:00:58	API Interceptor	2x Sleep call for process: x.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	r4xiHKy8aM.exe	Get hash	malicious	Socks5Systemz	Browse	/ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	SDIO_R773.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	176.113.115.170_3.ps1	Get hash	malicious	LummaC	Browse	104.102.49.254
	4kN17cL4Tn.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	5tmmrpv3dn.exe	Get hash	malicious	LummaC Stealer	Browse	104.102.49.254
	b0cQukXPAl.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Q7QR4k52HL.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	xNuh0DUJaG.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	4hQFnbWlj8.exe	Get hash	malicious	Vidar	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	SDIO_R773.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	176.113.115.170_3.ps1	Get hash	malicious	LummaC	Browse	104.102.49.254
	4kN17cL4Tn.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	5tmmrpv3dn.exe	Get hash	malicious	LummaC Stealer	Browse	104.102.49.254
	b0cQukXPAl.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Q7QR4k52HL.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	xNuh0DUJaG.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	Unknown	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Bontrageroutdoors_Project_Update_202557516.pdf	Get hash	malicious	Unknown	Browse	96.17.64.171

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	SDIO_R773.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	176.113.115.170_3.ps1	Get hash	malicious	LummaC	Browse	104.102.49.254
	4kN17cL4Tn.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	5tmmrpv3dn.exe	Get hash	malicious	LummaC Stealer	Browse	104.102.49.254
	b0cQukXPAl.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Q7QR4k52HL.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	xNuh0DUJaG.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.963989167379803
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	x.exe
File size:	1'410'128 bytes
MD5:	a0f063b82ce5a44aba075f17b9284bab
SHA1:	e1c46fb92ff3827347c47362511ccb0b1b09f123
SHA256:	0567b98365f8f5e5a3adf508dc7234ea7b50270a8106c3a66a0da96f38058118
SHA512:	53c13f552eba709d7a558b34c2c1ecfd35b42391b33fb882a4cb3fb3c667e4d1c4e269e7d8b3d0688bd750912307cec1612bde9c0c967615ac34f4d015ce5d29
SSDEEP:	24576:QxrfEXAiIKn+pSBDXQtHjoD4eS8QfuBeeTAi/ZIwoMmoz8qj7UnaBK9PIU/gsjTO:a8QGBeqvBbLQqqIiVTvsBV
TLSH:	E765231C33CABF72C6584E3A95E31501877284687C33F357ACD469FDAE12798BA805A7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A~g.................L...........j... ........@.. ..............................WCk...`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x556a8e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x677E4113 [Wed Jan 8 09:10:43 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	01/05/2023 01:00:00 03/06/2026 00:59:59
Subject Chain	CN=Dirk B\xf6ttcher, O=Dirk B\xf6ttcher, S=Hamburg, C=DE
Version:	3
Thumbprint MD5:	BC07CED219D95E6B4AB2693CD6AC12DE
Thumbprint SHA-1:	C323454D08221CF4ABBD4E3073C40941E9985A2C
Thumbprint SHA-256:	4A726A218DD7985EAECAE28E946D390C8336C9D9C129BC391A832FE5D788B2A1
Serial:	00DB9788D9B3E3BEAE253560DD055029F7

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x156a38	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x158000	0x600	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x155600	0x2e50
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x15a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x154a94	0x154c00	38f36b8ab9e56630b27b21a673315470	False	0.9639947209739546	data	7.966973160540014	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x158000	0x600	0x600	b18997144665584b38fc1658957c7b42	False	0.4095052083333333	data	3.972748934699286	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x15a000	0xc	0x200	225611f0008a58d54b804e3aa2a5cce7	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1580a0	0x2dc	data			0.44808743169398907
RT_MANIFEST	0x15837c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T13:00:59.320912+0100	2059051	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soundtappysk .shop)	1	192.168.2.4	54051	1.1.1.1	53	UDP
2025-01-11T13:00:59.330112+0100	2059041	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (femalsabler .shop)	1	192.168.2.4	63028	1.1.1.1	53	UDP
2025-01-11T13:00:59.342247+0100	2059035	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (apporholis .shop)	1	192.168.2.4	62894	1.1.1.1	53	UDP
2025-01-11T13:00:59.353172+0100	2059039	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crowdwarek .shop)	1	192.168.2.4	49206	1.1.1.1	53	UDP
2025-01-11T13:00:59.364510+0100	2059057	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (versersleep .shop)	1	192.168.2.4	57446	1.1.1.1	53	UDP
2025-01-11T13:00:59.387195+0100	2059037	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chipdonkeruz .shop)	1	192.168.2.4	63610	1.1.1.1	53	UDP
2025-01-11T13:00:59.397294+0100	2059043	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (handscreamny .shop)	1	192.168.2.4	56329	1.1.1.1	53	UDP
2025-01-11T13:00:59.407900+0100	2059049	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (robinsharez .shop)	1	192.168.2.4	56501	1.1.1.1	53	UDP
2025-01-11T13:01:00.108167+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49733	104.102.49.254	443	TCP
2025-01-11T13:01:01.032537+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49733	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 13:00:59.430943012 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:00:59.430998087 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:00:59.431086063 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:00:59.434453964 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:00:59.434470892 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:00.108081102 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:00.108166933 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:00.368791103 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:00.368875027 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:00.369832039 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:00.421674013 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:00.638128042 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:00.679326057 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.032665014 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.032728910 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.032751083 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.032754898 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.032790899 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.032799959 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.032830000 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.032834053 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.032860041 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.032895088 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.032927990 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.032954931 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.077954054 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.112916946 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.112950087 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.112989902 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.112998009 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.113028049 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.113054991 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.113080025 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.113178968 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.113234997 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.115205050 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.115221024 CET	443	49733	104.102.49.254	192.168.2.4
Jan 11, 2025 13:01:01.115233898 CET	49733	443	192.168.2.4	104.102.49.254
Jan 11, 2025 13:01:01.115241051 CET	443	49733	104.102.49.254	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 13:00:59.307594061 CET	51229	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.317312002 CET	53	51229	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.320911884 CET	54051	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.328954935 CET	53	54051	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.330111980 CET	63028	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.339416981 CET	53	63028	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.342247009 CET	62894	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.351043940 CET	53	62894	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.353172064 CET	49206	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.362229109 CET	53	49206	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.364510059 CET	57446	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.385127068 CET	53	57446	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.387195110 CET	63610	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.396259069 CET	53	63610	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.397294044 CET	56329	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.405834913 CET	53	56329	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.407900095 CET	56501	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.416213989 CET	53	56501	1.1.1.1	192.168.2.4
Jan 11, 2025 13:00:59.418507099 CET	55463	53	192.168.2.4	1.1.1.1
Jan 11, 2025 13:00:59.425801992 CET	53	55463	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 11, 2025 13:00:59.307594061 CET	192.168.2.4	1.1.1.1	0xaf5c	Standard query (0)	charminammoc.cyou	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.320911884 CET	192.168.2.4	1.1.1.1	0x9b38	Standard query (0)	soundtappysk.shop	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.330111980 CET	192.168.2.4	1.1.1.1	0x9e13	Standard query (0)	femalsabler.shop	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.342247009 CET	192.168.2.4	1.1.1.1	0xc649	Standard query (0)	apporholis.shop	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.353172064 CET	192.168.2.4	1.1.1.1	0x9648	Standard query (0)	crowdwarek.shop	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.364510059 CET	192.168.2.4	1.1.1.1	0xc778	Standard query (0)	versersleep.shop	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.387195110 CET	192.168.2.4	1.1.1.1	0xc568	Standard query (0)	chipdonkeruz.shop	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.397294044 CET	192.168.2.4	1.1.1.1	0xcf50	Standard query (0)	handscreamny.shop	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.407900095 CET	192.168.2.4	1.1.1.1	0xcd1f	Standard query (0)	robinsharez.shop	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.418507099 CET	192.168.2.4	1.1.1.1	0x755d	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 11, 2025 13:00:59.317312002 CET	1.1.1.1	192.168.2.4	0xaf5c	Name error (3)	charminammoc.cyou	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.328954935 CET	1.1.1.1	192.168.2.4	0x9b38	Name error (3)	soundtappysk.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.339416981 CET	1.1.1.1	192.168.2.4	0x9e13	Name error (3)	femalsabler.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.351043940 CET	1.1.1.1	192.168.2.4	0xc649	Name error (3)	apporholis.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.362229109 CET	1.1.1.1	192.168.2.4	0x9648	Name error (3)	crowdwarek.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.385127068 CET	1.1.1.1	192.168.2.4	0xc778	Name error (3)	versersleep.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.396259069 CET	1.1.1.1	192.168.2.4	0xc568	Name error (3)	chipdonkeruz.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.405834913 CET	1.1.1.1	192.168.2.4	0xcf50	Name error (3)	handscreamny.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.416213989 CET	1.1.1.1	192.168.2.4	0xcd1f	Name error (3)	robinsharez.shop	none	none	A (IP address)	IN (0x0001)	false
Jan 11, 2025 13:00:59.425801992 CET	1.1.1.1	192.168.2.4	0x755d	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	104.102.49.254	443	2004	C:\Users\user\Desktop\x.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 12:01:00 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2025-01-11 12:01:01 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 11 Jan 2025 12:01:00 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=b893774ec124e5935fe65a12; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2025-01-11 12:01:01 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2025-01-11 12:01:01 UTC	11186	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>

Target ID:	0
Start time:	07:00:57
Start date:	11/01/2025
Path:	C:\Users\user\Desktop\x.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\x.exe"
Imagebase:	0x4d0000
File size:	1'410'128 bytes
MD5 hash:	A0F063B82CE5A44ABA075F17B9284BAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1689301402.0000000005630000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1685653683.0000000003B80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1669251366.00000000028D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	07:00:58
Start date:	11/01/2025
Path:	C:\Users\user\Desktop\x.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\x.exe"
Imagebase:	0xa90000
File size:	1'410'128 bytes
MD5 hash:	A0F063B82CE5A44ABA075F17B9284BAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	14.5%
Dynamic/Decrypted Code Coverage:	98.9%
Signature Coverage:	3.4%
Total number of Nodes:	261
Total number of Limit Nodes:	7

Executed Functions

Function 04EA73A0 Relevance: 6.0, Strings: 4, Instructions: 956
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

TJkq, xrefs: 04EA7542
pjq, xrefs: 04EA7F5A
xbiq, xrefs: 04EA74CD
Tefq, xrefs: 04EA7AC3

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID: TJkq$Tefq$pjq$xbiq
API String ID: 0-513662044
Opcode ID: 95b1b528dfd233dc334577d22d9e04622fe77d13911f2ab933fc8110120d645e
Instruction ID: 165e2c38e78b96039231a389d89334decc2a2925cea7617bc9669c2dd5da05f4
Opcode Fuzzy Hash: 95b1b528dfd233dc334577d22d9e04622fe77d13911f2ab933fc8110120d645e
Instruction Fuzzy Hash: 7AA2B675A00628CFDB64CF69C984AD9BBB2FF89304F1581E9D509AB325D731AE91CF40

Function 04EA98CA Relevance: 3.8, Strings: 2, Instructions: 1340
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 04EA9F3A
2, xrefs: 04EAA8B6

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID: 2$$fq
API String ID: 0-675566980
Opcode ID: 10ba24614c334c9f961862343ca86bed1175a1e7bec52a0c69dab15e475448dc
Instruction ID: 64d3f93c490db26947d1c47753a7e42351934c62cb51d3be0c60daae228af6e9
Opcode Fuzzy Hash: 10ba24614c334c9f961862343ca86bed1175a1e7bec52a0c69dab15e475448dc
Instruction Fuzzy Hash: 27E2D4B4A016288FDB64DF68D9856DEBBB1FB89305F1091E9D40DAB344DB34AE81CF50

Function 059F4558 Relevance: 3.1, Strings: 2, Instructions: 607
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 059F464C
fkq, xrefs: 059F465F

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID:
String ID: fkq$8
API String ID: 0-3236039973
Opcode ID: 67f8b42a059deb6835c156b168dbf42d3f8805439d3c71565c062cba48051c63
Instruction ID: 72a3db77ef6fee0cb1cd8591fcfdb7d480d1f4aa05be54f6134e15d3fa384846
Opcode Fuzzy Hash: 67f8b42a059deb6835c156b168dbf42d3f8805439d3c71565c062cba48051c63
Instruction Fuzzy Hash: 3252E475E016298FDB64DF68C894AD9B7B2FB89310F5081EAD50DA7345DB30AE81CF90

Function 0562D6B8 Relevance: 3.1, Strings: 2, Instructions: 565
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Plfq, xrefs: 0562D810
$fq, xrefs: 0562D8F6

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: Plfq$$fq
API String ID: 0-502218747
Opcode ID: 235f47c891292b791d619887bbcd39a0d0ab713df245bd6e5933b7b6dca44b59
Instruction ID: 38aa00ef98d5c3ca4ccc8bba2ad97921871b7b304453198d6e938953720f048c
Opcode Fuzzy Hash: 235f47c891292b791d619887bbcd39a0d0ab713df245bd6e5933b7b6dca44b59
Instruction Fuzzy Hash: CA225A74B00A14CFCB14DF69C598A6A77F6BF89301B2584A9E506CB7A5DB31EC82CF50

Function 059F4552 Relevance: 2.7, Strings: 2, Instructions: 159COMMON

Download Yara Rule

Strings

h, xrefs: 059F4640
fkq, xrefs: 059F465F

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID:
String ID: fkq$h
API String ID: 0-2877906129
Opcode ID: 96f3c810175fb0d52397d4a552701da07cd5f3e51a88d6094beefc3f5aee1774
Instruction ID: beb27689cd674890c9851d5e1bf1fe0ac275009e5aeefd1993afb9ac48ea6318
Opcode Fuzzy Hash: 96f3c810175fb0d52397d4a552701da07cd5f3e51a88d6094beefc3f5aee1774
Instruction Fuzzy Hash: F871F675E016288BEB64DF69C844BDAB7B2FF89310F1082AAD50DB7254DB306E85CF50

Function 05621F50 Relevance: 1.6, Strings: 1, Instructions: 367COMMON

Download Yara Rule

Strings

<;, xrefs: 0562231A

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: <;
API String ID: 0-2020808634
Opcode ID: 64d123564b374c3c445c1115894533c5421e963906b868bc6cccd5d3b83e75d7
Instruction ID: 6022fb2bd267c4e51f0e1b62cd7ee8ee1bc386075f6ddddf3c37a38b615356a8
Opcode Fuzzy Hash: 64d123564b374c3c445c1115894533c5421e963906b868bc6cccd5d3b83e75d7
Instruction Fuzzy Hash: D7F13874E09618CFDB14EFA8D594BAEB7F2FB49304F10816AE40AAB384DB746941CF51

Function 059F7940 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 059F79FD

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: daf538ce3c177f4705dcd4edb802a749d813d81cad496dec4ed85d38a0106a52
Instruction ID: 68c207e03e435cfa78ebcc186d45ce1f8e0ed584dd514c40d5c0baba16753c76
Opcode Fuzzy Hash: daf538ce3c177f4705dcd4edb802a749d813d81cad496dec4ed85d38a0106a52
Instruction Fuzzy Hash: 144198B4D002589BCF10CFAAD981ADEFBB5FB59310F10A42AE915B7210D735A941CF64

Function 059F7948 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 059F79FD

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 6386871c6e5adec4d25427be39198165faad028ffa188c8f8a1fb832fcc5aae6
Instruction ID: bd936b3e3dd18b34eb7583d47e6af025f7bb9174b5127bdc45c159bf6929ce46
Opcode Fuzzy Hash: 6386871c6e5adec4d25427be39198165faad028ffa188c8f8a1fb832fcc5aae6
Instruction Fuzzy Hash: 7B4188B4D002589FCF10CFAAD980ADEFBB5BB59310F10A42AE919B7210D775A941CF64

Function 05621F40 Relevance: 1.6, Strings: 1, Instructions: 348COMMON

Download Yara Rule

Strings

<;, xrefs: 0562231A

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: <;
API String ID: 0-2020808634
Opcode ID: 0647a56ce40a920215d9b3f003f4aff0f0dda9bbd348df4eb919bd6475c4aafe
Instruction ID: ab9665cabde7e8222fb047f6306ed228abf310dbeaed451e497a52e4ec0e59e1
Opcode Fuzzy Hash: 0647a56ce40a920215d9b3f003f4aff0f0dda9bbd348df4eb919bd6475c4aafe
Instruction Fuzzy Hash: 55E15B74E09618CFDB14EFA8D494BAEB7F2FB49304F50816AE40AAB394DB346941CF51

Function 059FBB18 Relevance: 1.6, APIs: 1, Instructions: 85nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 059FBBAE

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 323e209e05d48606315d0c05dd6f92ed86d99e2913a602583a58473ca6de8e68
Instruction ID: ebd757dc81cf4c0ace258b9f1c31aa6c39c49f97fc7032960bf28930796f615e
Opcode Fuzzy Hash: 323e209e05d48606315d0c05dd6f92ed86d99e2913a602583a58473ca6de8e68
Instruction Fuzzy Hash: BF3199B4D012189FCB10CFAAD984AAEFBF5FB49310F20942AE915B7304D775A945CF94

Function 059FBB20 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 059FBBAE

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 09a01cf7c32ead0b601d77a53167523e6fbffd701469c55ca4b873c514c73564
Instruction ID: 0ef1d7ef1ac44ccd23d283173126b5baf9d12b02c5c11163fd14e88403bf0744
Opcode Fuzzy Hash: 09a01cf7c32ead0b601d77a53167523e6fbffd701469c55ca4b873c514c73564
Instruction Fuzzy Hash: CB319AB5D012199FCB10CFAAD984AAEFBF5BF49310F20942AE915B7300C775A945CF94

Function 05729C9E Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

Tefq, xrefs: 05729ED2

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: 771ed1dfda94355e2c5ab2b6be848b5881b619cc52951215ec12a97e87985219
Instruction ID: 1ef249ab1938ea65ebbd0ea64d945768004859af289c4f8f5f10ae3fdcc23576
Opcode Fuzzy Hash: 771ed1dfda94355e2c5ab2b6be848b5881b619cc52951215ec12a97e87985219
Instruction Fuzzy Hash: 0FE1F374A05628CFDB64DF69C884BAEBBF2BB89300F1080AAD50DA7255DB705E85DF11

Function 05729CCE Relevance: 1.6, Strings: 1, Instructions: 311COMMON

Download Yara Rule

Strings

Tefq, xrefs: 05729ED2

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: 0fb7d058d450639facbbf4c93dbf04b836dd5908d2151063f1b0943626c45248
Instruction ID: 817eb0b42aac2265611bf00ef483f353e7f1dc55f5c42ae5b65b47091ab342e4
Opcode Fuzzy Hash: 0fb7d058d450639facbbf4c93dbf04b836dd5908d2151063f1b0943626c45248
Instruction Fuzzy Hash: 3BE1F274E05628CFDB64DF69C884BAEBBF2BB89300F1081AAD50DA7255DB705E81DF11

Function 05702B38 Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

PHfq, xrefs: 05702EB6

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID:
String ID: PHfq
API String ID: 0-2154135885
Opcode ID: 2eb940aa5e350723f74e2f380db72a3300f1732356e05fe904be0d28df711840
Instruction ID: e840f3583a739405583ce62c424409cbdf858342fc6e9ae08356e669f1326a35
Opcode Fuzzy Hash: 2eb940aa5e350723f74e2f380db72a3300f1732356e05fe904be0d28df711840
Instruction Fuzzy Hash: 50D119B5E05218CFDB14DF69C848BAEBBF2FB49304F10A0AAD409A7396DB745985DF40

Function 05702B28 Relevance: 1.5, Strings: 1, Instructions: 297COMMON

Download Yara Rule

Strings

PHfq, xrefs: 05702EB6

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID:
String ID: PHfq
API String ID: 0-2154135885
Opcode ID: 35f724b395943423365b911447528802bb3d3491f8de7b11078dd45bf7c652fd
Instruction ID: 703d40cd94c1a0b8e50c979a5476cc18aa0ab1861e18ddba21e19a7cfed66ec5
Opcode Fuzzy Hash: 35f724b395943423365b911447528802bb3d3491f8de7b11078dd45bf7c652fd
Instruction Fuzzy Hash: 47D119B5E05218CFDB14DFA9D848BAEBBF2FB49300F1090AAD409A7396DB745985DF40

Function 05750448 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Dmq, xrefs: 0575054D

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID: Dmq
API String ID: 0-4031372824
Opcode ID: 7ad1361bd6106b1ecba4bde42397263020d164082dd86fd11c9d1f720956e781
Instruction ID: 407f2527a48e608dac12c32bf67ad4f1778cd7d13e5f4d1153cbb972af2fc1a1
Opcode Fuzzy Hash: 7ad1361bd6106b1ecba4bde42397263020d164082dd86fd11c9d1f720956e781
Instruction Fuzzy Hash: 6CD1A474E01218CFDB54DFA9D994A9DBBB2FF89310F2081A9D409AB365DB31AD81CF50

Function 057275E0 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

Tefq, xrefs: 0572776B

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: 254992a09069d618545e1907db98e9c3a3002afce32c9c6d46314bbff6f22e00
Instruction ID: b4b896dd50e2b4e7650a29518492af587b65f57a4aa2a5f935dee599af91aea9
Opcode Fuzzy Hash: 254992a09069d618545e1907db98e9c3a3002afce32c9c6d46314bbff6f22e00
Instruction Fuzzy Hash: 1EB10774E06218CFDB18DFA9DA44BADBBF2FB89300F6090AAD409A7355DB705985DF40

Function 057275D1 Relevance: 1.5, Strings: 1, Instructions: 261COMMON

Download Yara Rule

Strings

Tefq, xrefs: 0572776B

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: ab731c996f9a0655b03d748189357424b7ae33b3b70ca8ac006df24fc0ee3a65
Instruction ID: f653f6eb16e08133f1d80ae9aadc257468a7185bfb4fea90a8ceb575b7b16d75
Opcode Fuzzy Hash: ab731c996f9a0655b03d748189357424b7ae33b3b70ca8ac006df24fc0ee3a65
Instruction Fuzzy Hash: BEB11874E06218CFDB18DF69DA44BADBBF2FB89300F6090AAD409A7355DB305985DF00

Function 0575040F Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

Dmq, xrefs: 0575054D

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID: Dmq
API String ID: 0-4031372824
Opcode ID: 1649b148e7be85e991637d213ef405c8f010063ba218bdbbf680b6aa27999978
Instruction ID: 3a9bf9b3fc461cd3e8208655c4e2187699b1a45b604661bffa3bfd39bdb8211c
Opcode Fuzzy Hash: 1649b148e7be85e991637d213ef405c8f010063ba218bdbbf680b6aa27999978
Instruction Fuzzy Hash: FBA1B174A01218CFDB54DF69D994A9DBBF2FF89310F1081AAD809AB365DB30AD85CF50

Function 00F70F20 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

TJkq, xrefs: 00F70FA0

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: TJkq
API String ID: 0-3106782265
Opcode ID: 14e911f28441f3d33480b0fb76a5faad3a8f9673de64291a257aefd996e82020
Instruction ID: 18c06952cc5d8fcadc35b382a2dd05de488cf860aaeba6660a83f902da6bf861
Opcode Fuzzy Hash: 14e911f28441f3d33480b0fb76a5faad3a8f9673de64291a257aefd996e82020
Instruction Fuzzy Hash: 10717131A041458FD714DB6CC890BAEBBB5FF49300F21C4A7E10AEB2A5CA75DC85EB52

Function 05A1FC60 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

"H, xrefs: 05A1FD69

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID: "H
API String ID: 0-1195101010
Opcode ID: 2252487e28b1968687565ab21a1f17d964d0b484b14174183dc08ec40f831d97
Instruction ID: dbc572f9a8a941119ef49f84c3a4c0151a35e688725ee6ffd57984591f39235e
Opcode Fuzzy Hash: 2252487e28b1968687565ab21a1f17d964d0b484b14174183dc08ec40f831d97
Instruction Fuzzy Hash: 1E514C74E15259CFDB04DFA9D985AAEBBF2FF88300F548129E809E7344D734A941CBA4

Function 04EAB23B Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef254929bd5266b988958cd8fa8ed7a2ff5a60aa363e88152c7fda11e3a2ba1e
Instruction ID: e60fad5e92c62520492e0049376ef8d66bfe9bef0ab0c2020c975731e9ec03a8
Opcode Fuzzy Hash: ef254929bd5266b988958cd8fa8ed7a2ff5a60aa363e88152c7fda11e3a2ba1e
Instruction Fuzzy Hash: D752A2B4A016288FCB64DF28C985B9ABBB2FB49311F1091D9E50DA7355DB30AEC1DF50

Function 04EA2A3F Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 262b8a863dcf35af51cdc07b3146f8c26294a601a657344aa21469e83a6b588d
Instruction ID: 57e9e1b13b71ab04878faadd618b9e631e4a3844bb117070227b28a08727ce5b
Opcode Fuzzy Hash: 262b8a863dcf35af51cdc07b3146f8c26294a601a657344aa21469e83a6b588d
Instruction Fuzzy Hash: 64418E31B041099FDB20DFA8C941BEEBBB5EF44300F1541A2E25ABF394E774AA518B81

Function 00F711E8 Relevance: 5.3, Strings: 4, Instructions: 267
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

TJkq, xrefs: 00F71377
TJkq, xrefs: 00F71206
Tefq, xrefs: 00F7135F
@, xrefs: 00F7141E

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: @$TJkq$TJkq$Tefq
API String ID: 0-2909286035
Opcode ID: 3585ad16c0aae45cbc278cbdff514a3ce51475fe4d499797c61b6619ede90551
Instruction ID: a8ed9e11eaabe24273c555583037c8e23d42b9e0cd09358e55293a386806449b
Opcode Fuzzy Hash: 3585ad16c0aae45cbc278cbdff514a3ce51475fe4d499797c61b6619ede90551
Instruction Fuzzy Hash: 0EB11975B001548FCB04DFA9C994B9EBBF2BF49310F2580AAE40ADB3A2D670DD49DB41

Function 05730040 Relevance: 4.2, Strings: 3, Instructions: 481
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hjq, xrefs: 05730515
Hjq, xrefs: 05730594
Hjq, xrefs: 05730544

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: Hjq$Hjq$Hjq
API String ID: 0-2296473396
Opcode ID: 7d00c1982209e587b20499de5dfc2cb81a4e118dd1e14c6b78ee9eda541d1ac3
Instruction ID: 1c60a9171e31156034e2bc9b7c982c22607ad80f30a1af934cc93b24fb57d0c6
Opcode Fuzzy Hash: 7d00c1982209e587b20499de5dfc2cb81a4e118dd1e14c6b78ee9eda541d1ac3
Instruction Fuzzy Hash: 1A125E71A006049FCB18DFA5C889AAEBBF2FF88310F14852DE5069B751DB35ED46DB50

Function 05731D08 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'fq, xrefs: 05732081
4'fq, xrefs: 05731F22
4'fq, xrefs: 05732001

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$4'fq
API String ID: 0-3646979650
Opcode ID: bdd7dae9cba7a25f2f286f68f25adb83d672970f59662dbbe12813c5e65f7171
Instruction ID: 97bc9ac76b3afbe16c16e41bf93dbc5bd09f6fd05948536dd4ae206f67df8c17
Opcode Fuzzy Hash: bdd7dae9cba7a25f2f286f68f25adb83d672970f59662dbbe12813c5e65f7171
Instruction Fuzzy Hash: 18F1C834B10218DFCB08DFA4D999A9DBBB2FF88311F518159E406AB3A5DB70EC46DB50

Function 057362E0 Relevance: 4.1, Strings: 3, Instructions: 359
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hjq, xrefs: 05736461
(jq, xrefs: 05736435
(jq, xrefs: 05736409

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: (jq$(jq$Hjq
API String ID: 0-2836811127
Opcode ID: 73e746b1fb6ca8317243d738917c0d28d029953f2b291b5f208a7986014704dc
Instruction ID: 8883d9f7a1b5a1daae4d75ea3f1eeb588a892b151c0bb631545fd1a14e8e58f1
Opcode Fuzzy Hash: 73e746b1fb6ca8317243d738917c0d28d029953f2b291b5f208a7986014704dc
Instruction Fuzzy Hash: A1E13F34A00209DFCB08EF64D49599DBBB2FF88310F518569E8026B365DF34ED46DB91

Function 00F77469 Relevance: 3.9, Strings: 3, Instructions: 196
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tefq, xrefs: 00F775A7
XXfq, xrefs: 00F77563
XXfq, xrefs: 00F775C2

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: Tefq$XXfq$XXfq
API String ID: 0-1763066833
Opcode ID: 0c3896e4a1d5815ca8e1bf6e5ea10576068f92adf5cfd78aa0522651449167d9
Instruction ID: 0f485925a9046528bd745c90273195d7c998d8930cedc55eb4e2d00ecab99d89
Opcode Fuzzy Hash: 0c3896e4a1d5815ca8e1bf6e5ea10576068f92adf5cfd78aa0522651449167d9
Instruction Fuzzy Hash: 5661D431B283458FD711EB78C850B6ABBE2AF84314F29C46AD40ECB351EA31DC42E742

Function 00F71357 Relevance: 3.9, Strings: 3, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

TJkq, xrefs: 00F71377
Tefq, xrefs: 00F7135F
@, xrefs: 00F7141E

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: @$TJkq$Tefq
API String ID: 0-264410876
Opcode ID: 87f2b50cd0a4d8016cbac2ae3787b87ffb8b940f3cb5cc223f3a337a76b03fa5
Instruction ID: 1f9019efdfe0fccc7bf42c42677b04f2dd59ff75740024323e6a9f919c98f007
Opcode Fuzzy Hash: 87f2b50cd0a4d8016cbac2ae3787b87ffb8b940f3cb5cc223f3a337a76b03fa5
Instruction Fuzzy Hash: 86610575B101148FDB44DFA8D858B6EBBF2BF89710F24806AE50ADB3A1CB70DC499B41

Function 00F739D0 Relevance: 3.8, Strings: 3, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

XXfq, xrefs: 00F73A0E
XXfq, xrefs: 00F73A2B
pjq, xrefs: 00F73A3F

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: XXfq$XXfq$pjq
API String ID: 0-2470811495
Opcode ID: 2e616664dd1cb0164f09f46b6101d452e499888bc89682c606d3f4d0af472762
Instruction ID: 9167d4b3a35cbf4ca9553734de8b2a72efe775e0cfa5f6bd01510451484e1164
Opcode Fuzzy Hash: 2e616664dd1cb0164f09f46b6101d452e499888bc89682c606d3f4d0af472762
Instruction Fuzzy Hash: BD21B674B002545FDB44DBB888516BF7BF5AFC935072040AED446D7392DE344D029BA1

Function 00F739E0 Relevance: 3.8, Strings: 3, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

XXfq, xrefs: 00F73A0E
XXfq, xrefs: 00F73A2B
pjq, xrefs: 00F73A3F

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: XXfq$XXfq$pjq
API String ID: 0-2470811495
Opcode ID: e1903fbcb74ed3281bc8e555140ec3baad14365754aca2cdde55d28cc140b846
Instruction ID: 6b42542c9ec92003643ef321eadad9f75091b34e65904609f2982847c3437f7c
Opcode Fuzzy Hash: e1903fbcb74ed3281bc8e555140ec3baad14365754aca2cdde55d28cc140b846
Instruction Fuzzy Hash: 7F218E70B002188FCB44EBBD88516AF7BF6EFCC350B204069D50AE7395EE348D029BA1

Function 05532020 Relevance: 3.3, Strings: 2, Instructions: 777COMMON

Download Yara Rule

Strings

4'fq, xrefs: 055329F9
4'fq, xrefs: 055329E9

Memory Dump Source

Source File: 00000000.00000002.1688727764.0000000005530000.00000040.00000800.00020000.00000000.sdmp, Offset: 05530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5530000_x.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq
API String ID: 0-751858264
Opcode ID: ebfcc5caa5faaf4ca8de2ff80e55bc554cae69e78ee58dc50c9b755173be735b
Instruction ID: bf05d36add53b24f949ccf359c2608b9856e51823317475a12c232bae7bc9fa6
Opcode Fuzzy Hash: ebfcc5caa5faaf4ca8de2ff80e55bc554cae69e78ee58dc50c9b755173be735b
Instruction Fuzzy Hash: 10724E78E04609CFDB19DFE8D896AAEBBB2FF45300F108056E51AAB291CB345D45CF91

Function 0562C2A8 Relevance: 3.0, Strings: 2, Instructions: 520
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 0562C633
$fq, xrefs: 0562C623

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: 95f18171dc27479e0cfda3cd8e1b887d8f3af669f40b70eacc82850019b03e6f
Instruction ID: 748734b0220d87a495d0b8ad22dfac2e676445f708dbea60107529201f79c522
Opcode Fuzzy Hash: 95f18171dc27479e0cfda3cd8e1b887d8f3af669f40b70eacc82850019b03e6f
Instruction Fuzzy Hash: D3228E30E00A699FDB19DFA5D854AADBBB2FF48300F148559E802AB394DB34DE46DF50

Function 05532D60 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'fq, xrefs: 055331F6
4'fq, xrefs: 05533206

Memory Dump Source

Source File: 00000000.00000002.1688727764.0000000005530000.00000040.00000800.00020000.00000000.sdmp, Offset: 05530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5530000_x.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq
API String ID: 0-751858264
Opcode ID: 3736fa97305f7cbad4d4bc8b2821399795663e058ddab48f1ac79bb4a428d01c
Instruction ID: 021a00c4ca07be1b976cb5b2802a5f3f95b058d47a3146ef792d35eda503f083
Opcode Fuzzy Hash: 3736fa97305f7cbad4d4bc8b2821399795663e058ddab48f1ac79bb4a428d01c
Instruction Fuzzy Hash: 5BF1D638E05208DFCF18DFA4E58A6ACBBB2FF49315F60446AE40AAB350DB355985DF40

Function 00F77D41 Relevance: 2.9, Strings: 2, Instructions: 360COMMON

Download Yara Rule

Strings

Tefq, xrefs: 00F78028
8kq, xrefs: 00F7803B

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 8kq$Tefq
API String ID: 0-267861573
Opcode ID: 586b37795e378643dcfb78b0472d47ba053e9d2dfa011fd002e958c56c025b6c
Instruction ID: f334e7c7345a2283c10b990d72bca4ea1bf56c49762326f056ae5d82fda22399
Opcode Fuzzy Hash: 586b37795e378643dcfb78b0472d47ba053e9d2dfa011fd002e958c56c025b6c
Instruction Fuzzy Hash: E9E18275614204DFDB14DF69D984BAABBB2FF48310F1484AAE406DB3A5CB31DC42EB52

Function 05532A38 Relevance: 2.7, Strings: 2, Instructions: 231COMMON

Download Yara Rule

Strings

4'fq, xrefs: 05532D18
4'fq, xrefs: 05532D28

Memory Dump Source

Source File: 00000000.00000002.1688727764.0000000005530000.00000040.00000800.00020000.00000000.sdmp, Offset: 05530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5530000_x.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq
API String ID: 0-751858264
Opcode ID: 84ab12e5a093a59adddb600ecdac9915b0831c75545e582eebe70fd2f05a39f9
Instruction ID: 07c54fae5f246beeace6ba4b710e68acff556990ad36120e1f8b45811c851235
Opcode Fuzzy Hash: 84ab12e5a093a59adddb600ecdac9915b0831c75545e582eebe70fd2f05a39f9
Instruction Fuzzy Hash: C2A1F778E00619DFCB18DFA8D49A6EDBBB2FF48301F508429E80667390CB755946DF94

Function 00F7B930 Relevance: 2.7, Strings: 2, Instructions: 205COMMON

Download Yara Rule

Strings

Tefq, xrefs: 00F7B953
8kq, xrefs: 00F7B968

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 8kq$Tefq
API String ID: 0-267861573
Opcode ID: 1aeef771d723f235e50e055928624118d332afd9a00691e8acc2c22c2148f74a
Instruction ID: 66e9978eddcb747c9e986239a99b563ed0a3af75b4802f586c711d0280b73fdd
Opcode Fuzzy Hash: 1aeef771d723f235e50e055928624118d332afd9a00691e8acc2c22c2148f74a
Instruction Fuzzy Hash: A9815D35A14108CFDB00DF68C884BADB7F2EF89311F21C166E91A9B365D735ED41AB52

Function 00F7B920 Relevance: 2.7, Strings: 2, Instructions: 203COMMON

Download Yara Rule

Strings

Tefq, xrefs: 00F7B953
8kq, xrefs: 00F7B968

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 8kq$Tefq
API String ID: 0-267861573
Opcode ID: 1ccccfa1e23a0eb5b62bae1ec3addf3ab108115724398409af29d4d1680f2b57
Instruction ID: c5e895e8d2fc75c3331b3c938ea803fac21830846d622bbdc1566633fe326b76
Opcode Fuzzy Hash: 1ccccfa1e23a0eb5b62bae1ec3addf3ab108115724398409af29d4d1680f2b57
Instruction Fuzzy Hash: A2816D35A14108CFDB10DF68C884BADB7F1EF8A310F25C16AE91A9B365C735ED41AB52

Function 00F76910 Relevance: 2.7, Strings: 2, Instructions: 183COMMON

Download Yara Rule

Strings

d%lq, xrefs: 00F769FA
d%lq, xrefs: 00F76AB3

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: d%lq$d%lq
API String ID: 0-2326878299
Opcode ID: cc09a5c5dc9693dd5858282c8e080a78b6445f46589dc5da1775e61d7f85a6d3
Instruction ID: 3ebc0c43a63802f5de6fea1e791a2e948b5409b9a97dd50747640380ffc2784c
Opcode Fuzzy Hash: cc09a5c5dc9693dd5858282c8e080a78b6445f46589dc5da1775e61d7f85a6d3
Instruction Fuzzy Hash: 4E51B170B04614DFDB04DB68C8507AE7BB2FF88700F20846AE50AEB3A5DE759D45A792

Function 0562DEA9 Relevance: 2.7, Strings: 2, Instructions: 183COMMON

Download Yara Rule

Strings

(jq, xrefs: 0562DFCC
(jq, xrefs: 0562E023

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: (jq$(jq
API String ID: 0-2294966697
Opcode ID: 598f0164e777120c7240185fcb2d3a5c7045f277f7a758746fa8f83d3e009354
Instruction ID: 51ec21039ef8ebd20a4d883506f7d225b6d0bff23212608a03363bd6c26cb8ee
Opcode Fuzzy Hash: 598f0164e777120c7240185fcb2d3a5c7045f277f7a758746fa8f83d3e009354
Instruction Fuzzy Hash: 1251CA327146158FCB199F68D885AAE3BA6FF88310F148169E8068B792CF35DD42DB91

Function 00F76920 Relevance: 2.7, Strings: 2, Instructions: 182COMMON

Download Yara Rule

Strings

d%lq, xrefs: 00F769FA
d%lq, xrefs: 00F76AB3

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: d%lq$d%lq
API String ID: 0-2326878299
Opcode ID: db3c84ab2d9e8ac9849a1474341b47b79fff5a34c0727875ffd6aa589741d04e
Instruction ID: d0ac07aba99b23a97c2f7e7b7ab992dd28d68adedd3610b94e558aca339709f1
Opcode Fuzzy Hash: db3c84ab2d9e8ac9849a1474341b47b79fff5a34c0727875ffd6aa589741d04e
Instruction Fuzzy Hash: 9751A170B04615DBDB04DB68C8507AE76B6FF88700F20C46AE50AEB3A4DE75DC80A792

Function 0572F9A8 Relevance: 2.7, Strings: 2, Instructions: 177COMMON

Download Yara Rule

Strings

(jq, xrefs: 0572FAAE
Hjq, xrefs: 0572FB3D

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: (jq$Hjq
API String ID: 0-2151573235
Opcode ID: 77635a84c089325d40f04f3da5a87ea4ff72d11e9f50fc9a49417f0466933f50
Instruction ID: be381c7a2cb298276fe54796cf39b1aa8f569b89b87b96e3fe34c3fcde3b3a75
Opcode Fuzzy Hash: 77635a84c089325d40f04f3da5a87ea4ff72d11e9f50fc9a49417f0466933f50
Instruction Fuzzy Hash: 105188307002508FCB59AF38C895A6E7BB6FF89310B5044ADE9069B3A1CF35ED06DB95

Function 0562918B Relevance: 2.7, Strings: 2, Instructions: 170COMMON

Download Yara Rule

Strings

', xrefs: 0562953B
, xrefs: 0562920F

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: $'
API String ID: 0-2481900351
Opcode ID: f9c9153c9d330031746782262d6a3bf2aa29c718ad263900aa6bdff6ab21e038
Instruction ID: 58d2dfa5e3a086e780f59152a6b181c1606c085f35fec5ca587c564033abf7fc
Opcode Fuzzy Hash: f9c9153c9d330031746782262d6a3bf2aa29c718ad263900aa6bdff6ab21e038
Instruction Fuzzy Hash: DB71E874A0561DCFDB10CFAAD888AEDBBF1FB89304F108159E819AB355C7389885CF54

Function 05629262 Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

', xrefs: 0562953B
, xrefs: 0562920F

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: $'
API String ID: 0-2481900351
Opcode ID: ac110d3b0a9154014b33794f48a4ddd6c954edd3c3e1c5be3e44242b745b10d7
Instruction ID: 3938e23e72429716a03963ff7d48760e569ae6e8e90e50669828014db5451141
Opcode Fuzzy Hash: ac110d3b0a9154014b33794f48a4ddd6c954edd3c3e1c5be3e44242b745b10d7
Instruction Fuzzy Hash: 1571E774A0561DCFDB10CFAAD888AEDBBF2FB89300F108159E819AB355C7389885CF54

Function 056294B8 Relevance: 2.6, Strings: 2, Instructions: 105COMMON

Download Yara Rule

Strings

', xrefs: 0562953B
, xrefs: 0562920F

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: $'
API String ID: 0-2481900351
Opcode ID: 4db3146b1e7f5e6e2bf70b930605e85fce586b95c00df4456587f67f7e92d3a6
Instruction ID: ab4a420c3a44d169ec36f458e0fccf80c41ea773eb63c08ac986ea25e0a7f56d
Opcode Fuzzy Hash: 4db3146b1e7f5e6e2bf70b930605e85fce586b95c00df4456587f67f7e92d3a6
Instruction Fuzzy Hash: 4241F974905619CFDB10CFAAC888AEDBBF1FF4A304F108199E40AAB395C7389985DF54

Function 00F79FF9 Relevance: 2.6, Strings: 2, Instructions: 83COMMON

Download Yara Rule

Strings

4'fq, xrefs: 00F7A090
kq, xrefs: 00F7A01B

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 4'fq$kq
API String ID: 0-482685873
Opcode ID: c5aa3235c7f200913d710e644163b4b2655a1052c929d6470745ed7b4060ce6e
Instruction ID: ee7a666085d8a4cc8aa45eec6ab739229056cf9f880b3e41e5053d903e759400
Opcode Fuzzy Hash: c5aa3235c7f200913d710e644163b4b2655a1052c929d6470745ed7b4060ce6e
Instruction Fuzzy Hash: 8C2123313443006FEB2896784C50B7F3A6BABC9750F34846EA60A9B3D5CD76DC83A352

Function 00F7A008 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

4'fq, xrefs: 00F7A090
kq, xrefs: 00F7A01B

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 4'fq$kq
API String ID: 0-482685873
Opcode ID: f11397542fe8fe45a35b45ad34863033c1b9369dfbd07da7a5daad08da53cbff
Instruction ID: 3598112b15654026d3a1ae932e73a1c62e985f48a8a9034587ef9ffd2acc9b70
Opcode Fuzzy Hash: f11397542fe8fe45a35b45ad34863033c1b9369dfbd07da7a5daad08da53cbff
Instruction Fuzzy Hash: 6C212431300304ABD72896788C51B2F7A6BABC9750F30842EA2099F3D5CD76DC83A392

Function 0562AFDB Relevance: 2.6, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

$fq, xrefs: 0562B0EE
$fq, xrefs: 0562B0D8

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: 7551851246c796ce7c057d1f3fdfcadfc9acb6dbcac189a5070f11a641f3ed2a
Instruction ID: 936175f2091d1e7c08505167be886f7d752f43a1427213e2d354c30e0013be9a
Opcode Fuzzy Hash: 7551851246c796ce7c057d1f3fdfcadfc9acb6dbcac189a5070f11a641f3ed2a
Instruction Fuzzy Hash: 5F310374B006288FCB25DF69C845B9EB7B2BB89200F5081EAD55DAB255CB315E82CF42

Function 00F7F640 Relevance: 2.6, Strings: 2, Instructions: 54COMMON

Download Yara Rule

Strings

p<fq, xrefs: 00F7F6A0
p<fq, xrefs: 00F7F6AC

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: p<fq$p<fq
API String ID: 0-2323287765
Opcode ID: be9c6f0554e416a124b6235dc7933621aa661d8c2757479b70f0826e23179953
Instruction ID: e2513349e600016ec71fbb95c529ef26cb9e0415ac4cfb9487f31f23c2cf76a9
Opcode Fuzzy Hash: be9c6f0554e416a124b6235dc7933621aa661d8c2757479b70f0826e23179953
Instruction Fuzzy Hash: 63115271B002189FC714DE69CC45F5BBBB5FF84710F20806AF6099B3A4DA71EC019791

Function 05627614 Relevance: 2.5, Strings: 2, Instructions: 47COMMON

Download Yara Rule

Strings

0, xrefs: 056278D5
*, xrefs: 0562761F

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: *$0
API String ID: 0-497732398
Opcode ID: 0280f7d80ce1c9a8f337cf6058d0412eff5b5e1ff14cc873556c10b499c9edb3
Instruction ID: aea085aa82ce10ab3c626435f3b325fe8674eea1f9f36933b12674a32d2982cf
Opcode Fuzzy Hash: 0280f7d80ce1c9a8f337cf6058d0412eff5b5e1ff14cc873556c10b499c9edb3
Instruction Fuzzy Hash: C511F570902628DFDB50CF58D989FAEBBF2FB05305F104569E809A7340C7749989CF40

Function 00F7CA50 Relevance: 2.5, Strings: 2, Instructions: 42COMMON

Download Yara Rule

Strings

4'fq, xrefs: 00F7CAB5
4'fq, xrefs: 00F7CAA9

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq
API String ID: 0-751858264
Opcode ID: 33099161b7182d2c73cce5d266bc3dae62d2a393a90c3f68baa7d2d1e856d53f
Instruction ID: 775dc31898213dca7e737dd8d72b0b3f7d9660270048fe4ac8c4574ea37ef2e1
Opcode Fuzzy Hash: 33099161b7182d2c73cce5d266bc3dae62d2a393a90c3f68baa7d2d1e856d53f
Instruction Fuzzy Hash: 41F0A4347002085FE704EB78C855A6B3AD6EF44320F1580AAE60DCB3A0EE31DC409792

Function 04EA1039 Relevance: 2.5, Strings: 2, Instructions: 37COMMON

Download Yara Rule

Strings

XRkq, xrefs: 04EA1088
XRkq, xrefs: 04EA107C

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID: XRkq$XRkq
API String ID: 0-2240045713
Opcode ID: 7ebf1c48e55c297ca629d4a9cd8dab53863a4eed0227bb6586ec1ac627ca09a7
Instruction ID: c6aeca8f5bca743d52bc34ed0c21064ee6788c41aacb69f92504679eb555e139
Opcode Fuzzy Hash: 7ebf1c48e55c297ca629d4a9cd8dab53863a4eed0227bb6586ec1ac627ca09a7
Instruction Fuzzy Hash: BBF097617092881FD700527D3CE01B3B75AEFC7240B28806AE204CB18AEC212C039361

Function 00F7D10E Relevance: 2.5, Strings: 2, Instructions: 36COMMON

Download Yara Rule

Strings

$fq, xrefs: 00F7D166
$fq, xrefs: 00F7D172

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: bb713d6cbff6b87cd90d7efbf52a3db6ded650bf356046237e47b6a22ee02c0a
Instruction ID: 6a9ef9500392749548fa31562f14d60a1811008c17b525d2b6a772ed9158e50d
Opcode Fuzzy Hash: bb713d6cbff6b87cd90d7efbf52a3db6ded650bf356046237e47b6a22ee02c0a
Instruction Fuzzy Hash: CAF050A0B0414417E718653D6C1036B26A7AFC6330F64C16B6504972DBCD548C82A397

Function 04EA0D67 Relevance: 2.5, Strings: 2, Instructions: 30COMMON

Download Yara Rule

Strings

$fq, xrefs: 04EA0DA8
$fq, xrefs: 04EA0D9C

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: cbe3706cbde4a2d2894b1c26f6ff356d456dd8f4861d3089364885bd7b3c3f4b
Instruction ID: 597380395907bafc5977ddcadece3aebb40a992cd974aa930fd3c5f7b94bfb75
Opcode Fuzzy Hash: cbe3706cbde4a2d2894b1c26f6ff356d456dd8f4861d3089364885bd7b3c3f4b
Instruction Fuzzy Hash: 3AE0D83270110867E71C587A7C806B7569FAFC5250714903AB248C728ADD246C8211A2

Function 0562AF39 Relevance: 2.5, Strings: 2, Instructions: 29COMMON

Download Yara Rule

Strings

*, xrefs: 0562AF6D
-, xrefs: 0562AF89

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: *$-
API String ID: 0-2125244407
Opcode ID: bc88718c70547125b831fcf4f96e65951f08d65d439a522db63904323dcbafcb
Instruction ID: 03e4b37700c81ac3d39aa76722d5eadbf745a05826fc330528358722750de423
Opcode Fuzzy Hash: bc88718c70547125b831fcf4f96e65951f08d65d439a522db63904323dcbafcb
Instruction Fuzzy Hash: 66F0F9B090D6A8CFDB10DF98D858BE97BB2FB0A305F04519AE409A7256C7B85846CF15

Function 00F7D520 Relevance: 2.5, Strings: 2, Instructions: 28COMMON

Download Yara Rule

Strings

XXfq, xrefs: 00F7DAFE
XXfq, xrefs: 00F7DAF2

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: XXfq$XXfq
API String ID: 0-3450528770
Opcode ID: 219afdcc4274532a4e8f9f44224afbb005a3830d49bdc824b10f8144941718af
Instruction ID: ab8e5f0b5f22239cd3afe2edffe3cd750d5a4ba9c926abe1084127ce28156ae1
Opcode Fuzzy Hash: 219afdcc4274532a4e8f9f44224afbb005a3830d49bdc824b10f8144941718af
Instruction Fuzzy Hash: 82E0D831B1411822D754207D1C41777006AAFC1760F75C03F720AD7288CD648C417297

Function 056259D8 Relevance: 2.5, Strings: 2, Instructions: 21COMMON

Download Yara Rule

Strings

", xrefs: 05625ABC
X, xrefs: 056256DC

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: "$X
API String ID: 0-1355838460
Opcode ID: 16c8177cd9da1011ae8d2912e7117af83d8ccc798836e785203946dd680aa8ad
Instruction ID: 4ab50b983bb6bda57c2afc34b7089952c2c67a62e3cb9f173cf81c66a26aa793
Opcode Fuzzy Hash: 16c8177cd9da1011ae8d2912e7117af83d8ccc798836e785203946dd680aa8ad
Instruction Fuzzy Hash: A3F092B0543A29CBD720EF54E889FAE77B2F756301F00915AE1076B245DB345885DFD2

Function 00F7CF9F Relevance: 2.5, Strings: 2, Instructions: 20COMMON

Download Yara Rule

Strings

8jq, xrefs: 00F7CFD0
8jq, xrefs: 00F7CFC4

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 8jq$8jq
API String ID: 0-1058786792
Opcode ID: f406201aef46fb70edac6cbae0004a5c276dd81ec90a95b41e26b818dc5e61c0
Instruction ID: cad3bfcb7ff3f99f2014d965a751c8e7be062e1740d092dd4c66f2d8b75aff11
Opcode Fuzzy Hash: f406201aef46fb70edac6cbae0004a5c276dd81ec90a95b41e26b818dc5e61c0
Instruction Fuzzy Hash: 7DE0C269A0828B8BDF2646302CB06F16B525B91200B59C1AFD509865C2FF28CD46F3A3

Function 05732BE0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,jq, xrefs: 05732F5B

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: ,jq
API String ID: 0-1538246120
Opcode ID: dc0513d9893fcd82a6b139badb566997cf7a655d5c8ba2b898596176eaf368d7
Instruction ID: 5dfbf945347fd59803ce159777082fd64002a926993e3562373ae597e4498558
Opcode Fuzzy Hash: dc0513d9893fcd82a6b139badb566997cf7a655d5c8ba2b898596176eaf368d7
Instruction Fuzzy Hash: A6521D75A002288FDB68CF68C985BEDBBF2BF88310F1541D9E509A7351DA309E81DF61

Function 0562CEA0 Relevance: 1.8, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

(_fq, xrefs: 0562D130

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: (_fq
API String ID: 0-931642571
Opcode ID: 6532270bbb308fa6582d7595badb8ac0ed010f52ea88b31e1c82b4a950d5821f
Instruction ID: 6d9e0377950767c9e9f135ecb47207dcc8f7593ebe2a9df4ea9a9446bd43e8fa
Opcode Fuzzy Hash: 6532270bbb308fa6582d7595badb8ac0ed010f52ea88b31e1c82b4a950d5821f
Instruction Fuzzy Hash: 47226A35B006149FDB04DFA9D894AADBBF6FF88310F148069E905AB391DB75ED42CB90

Function 059F87FE Relevance: 1.8, APIs: 1, Instructions: 266processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 059F8A6F

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 6e624ecb882607bce18686d958cf5b6921df08eb3d9c8fecc2265d7dac99eb5e
Instruction ID: f3fdff0b8b9556ab225383c417ff81a662de6a7fa0e52eabb464a8a1b05cce58
Opcode Fuzzy Hash: 6e624ecb882607bce18686d958cf5b6921df08eb3d9c8fecc2265d7dac99eb5e
Instruction Fuzzy Hash: C5A111B1D002198FDF60CFA9C885BEEBBF1FB09310F149169E859A7240DB748985CF55

Function 059F8808 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 059F8A6F

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 75e715f9222a7f61c3fb47734faf0a6fb0d86cc065b76283fc9c508e11c39760
Instruction ID: de1acdac71c7419bf1ba8933622f8bd719a3398a0609e24b2d6f7321918f4185
Opcode Fuzzy Hash: 75e715f9222a7f61c3fb47734faf0a6fb0d86cc065b76283fc9c508e11c39760
Instruction Fuzzy Hash: 7FA100B1D042199FDF60CFA9C885BEEBBF1BF09310F10916AE859A7280DB748985CF55

Function 04E31CF0 Relevance: 1.7, Strings: 1, Instructions: 453COMMON

Download Yara Rule

Strings

TJkq, xrefs: 04E32640

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID: TJkq
API String ID: 0-3106782265
Opcode ID: aeb57db8446587d25b1e41ae880e4df58c4d0fd89e0a73c7be1f29911f2b01ba
Instruction ID: 5d474856f68c91545798dca4c5b014426b0dc501630593f2424e395fd71f51b3
Opcode Fuzzy Hash: aeb57db8446587d25b1e41ae880e4df58c4d0fd89e0a73c7be1f29911f2b01ba
Instruction Fuzzy Hash: D6127D74B00101CFC716CF54D6989A9FBB2FF44302B15D6EAE65AAB249D735EC81CB82

Function 05705E6D Relevance: 1.7, APIs: 1, Instructions: 158fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 05705FBC

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ef044f700b53c2045e70c437429c7d0789fc2d0b9229cad1740cd4e4217f8d1e
Instruction ID: ed502572b9690cd313e05e23d78bd13fd9a74ad469056cfbef78f2e3823d645c
Opcode Fuzzy Hash: ef044f700b53c2045e70c437429c7d0789fc2d0b9229cad1740cd4e4217f8d1e
Instruction Fuzzy Hash: D051E0B4D04219DFDF20CFA9D985AAEBBF1BF09310F20A02AE815B7280D7749845DF54

Function 057062C5 Relevance: 1.7, APIs: 1, Instructions: 154COMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 05706406

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 6999563249151e3ec2dd267de4906150d580b8d1b94c620d11a7e675bf487ce8
Instruction ID: 24d607c0fab9e0d7f73318d4721aa41873413c9a3466d43303ff37d3665eeb85
Opcode Fuzzy Hash: 6999563249151e3ec2dd267de4906150d580b8d1b94c620d11a7e675bf487ce8
Instruction Fuzzy Hash: BB51E2B4D04208DFDF10CFA9C995AADBBF1BF09310F10A129E815B7284DB749995DF84

Function 05705E78 Relevance: 1.7, APIs: 1, Instructions: 153fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 05705FBC

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7bd78eae7180f4bacc4e3ca3c0799a9d5d9f4d0cdf1ee9bd0c3b35f96d8ebe53
Instruction ID: 895b99df40a26e76a49eb969ec3de9b99a25262ae560623795a5c8ee161ce89a
Opcode Fuzzy Hash: 7bd78eae7180f4bacc4e3ca3c0799a9d5d9f4d0cdf1ee9bd0c3b35f96d8ebe53
Instruction Fuzzy Hash: E351C1B4D04219DFDF20CFA9D985AAEBBF1BF09310F20A02AE815B7290D7749845DF54

Function 057062D0 Relevance: 1.6, APIs: 1, Instructions: 146COMMON

Download Yara Rule

APIs

CreateFileMappingA.KERNEL32(?,?,?,?,?,?), ref: 05706406

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 4d14b695d25a293a062ee7a23fa3ab654e5cac2e569664b981d89916a496f4f2
Instruction ID: b0a5fce98d7760fe88df98461e5f94d3e46036ec4c766ca625ea51955f75d72b
Opcode Fuzzy Hash: 4d14b695d25a293a062ee7a23fa3ab654e5cac2e569664b981d89916a496f4f2
Instruction Fuzzy Hash: B951D3B4D04218DFDF10CFA9C995AAEBBF1BF09310F10A029E815B7280D7749995DF95

Function 059FB498 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 059FB573

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 27efd285048eb1c2dcbae405b01770233baca7b8feaa6468558a7536dd241cd7
Instruction ID: 8ffe109e2f5947913012cc758f2676e4828efea35fb58c908717bea644da2078
Opcode Fuzzy Hash: 27efd285048eb1c2dcbae405b01770233baca7b8feaa6468558a7536dd241cd7
Instruction Fuzzy Hash: 6641ABB5D012589FCF10CFA9D980AEEFBF1BB49310F24942AE419B7210C739AA41CF54

Function 059FB4A0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 059FB573

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 9f10ae8c80cb68bf04fb028738c63c95c140a63482b79dad25294238076762fc
Instruction ID: 1edc472a80f3e65e71296037a1d0dad1a777b671ce4a60bba49237ae2ab09e8b
Opcode Fuzzy Hash: 9f10ae8c80cb68bf04fb028738c63c95c140a63482b79dad25294238076762fc
Instruction Fuzzy Hash: B441AAB5D012589FCF10CFA9D980AEEFBF1BB49310F20902AE419B7210C739AA41CF54

Function 059FB1C8 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 059FB27A

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2b193bd134c8dbf74d8985553e6e4e01290f66e0650d8ec6c2946b0db8aee806
Instruction ID: 25679cbb19db5c64f237a602f3bba117fce2d2c22ff47e1741c0b5fe67c3519e
Opcode Fuzzy Hash: 2b193bd134c8dbf74d8985553e6e4e01290f66e0650d8ec6c2946b0db8aee806
Instruction Fuzzy Hash: AB3199B9D00258DBCF10CFA9D981ADEBBB5BB59320F10A42AE815B7310D735A901CF64

Function 05706680 Relevance: 1.6, APIs: 1, Instructions: 102fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 05706732

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 69cd34434ba69199ae42500764d69c62fc6ef7721b944fd61bcaca86810f604b
Instruction ID: 9e8126f1358ac3e74b61c91282667cd62d05f2bab7ef860be56b8cb57cf7f83f
Opcode Fuzzy Hash: 69cd34434ba69199ae42500764d69c62fc6ef7721b944fd61bcaca86810f604b
Instruction Fuzzy Hash: 163198B9D00258DFCF10CFA9D980AAEFBB1BB59320F10A42AE825B7350D735A941DF55

Function 05706688 Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 05706732

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 911e9c1a786ae710be810db268eb0699810255065e8bb7331908d23f9814a73f
Instruction ID: ce14294348cdcfa61a74dda02640c666f8fc990c7d0b2c8a74382c8828cb45c7
Opcode Fuzzy Hash: 911e9c1a786ae710be810db268eb0699810255065e8bb7331908d23f9814a73f
Instruction Fuzzy Hash: F23196B8D00258DFCF10CFA9D980AAEBBB5BB59320F10A42AE815B7210D735A901DF54

Function 059FB1D0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 059FB27A

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 19fe37c3515e9840dd49c71363563091304aaf44db4836d82ed4a6417301bab3
Instruction ID: 9ee1ff8541c817fb3b3f286b864bb69fe61fa7b2d48e98f545793a19476a3c73
Opcode Fuzzy Hash: 19fe37c3515e9840dd49c71363563091304aaf44db4836d82ed4a6417301bab3
Instruction Fuzzy Hash: ED3178B5D002589BCF10CFA9D980ADEBBB5BB59320F10942AE919B7210D735A941CF54

Function 05706A80 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05706B2C

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f2ea3688bd5784c5975cf2e31c4a7c29b5d7ec26b3ba80c279d195ab5965d812
Instruction ID: 018a64a5f0d99cc9cdd2710f66b1431e3d17547df1b77276127735176cab147d
Opcode Fuzzy Hash: f2ea3688bd5784c5975cf2e31c4a7c29b5d7ec26b3ba80c279d195ab5965d812
Instruction Fuzzy Hash: 7231C8B9D00248DFCB10CFA9D580AEEFBF1AF49320F24A42AE814B7210C735A945CF54

Function 05705833 Relevance: 1.6, APIs: 1, Instructions: 99COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,?,?,?), ref: 057058DC

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 87a01345c7bae77a2afd9702e9d98644f9ebd3b87f5253b4756c9e9d4f42bd59
Instruction ID: bfec50c0f239130ccea3405924b0634fb9847b67555133221867567486803fb6
Opcode Fuzzy Hash: 87a01345c7bae77a2afd9702e9d98644f9ebd3b87f5253b4756c9e9d4f42bd59
Instruction Fuzzy Hash: 9031B8B5D00258DFCF10CFA9D884AAEFBF1BB59320F24902AE815B7250C735A945DF54

Function 05705838 Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,?,?,?), ref: 057058DC

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 2cef5e5aa1bb37401d26a52e3d605d87ea66737a773673c80c7c5969f2bdab4c
Instruction ID: cae9299211d4822e934ff552adb9722e4679b82f01be4999abf3c5aeb7863c42
Opcode Fuzzy Hash: 2cef5e5aa1bb37401d26a52e3d605d87ea66737a773673c80c7c5969f2bdab4c
Instruction Fuzzy Hash: 4E31B8B4D00258DFCF10CFA9D884AAEFBF1BB59320F24902AE815B7250C735A945DF54

Function 05706A88 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05706B2C

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c88b3c444ba34f3f79ca4117d31668e14fcd02c2213dd64c6fc408bfe2245b7a
Instruction ID: 89d164f8ee5cacebaffc1a08c5152e3f00477a9fdcaa220f9457d9dcf8e31fab
Opcode Fuzzy Hash: c88b3c444ba34f3f79ca4117d31668e14fcd02c2213dd64c6fc408bfe2245b7a
Instruction Fuzzy Hash: 7F31B8B5D00258DFCB10CFAAD980AEEFBF1BB59320F24A02AE815B7250C775A945DF54

Function 0576D9A8 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0576DA4C

Memory Dump Source

Source File: 00000000.00000002.1689997903.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5760000_x.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a183f48da87e19f337c0a699c704031988c3c800adb9294520103d79ab2610f9
Instruction ID: 6d89a93c008cf087449af31a1505efd22e9381e469eb6a59661a7ebde3a7ff78
Opcode Fuzzy Hash: a183f48da87e19f337c0a699c704031988c3c800adb9294520103d79ab2610f9
Instruction Fuzzy Hash: 1931A9B8D042489FCF10CFA9D980AAEFBB1BF49310F24942AE815B7310D735A945CF54

Function 059FAB78 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 059FAC27

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 137380b68768248ebdfdac1f2e913baadc517a59860eed98887f9f05f464b0d3
Instruction ID: 8e7a2376d5f56fa9ac57ef34175d7c67495eb37343c1b2e8f1b02da4b790e323
Opcode Fuzzy Hash: 137380b68768248ebdfdac1f2e913baadc517a59860eed98887f9f05f464b0d3
Instruction Fuzzy Hash: DF31BBB4D002589FCB10CFAAD985AEEFBF5BF48314F24802AE419B7250D779A945CF54

Function 059FAB70 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 059FAC27

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: eec958d2d7cd9fc8d789425457e9c982d218a70b05199ad9342f4c88242767fc
Instruction ID: e0eb31ff6811bea2d8b246c709b8873e8511ec695caa8af64440549bc91e41d1
Opcode Fuzzy Hash: eec958d2d7cd9fc8d789425457e9c982d218a70b05199ad9342f4c88242767fc
Instruction Fuzzy Hash: 7C41CAB4D002589FCB10CFA9D985AEEBBF1BF48314F24842AE419BB210D738A945CF54

Function 05626DA0 Relevance: 1.5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

Strings

", xrefs: 05626DF9

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: dd17e4e4afde8bb6673443ca8a17fb385434e55ffeac9ac05782e20460b5d3ef
Instruction ID: 034f7c81b99bc1ce75f030d967d3885f314c1552ab40ecf401a2b9848de9ff2c
Opcode Fuzzy Hash: dd17e4e4afde8bb6673443ca8a17fb385434e55ffeac9ac05782e20460b5d3ef
Instruction Fuzzy Hash: C2C1E4B4D09A28CBDB00CFAAD444BEEBBF2FB59304F14A05AD415BB241DB745889CF65

Function 05736870 Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

(jq, xrefs: 05736B24

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: (jq
API String ID: 0-3225323518
Opcode ID: 740bdd2f6c9b5416e709faa90354f985cd2051bb27c7ea238a579130889a1aa0
Instruction ID: 20c8486d1e323aafd5cd31c3b2468792e1534c387efac4612586fcee78f78f00
Opcode Fuzzy Hash: 740bdd2f6c9b5416e709faa90354f985cd2051bb27c7ea238a579130889a1aa0
Instruction Fuzzy Hash: B0A1B5317042009FC7199F68D859A6A7FB3FF89310B1580A9E5458F3A6DB36DC42EB50

Function 05626D92 Relevance: 1.5, Strings: 1, Instructions: 268COMMON

Download Yara Rule

Strings

", xrefs: 05626DF9

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 8f0a1a427087947a8632e6750ec7be60f0940636d92c1141b2727bed2fbc07c5
Instruction ID: cbbd64ef401da8eb86e81fc40ceddfe7fae3dacbddc8817f075d975dd47e1c9f
Opcode Fuzzy Hash: 8f0a1a427087947a8632e6750ec7be60f0940636d92c1141b2727bed2fbc07c5
Instruction Fuzzy Hash: FFB1E5B4D09A28CBDB00CFA9D444BEEBBB2FB59304F14A01AD419BB245DB745889CF65

Function 05731CF9 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

4'fq, xrefs: 05731F22

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: 4'fq
API String ID: 0-2007657732
Opcode ID: 142a49202cc78d416aceb0e2c1830ed703ec7173c40d974be8d520560d3644e0
Instruction ID: 407319e87afbc8c30b707187647833cfc544e3e11b852695041f1665eda416cf
Opcode Fuzzy Hash: 142a49202cc78d416aceb0e2c1830ed703ec7173c40d974be8d520560d3644e0
Instruction Fuzzy Hash: C3A1D934B10218DFCB08DFA4D899A9DBBB2FF89321F558159E406AB361DF70AC46DB50

Function 05620997 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

@, xrefs: 05620A4D

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 2f35a0d87f1119698e05b7a2e93a62d7aaaa4fc5df7e4e79bd4e25b52ce77a72
Instruction ID: 7f4cc420101c217823c7fcfcf60f7c64ece7503a86c332c69056d642c741eedf
Opcode Fuzzy Hash: 2f35a0d87f1119698e05b7a2e93a62d7aaaa4fc5df7e4e79bd4e25b52ce77a72
Instruction Fuzzy Hash: 9BB1A174A15228CFEB60DF68D888B99BBB1FB49314F1080DAE54DA7344DB34AE80CF51

Function 0573592A Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

4'fq, xrefs: 057359E2

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: 4'fq
API String ID: 0-2007657732
Opcode ID: 38a34c02b47e35c188e80674ead8b28f0f57b1ba21b7699a21700615cc62c03d
Instruction ID: 3c1f23208b778ee9fd9eb21b76042e65530a00f3f5d469df757d1d5fc4c8eab3
Opcode Fuzzy Hash: 38a34c02b47e35c188e80674ead8b28f0f57b1ba21b7699a21700615cc62c03d
Instruction Fuzzy Hash: 12516F347106148FCB04EB64D499A6EB7F7FF89720B50442AE406AB361DF74AC42EB90

Function 04EAC490 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

TJkq, xrefs: 04EAC5F5

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID: TJkq
API String ID: 0-3106782265
Opcode ID: 0c5a835d62ce05a14a74acf714f364a85e2cf6a634de3ad1988e7603ae574285
Instruction ID: 2b1f5ae6d372c6f0d98f0a4725733302d1308e9e925b50d017568cc1aac4e75f
Opcode Fuzzy Hash: 0c5a835d62ce05a14a74acf714f364a85e2cf6a634de3ad1988e7603ae574285
Instruction Fuzzy Hash: AA711CB4E05208CFDB04EFA8D5456EEBBB2FF89304F209069E419AB348DB386945DF50

Function 04EAC4A0 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

TJkq, xrefs: 04EAC5F5

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID: TJkq
API String ID: 0-3106782265
Opcode ID: 76e31d6aef6d10cd48d1773784c9799ff2ef9fc3cc59daa83fefbffd6467a13f
Instruction ID: 819d65b7034eed6c3771ea130e3731c2a8748f49b410e5bd6a70983771509927
Opcode Fuzzy Hash: 76e31d6aef6d10cd48d1773784c9799ff2ef9fc3cc59daa83fefbffd6467a13f
Instruction Fuzzy Hash: 0D710CB4E05218CFDB04EFA9D4456EEBBB2FF49314F209069E419AB348DB386945DF50

Function 00F70F78 Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

TJkq, xrefs: 00F70FA0

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: TJkq
API String ID: 0-3106782265
Opcode ID: be10328ded298c1b99a322b9f8fb8bd698ef5847882417cde2d88f0ffe266ade
Instruction ID: 41534c27b84c14073e149ebeb07ea7e56e8a7159173097b80946110f57a88680
Opcode Fuzzy Hash: be10328ded298c1b99a322b9f8fb8bd698ef5847882417cde2d88f0ffe266ade
Instruction Fuzzy Hash: 90513C31A041498FDB04DFACD890BAEB7F5FF48300F21C466D50AEB395CA759D85AB52

Function 0572D5A0 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

,jq, xrefs: 0572D603

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: ,jq
API String ID: 0-1538246120
Opcode ID: e757e6588c5fac9e17e497fd9d8b3f1e4ad3f820d15dfda91d443b31c0994cde
Instruction ID: f745336441ad4d276fd2d71cb7fc37846b6b4a2167afda51d1e4922053f79d98
Opcode Fuzzy Hash: e757e6588c5fac9e17e497fd9d8b3f1e4ad3f820d15dfda91d443b31c0994cde
Instruction Fuzzy Hash: AF518E357001148FCB14DF69D894AAEBBE2FF88350F258169E906DB365CB31ED02DBA1

Function 0572C6C8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

(jq, xrefs: 0572C73C

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: (jq
API String ID: 0-3225323518
Opcode ID: 683a8c4781debb48e3622ad90ceb46b4bd1e378895b7759082019eb5b5f0eb75
Instruction ID: c35b888835f435c0b82d03bfbdc03d1f7085c6bb2fbfdfcacb2cd4c074fa6038
Opcode Fuzzy Hash: 683a8c4781debb48e3622ad90ceb46b4bd1e378895b7759082019eb5b5f0eb75
Instruction Fuzzy Hash: 4251C036A042159FCB11DF68C484A6EFBB9FF85320B1585AAE5159B381D730FC52CBD1

Function 00F7C0AD Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

pjq, xrefs: 00F7C0BC

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: pjq
API String ID: 0-551751012
Opcode ID: 99ac27bb6c531d004003379491706c5768da4304d79d1b07fd96cfa9c40416a0
Instruction ID: 921d324e6cc632d4f5d6de5437b6439c3ae92eb7f8e9784b7095a3176ff9847c
Opcode Fuzzy Hash: 99ac27bb6c531d004003379491706c5768da4304d79d1b07fd96cfa9c40416a0
Instruction Fuzzy Hash: 9A41F576600104EFDB05DF94D944E99BBB2FF4C314B1680A8F609AB236C732EC61EB40

Function 0562B6C0 Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

d%lq, xrefs: 0562B725

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: d%lq
API String ID: 0-1171021378
Opcode ID: 0dfc48a99258e939ef3337137e06953d6b45d78cb77021eeb00cccef6292b12b
Instruction ID: 67c7982aaca5049efca5cf46f82f36359c7d4b7bed8464652049a9bf2c8dcb30
Opcode Fuzzy Hash: 0dfc48a99258e939ef3337137e06953d6b45d78cb77021eeb00cccef6292b12b
Instruction Fuzzy Hash: 8E514B74A01628CFEB54EF68CD94BAAB7B2BB48200F5481E9D509E7394DB349E81CF50

Function 0572B762 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

pjq, xrefs: 0572B7B0

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: pjq
API String ID: 0-551751012
Opcode ID: b18dcc6456c28bf63cd39631c405c8fe343f2bd0e3741638f9e764506bb67af7
Instruction ID: f6874354404a04cb9e942e4cb60a1e4c4d571daaad013864a790a9102212271f
Opcode Fuzzy Hash: b18dcc6456c28bf63cd39631c405c8fe343f2bd0e3741638f9e764506bb67af7
Instruction Fuzzy Hash: 9F41D676600100AFCB469FA8D944D6A7FF6FF8C31471A8094E2099B272DA32D861EB50

Function 0572B768 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

pjq, xrefs: 0572B7B0

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: pjq
API String ID: 0-551751012
Opcode ID: 6c87165acdd75cdb902fb685817ad6447b43fe81607b80e2583d1f0c9ec0f9aa
Instruction ID: 0b8ed366b6d61176a876a5af85d6fdcdb8f897b1fdbe0a0c9358e1557ecf07c3
Opcode Fuzzy Hash: 6c87165acdd75cdb902fb685817ad6447b43fe81607b80e2583d1f0c9ec0f9aa
Instruction Fuzzy Hash: 8F41C676600110AFCB469FA9D944D6A7FF7FF8C31471A80D4E2099B276DA32DC61EB50

Function 05730D71 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

4'fq, xrefs: 05730DB9

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: 4'fq
API String ID: 0-2007657732
Opcode ID: 440dbc1dc192770639fd80b99f0d9722c569976e190e698f892ebe6817e497d4
Instruction ID: 589bf64d9803968e3623bc79c7fd5a7d096b2d10043988315c0c67ce7995c977
Opcode Fuzzy Hash: 440dbc1dc192770639fd80b99f0d9722c569976e190e698f892ebe6817e497d4
Instruction Fuzzy Hash: 823193367001049FCB09DFA4D999E6E7BB7FF89321B0540A9E5069B362CE31DC56DB50

Function 0576EAE0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0576EB7F

Memory Dump Source

Source File: 00000000.00000002.1689997903.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5760000_x.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 24ac35425ea6311e9a3f063c26ac83e14403f89a407e77ebc56d68753d084d31
Instruction ID: 76d5dc71e9d8a2984dc2dd95bfcd0ee06c1d2fbadc3520605cb8611923b5ebc9
Opcode Fuzzy Hash: 24ac35425ea6311e9a3f063c26ac83e14403f89a407e77ebc56d68753d084d31
Instruction Fuzzy Hash: C131AAB8D012489FCF10CFA9D980A9EFBB5BF59320F24942AE819B7310D775A945CF94

Function 05735998 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

4'fq, xrefs: 057359E2

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: 4'fq
API String ID: 0-2007657732
Opcode ID: 23f6a5f464479d3c88a03d472882b7230f14919335e6f2951cc634390ea306f4
Instruction ID: 4882824fe12f2df290963481118b05cc77ed9c2b01ec592d8b9a6204bb241da5
Opcode Fuzzy Hash: 23f6a5f464479d3c88a03d472882b7230f14919335e6f2951cc634390ea306f4
Instruction Fuzzy Hash: 7A216770B002185BCB18AB65C89EB6E7BE7AFC9720F544029D107EB396CE745C06E795

Function 00F71503 Relevance: 1.3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

Tefq, xrefs: 00F71503

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: 1c6b95857a0690ae8d7a0c16b543584d65b80e5981d1badb0e897ddbab44c9ee
Instruction ID: 000935d80dcaf82827658c91015fb104c3cdaf66bf8e1e763095bddc2a31aa36
Opcode Fuzzy Hash: 1c6b95857a0690ae8d7a0c16b543584d65b80e5981d1badb0e897ddbab44c9ee
Instruction Fuzzy Hash: C7310775B00104CFDB18DFA8D958BADB7B2BF88714F148066E41ADB3A1CB749C06DB41

Function 05A060DA Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

b, xrefs: 05A0A96D

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: 72f15991d2d9443899dc8a76849d04d69ab1f52acd351711bf163f27eab0c84d
Instruction ID: 51f67a189d1c27b6ab5e29d7eccccaa5c8df2c3a7835b5f16e770ee970568d6e
Opcode Fuzzy Hash: 72f15991d2d9443899dc8a76849d04d69ab1f52acd351711bf163f27eab0c84d
Instruction Fuzzy Hash: D741EEB4911228CFDB64DF18D899BE9BBF1FB48304F0090EAD419A7284DB345EC58F94

Function 0575FA88 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<fq, xrefs: 0575FAC2

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID: p<fq
API String ID: 0-1940909823
Opcode ID: 658f023fdcad308596800126dcfe67a98596f1720128576921255d4b3882df59
Instruction ID: 034bb333f30e6845bb7bc1ff63d5c136f93840aaa6abf5c18ee91b98c7fc6507
Opcode Fuzzy Hash: 658f023fdcad308596800126dcfe67a98596f1720128576921255d4b3882df59
Instruction Fuzzy Hash: 40215E713041949FCB15CF2AC884EAA7BEABF8E310B194095FC55CB3A5CA75DC51EB60

Function 00F75409 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

TJkq, xrefs: 00F75453

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: TJkq
API String ID: 0-3106782265
Opcode ID: 2832963e4270a8dadc3cd73d08d55ff3a191f18bd88d4f18b8be132ca3544b08
Instruction ID: 9c9124f60253ed64d5bcd0bec2d32370878900bfc4943a2b149257da99773ca9
Opcode Fuzzy Hash: 2832963e4270a8dadc3cd73d08d55ff3a191f18bd88d4f18b8be132ca3544b08
Instruction Fuzzy Hash: 001136712086458FD700CF64D860B6E7BB1FF85701F10886BE00B8B3A1CAB49DC1A793

Function 00F75418 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

TJkq, xrefs: 00F75453

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: TJkq
API String ID: 0-3106782265
Opcode ID: 66971af66c61730f02d18fcfd9dac029b0f737e4e01ef33d6cff8c389390a075
Instruction ID: 837437535215616b7c58bba3168403d4d1c4f1c64e6b45018dbe375bbdae07ef
Opcode Fuzzy Hash: 66971af66c61730f02d18fcfd9dac029b0f737e4e01ef33d6cff8c389390a075
Instruction Fuzzy Hash: C51104712089059BD704DF58D864B6E77A5FB98711F10882BE00B8B3A0DBB5ADC1A793

Function 00F7CA20 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

4'fq, xrefs: 00F7CAA9

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 4'fq
API String ID: 0-2007657732
Opcode ID: 0784781f99590cef969bb1ad80a5c2acd8070e5705ca323ab2a28a345eade7ad
Instruction ID: 24008fbd4c8c3398bc5d9e9cd5c52dc0a37b9cab1ef2367af5a9eddfae908c1f
Opcode Fuzzy Hash: 0784781f99590cef969bb1ad80a5c2acd8070e5705ca323ab2a28a345eade7ad
Instruction Fuzzy Hash: D311C8706492446FE701DB388C76A6A3FA0EF46210F0A45DBE59DCB2F2DD25DC09D752

Function 00F7F63F Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

p<fq, xrefs: 00F7F6A0

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: p<fq
API String ID: 0-1940909823
Opcode ID: 325fb9ae6ac7072c744f4ba8df0ad1760185530b3d74200f6bda46ce5512d4b3
Instruction ID: cab27dbecac7ee5317aed50728f814b1b1252dd505ae5558a4be167d32c5632c
Opcode Fuzzy Hash: 325fb9ae6ac7072c744f4ba8df0ad1760185530b3d74200f6bda46ce5512d4b3
Instruction Fuzzy Hash: 0B115E71B002049FC724DA65CC41F6BBBB5EF84710F20816AF509AB3A1CA71EC01CB91

Function 00F7D109 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

$fq, xrefs: 00F7D166

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: $fq
API String ID: 0-12477121
Opcode ID: 47e001f274cd1a153e209c06341cf1fa60f6d42fd6087dd2124e6bd53a32fd2d
Instruction ID: f0f6bc6a89ea84d20238cc9eca89e2034eecbe57383cd92f09df47f5a573c243
Opcode Fuzzy Hash: 47e001f274cd1a153e209c06341cf1fa60f6d42fd6087dd2124e6bd53a32fd2d
Instruction Fuzzy Hash: 82F0E9706052502BE71556396C113AA2BB79FC6320F55C1ABA545DB2DBCD588C83A393

Function 05751F2C Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

V, xrefs: 05753552

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 15d4ed2889334cf73e0df8d53b49c6e8eb8c48e1730859984a3090bb64916809
Instruction ID: af6ea2bdb348275511f898784e5f3ef9acb1ed0678f212b80c5200f733f2ddb8
Opcode Fuzzy Hash: 15d4ed2889334cf73e0df8d53b49c6e8eb8c48e1730859984a3090bb64916809
Instruction Fuzzy Hash: 1F0113B094A22CCBEB61CF54C844BECBAB6BB05326F4001D9D84972280C7B06AC4DF01

Function 00F7DAAF Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

XXfq, xrefs: 00F7DAF2

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: XXfq
API String ID: 0-1509362386
Opcode ID: 4a2aaee398882cee7f3d269ba22eaf464410cd549d52537a1aaca5aba4b9369d
Instruction ID: e5deffaeb3f5ebaa2a5c62a62174c37f95155f094cd6da882766871f29207fc5
Opcode Fuzzy Hash: 4a2aaee398882cee7f3d269ba22eaf464410cd549d52537a1aaca5aba4b9369d
Instruction Fuzzy Hash: A8E09B24A183542FD30512391D5176527659FC1A70F16C1A7D155C71D6CD544C476257

Function 05753B4E Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

r, xrefs: 05753BA8

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: ec730d720658f4796863cb594b7421eee6a2c8167b132344a1ed60f621dbb904
Instruction ID: c832d12c0fef7f1169c32018ed20fae60880be322e94352f5deb125179e3f8e1
Opcode Fuzzy Hash: ec730d720658f4796863cb594b7421eee6a2c8167b132344a1ed60f621dbb904
Instruction Fuzzy Hash: 44019074A01A68CFDB61EF54DC88BECB7B1BB89316F5041DA98096B354C7706E94CF40

Function 05728DA6 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

Tefq, xrefs: 05728DD5

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: 0407b73be02312a0a937fd816a3fec593000995489a81410bac914d6ed297da0
Instruction ID: 94374e13621c1ddf427bbe817187bc81ddc6a238996ab970a533c2954b7060b2
Opcode Fuzzy Hash: 0407b73be02312a0a937fd816a3fec593000995489a81410bac914d6ed297da0
Instruction Fuzzy Hash: BA01D674901268CFDB50DF68D881B9EBBB2BB09300F50859AE40AB7346CB319D85DF01

Function 056281E0 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

9, xrefs: 05628231

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 9d6144c998c2ee5b8ba9111b8993a22d0c1a57d70625006b3782948df3eda952
Instruction ID: 8deeee42ab2cf11e152732d167d471ba73ea42032d04676c56169208e8123745
Opcode Fuzzy Hash: 9d6144c998c2ee5b8ba9111b8993a22d0c1a57d70625006b3782948df3eda952
Instruction Fuzzy Hash: 7AF020B880AA98CFC711CF24D898E98BBB1FB06204F0002C6C449AB197CB740A07CF90

Function 05A03A7A Relevance: 1.3, Strings: 1, Instructions: 23COMMON

Download Yara Rule

Strings

O, xrefs: 05A03ADE

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: 72d7488536b9b252cb5cb7ad873156e3bf258abc3763f9c0cd8cb3d2898603a4
Instruction ID: c8da5c9ba38fdbe6e9796997affcc041f2f194dbb953fddf58b626c5f28b1ad5
Opcode Fuzzy Hash: 72d7488536b9b252cb5cb7ad873156e3bf258abc3763f9c0cd8cb3d2898603a4
Instruction Fuzzy Hash: 50F03AB4A011188FDB54EF18EC99AEEB7B9EB48300F0050D9E60DA7345CA34AE808F50

Function 05620188 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

$, xrefs: 056201B1

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 8f24db5df729699dd80f83a504911cb2e632606424b0facfd17d45f681bf5735
Instruction ID: fd95be6f9b8fa7fd4351c02d3f2a58751854dc4345522bce10788e1a9a9604df
Opcode Fuzzy Hash: 8f24db5df729699dd80f83a504911cb2e632606424b0facfd17d45f681bf5735
Instruction Fuzzy Hash: 92E046709141A5CFC701DF98D8989AD77F2FB4E314F108099E408AB189CB39AC42CF46

Function 0562569D Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

X, xrefs: 056256DC

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: X
API String ID: 0-3081909835
Opcode ID: ae3ceb4b633c29536842886d3df910c14654e3a5bf3dedcd8d8056ea761a4df4
Instruction ID: 6b9238104656248c383ff922977dad71efc26a385ed6b962df349c8ad340b26f
Opcode Fuzzy Hash: ae3ceb4b633c29536842886d3df910c14654e3a5bf3dedcd8d8056ea761a4df4
Instruction Fuzzy Hash: ECE0C2B0103A158FC750EF18FC88B5E77B2F78A301F008299E106AB248DB305C85DF81

Function 05628201 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

9, xrefs: 05628231

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 2aa491b9d1afc43e382f23658a35a70e7a507d6333ba5fc4d882270b0e95a25d
Instruction ID: 7fe3fe15d405fadae83f53035a3d90742da3476a3cb6a1b46313d9d061b3749d
Opcode Fuzzy Hash: 2aa491b9d1afc43e382f23658a35a70e7a507d6333ba5fc4d882270b0e95a25d
Instruction Fuzzy Hash: 1FE0E2B520151CAFEB11DE58D898E9E37B9EB49204F108255A50AAB244CB34AA418BA0

Function 00F798FF Relevance: .5, Instructions: 512COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f806161cd62f470ac087995b69836eb655ae40e89b7a53fa4fb849b12e79d52f
Instruction ID: 846bada8c52c0bc275c6b7ef86febffbbbabc359bfd8d3253b2678f5e3d89223
Opcode Fuzzy Hash: f806161cd62f470ac087995b69836eb655ae40e89b7a53fa4fb849b12e79d52f
Instruction Fuzzy Hash: 1D127F35708206DFCB15DF68D890A597BB2FF4A310B1580AAE809DB372DBB1DC41EB52

Function 05735BE8 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb64d1b8eb12fc2beab85b1cba5ed74066233134784c1d831ecff14fdb182c3c
Instruction ID: 0cd4f0732c795402a61d52d8c1b07ffa3b0fd995cb9ff6f71eae990c1ae9e91b
Opcode Fuzzy Hash: cb64d1b8eb12fc2beab85b1cba5ed74066233134784c1d831ecff14fdb182c3c
Instruction Fuzzy Hash: C0120A34B102198FCB14EF64C899A9DBBB2BF89310F5185A9D44AAB356DF30ED85DF40

Function 04E31CAC Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2fa58ec42f42ab1bba7dd3e06fca9fac4c587a886ab45cfc6516635b84c7af0
Instruction ID: 959e0bfd8cf95f812b692ccac155d765e597473175a6f1d6fa67e28fd080a696
Opcode Fuzzy Hash: f2fa58ec42f42ab1bba7dd3e06fca9fac4c587a886ab45cfc6516635b84c7af0
Instruction Fuzzy Hash: BC029074E00101CFC716CF54E5989A8FBB2FF45302B15D2EAE65AAB259D735EC81CB82

Function 00F789F0 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 528a7f1e6c98ac4352aaf9577e0b34f398285d066842495b16b03919645c16df
Instruction ID: 533156ff124e8fa3475dbeb1474bc879c9af4cc67c4e392f75f5bb4a1c193eab
Opcode Fuzzy Hash: 528a7f1e6c98ac4352aaf9577e0b34f398285d066842495b16b03919645c16df
Instruction Fuzzy Hash: 74E1B435654108DFCB54DF68C888E99BBB1FF49761B2580A6E80A9B371CB31EC42EF51

Function 00F789E0 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10237309c50ffe3fe43c5c661a480d1aca7a76b1a997e19d413dc49b23346c5
Instruction ID: 6bca13249f171e3126d98650fa56dd30d811f907608af9b2c0f0e19470381145
Opcode Fuzzy Hash: c10237309c50ffe3fe43c5c661a480d1aca7a76b1a997e19d413dc49b23346c5
Instruction Fuzzy Hash: C8E1A535654108DFCB54DF68C888E99BBB1FF49761B2580A6E80A9B371CB31EC42EF51

Function 00F782E0 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1e2428096d4da669644ea2289eb9a54ecf0a905a78884bda5dc09637a9fffc3
Instruction ID: 9abe1b346b82c97d5a88f02be296d1ed82c58f231dbe17286290ffd712f7c4ac
Opcode Fuzzy Hash: e1e2428096d4da669644ea2289eb9a54ecf0a905a78884bda5dc09637a9fffc3
Instruction Fuzzy Hash: 70B18F35B401118FDB54CF38C858A6A77E1AF887A0F29856AD90ACB361DF71DC42EB52

Function 057549B0 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0efe5476dcaa80a7632975b50ac88af6c17f6f5cd911ab2167f98e36879ee0
Instruction ID: eedeac4b3042a929be92897d2e36851e967aa3d27c7759fe7519bc0dd3507527
Opcode Fuzzy Hash: 8d0efe5476dcaa80a7632975b50ac88af6c17f6f5cd911ab2167f98e36879ee0
Instruction Fuzzy Hash: B2B1C674D05218DFDF14DFA8D5896ADBBF2FB88314F204129E806AB244DB746E85EF50

Function 0562E328 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58555b87466dc633c8235c3a92cf52e9d4ac397b32f2e7791d1051c7931beb7f
Instruction ID: 1a20f443823388e81e9eb33fc02ee0a35ab4bd79cb64fc2c3f392b87991f30f9
Opcode Fuzzy Hash: 58555b87466dc633c8235c3a92cf52e9d4ac397b32f2e7791d1051c7931beb7f
Instruction Fuzzy Hash: 55913B75A00614CFCB14DF68C584AADBBF5FF49310B1585A9E806AB761DB32ED42CF50

Function 05735BDA Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b74e4a12df67b03acc1b518851a01c4aa04a58e62ec7ba957eab5410a3206fc1
Instruction ID: 9a455c3d0100c98b4f40f1a186b8d7bc80b7d2f229e65b70b86b425593a8d72c
Opcode Fuzzy Hash: b74e4a12df67b03acc1b518851a01c4aa04a58e62ec7ba957eab5410a3206fc1
Instruction Fuzzy Hash: D4A11A34B002158FCB14DF24C899B9DBBB2BF89310F5581A8E44AAB366DF30AD85DF40

Function 057549A0 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ece8d1926d626c75d7a38dc41e5b531080a35fb43952bcb047994285163294cb
Instruction ID: 1afea77af76db5397feafd84f64ef5ba4437120f247fb7949d84b93faa38c677
Opcode Fuzzy Hash: ece8d1926d626c75d7a38dc41e5b531080a35fb43952bcb047994285163294cb
Instruction Fuzzy Hash: EEA1E670D05258DFDF14DFA8C5456ADBBF2FB88314F20812AE806AB244DBB46A85EF50

Function 05736B90 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cded89416a66d52de1821526263ae72807e18700699bc952aaff98235f8e3adc
Instruction ID: b6509672c61807aa098060e95d5217a14a3c9b87362e43ae0606de6a4bcd0ee7
Opcode Fuzzy Hash: cded89416a66d52de1821526263ae72807e18700699bc952aaff98235f8e3adc
Instruction Fuzzy Hash: FD913D347102149FCB09DF68D899A6DBBB6FF89720F1540A9E506DB3A2CB34ED41DB90

Function 05734CD8 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04a4aab98bbd78d4192324198b6175c8cd3c90835a5b2fc66c77caa39494ef3
Instruction ID: dd45cee10c2c8cdf970acb2ba00d86534220d1a1c0c5bb98804bf874d58ae9f6
Opcode Fuzzy Hash: f04a4aab98bbd78d4192324198b6175c8cd3c90835a5b2fc66c77caa39494ef3
Instruction Fuzzy Hash: D8517336B101189FCF19DF64D849E99BBB3FF89320F0540A5E609AB262C731ED56DB80

Function 057263A0 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2de755ec4069b8ad6ec4916fc878673dc3d1006d7a2a999c33a41432249719c
Instruction ID: 85e973a37945a4b9dcaf1531fc10e5262dc975a155c525007ed00b804087ba65
Opcode Fuzzy Hash: e2de755ec4069b8ad6ec4916fc878673dc3d1006d7a2a999c33a41432249719c
Instruction Fuzzy Hash: 2F91E874E05218CFDB14DFA9D588AAEBBB2FF89304F20812AE809B7349DB345941DF51

Function 05726390 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22fb641e713ee5bddfab93f8dfc6bf60fd4239572d52f13601cf1c10d5c5ff4d
Instruction ID: faf89e534d069f00977e618b7c2d49a78ec1fa0c47d136cc58f68dc6d8228f6b
Opcode Fuzzy Hash: 22fb641e713ee5bddfab93f8dfc6bf60fd4239572d52f13601cf1c10d5c5ff4d
Instruction Fuzzy Hash: D691F874E05218CFDB14DFA9D588AAEBBF2FF89304F20812AE809A7349DB345941DF50

Function 057546DF Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55284fb76df155678220bdba4037f180c6a4442699207722fddfbec7637fe276
Instruction ID: 401b9d6d8d45bbf2c83fddb9a2a35e7e61f04b3eb4f4e1065bf661e8b9053ae9
Opcode Fuzzy Hash: 55284fb76df155678220bdba4037f180c6a4442699207722fddfbec7637fe276
Instruction Fuzzy Hash: 1E81D570D05258DFDF15DFA8D5846ADBBF2FB88314F204029E806AB244D7B46E85EF54

Function 04E32AD0 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf7c17ab416f5c36c49800b3343f7302013e70da3754e43c2505a639413eb6f
Instruction ID: 220dd84818c7b88367179fb13f62122cfe71c013a8334dfb127de0dfdbce6331
Opcode Fuzzy Hash: bdf7c17ab416f5c36c49800b3343f7302013e70da3754e43c2505a639413eb6f
Instruction Fuzzy Hash: 2961D138705204CFC716DF69E69DAA67BF2FB80306F1595E5EA458B2A9E731EC01CB01

Function 0572D0F0 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0efa3f0432d790046afd5a24226d7dee2931d1df3a6e1e3f553ba2b63687f33
Instruction ID: 3812e9abb0ba7a1b7b0bb8b58cc56965b29a8d58483e63e0bc2da777b39305e5
Opcode Fuzzy Hash: f0efa3f0432d790046afd5a24226d7dee2931d1df3a6e1e3f553ba2b63687f33
Instruction Fuzzy Hash: 3751B131B102159FD724DB69D884F6ABBF6FF88310F11C46AE9059B681DF31E842DB90

Function 05736B80 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 540baaa96b2527d13085d86b848d979ecebb232829cb01281eb7ffe0489c5cb9
Instruction ID: fb41455165a9a6c13762f26ddfa6c3a4746d733be2e8b0428f6ae42b7e779897
Opcode Fuzzy Hash: 540baaa96b2527d13085d86b848d979ecebb232829cb01281eb7ffe0489c5cb9
Instruction Fuzzy Hash: 65612A34710614DFCB08DF68D899A6DBBB6FF89720F1581A9E5069B362CB30EC41DB90

Function 05726DF0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a5ca5033a143e4cc569236f58b591dca9977fbcdcd7700a83b56298b7aa74cb
Instruction ID: 4e111367ef467356d321dcbbd24f3f02a5dce80f8e007744dc3c126917c02abd
Opcode Fuzzy Hash: 1a5ca5033a143e4cc569236f58b591dca9977fbcdcd7700a83b56298b7aa74cb
Instruction Fuzzy Hash: 4F710D74E01218CFEB54EFA9D955A9EBBB2FF88300F10806AE809A7345DB345D85DF50

Function 05726DE0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ac0572057ab52cc401729cd6e7973e43cc02e167a27e9b7f00f945bf14fe414
Instruction ID: 6481ad7f5be7a28f55542dc0e06b3493609a842953f3d189f9b9c8604796b978
Opcode Fuzzy Hash: 1ac0572057ab52cc401729cd6e7973e43cc02e167a27e9b7f00f945bf14fe414
Instruction Fuzzy Hash: 4D61EC74E01218CFEB54EFA9D95569EBBB2FB88300F10816AE80AA7348DF345D85DF50

Function 057318D8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09a4a61e2e2bc489baf97076e3e3ef1689a9dd48336d596b0c3c0db15324be27
Instruction ID: adabc9cdaeeb95c6fb7cf19cac3f85258f05009270ccf933586681379ceba88a
Opcode Fuzzy Hash: 09a4a61e2e2bc489baf97076e3e3ef1689a9dd48336d596b0c3c0db15324be27
Instruction Fuzzy Hash: 63517E34B106099FCB09EF64E459AADBBB6FF88711F00811AF5029B364DF34A946DB81

Function 04E32A7C Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e4c07618b939bf574b955d6ff6d16204f2b8b4582609f94c8cecd84aff1009
Instruction ID: 46d9fb6edf9eda7159ce17ab15fdbd131a9d56345a22eb2ccd962b85c0eb7f64
Opcode Fuzzy Hash: d2e4c07618b939bf574b955d6ff6d16204f2b8b4582609f94c8cecd84aff1009
Instruction Fuzzy Hash: 77519E38709241CFC717DF25D64DA657BF2EB81706B1AA5E6D6858B26AE731EC00CB01

Function 00F754E8 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5676f485c8a3aefbc2b5c66e9f20e65a8b8cd6c9e96d86c2609d96f15dd45d
Instruction ID: 0fb65ca6d49bdea2e64124566676f1de5073a2094983d0d856996ca12ab92c5e
Opcode Fuzzy Hash: 2b5676f485c8a3aefbc2b5c66e9f20e65a8b8cd6c9e96d86c2609d96f15dd45d
Instruction Fuzzy Hash: 6A414A75A04604CFCB00CF69D884AAEBBF2FF49B14B1481AAE51ADB371C775AD01DB52

Function 057260DA Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f99d60420a782ffa1663b1fed74047354931f43061233a069fd3df3b02772c33
Instruction ID: 87a9db0b5866e70bca196c0a672e4d1fb617fd19647070428cd8d63b2104c99e
Opcode Fuzzy Hash: f99d60420a782ffa1663b1fed74047354931f43061233a069fd3df3b02772c33
Instruction Fuzzy Hash: 0E512CB0E06228CFEB24DF29D845BADB7B2FB49305F5081EAD50DAB245DB745984EF40

Function 05A1F9B0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c1bab86c815f9fbb47c19aeb743e3fa11a4485dc379c8585cb46db73554ec7
Instruction ID: cee55db4a959e7be9b59be4f814f2084667f1c02b59e85cff42c2e43f1e88dc3
Opcode Fuzzy Hash: b2c1bab86c815f9fbb47c19aeb743e3fa11a4485dc379c8585cb46db73554ec7
Instruction Fuzzy Hash: BA516F70D01248DFDB04EF99D884AAEBBF2FF89314F108569E80AAB394DB346945CF54

Function 04E30428 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e72eab1a2e3adf11a032ece117ca2686c80cfd972df22941cf754f9f574143f6
Instruction ID: e8ee6e3ff10d562190f6a44a7ac860994171c7ed20b04ad80d8dd2e54f7634dd
Opcode Fuzzy Hash: e72eab1a2e3adf11a032ece117ca2686c80cfd972df22941cf754f9f574143f6
Instruction Fuzzy Hash: 5041C074B05204DFC722DF28DA4CBAA7BF1AB06305F0694AAD409DB266E771E945CF41

Function 04E32AB0 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ac84c1f1700dfcfb9117451567d9093963e2be81e8be19277d5b7edd2789380
Instruction ID: 2d65702d99a0c30db88ced27b4ecef8fa64615814511acadb16a29eff36595ab
Opcode Fuzzy Hash: 7ac84c1f1700dfcfb9117451567d9093963e2be81e8be19277d5b7edd2789380
Instruction Fuzzy Hash: 1E418E38705241CFC71BDF15E64DA657BF2EB81706F19A5E6D6858B26AE731EC00CB01

Function 05739FFF Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2549a612eea53a297485634d99258f16c74ed7b01a1517cb4714adc400913d2
Instruction ID: 1f57ad9d87fd856bc03928ba3a124b5a65170c08383bd0e037b2d76b7ceb3919
Opcode Fuzzy Hash: d2549a612eea53a297485634d99258f16c74ed7b01a1517cb4714adc400913d2
Instruction Fuzzy Hash: AC411531B002059FCB24DF68D846B9EBBB6FF89720F10456AE556DB380DB71A906CB40

Function 05739EB8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75027000e0c3f64a5ddfe9f5895582f8105de921b741896f1b494c8b2f98ac07
Instruction ID: d556f13108e51f1ce1c23cb8e51fbcc3bf9648e9abb926dd27529aa79b2c706a
Opcode Fuzzy Hash: 75027000e0c3f64a5ddfe9f5895582f8105de921b741896f1b494c8b2f98ac07
Instruction Fuzzy Hash: BA41BDB1A007059FCB20CF69C548A6ABBF2BF88310F14895DE586C7A52CB70F904DF51

Function 05727B19 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6026be9f0a419bcdeb31b0915247a09dc53c61f0d8e2c588cf5f80630e5ddae
Instruction ID: 897137eaea73b639bf80b86129615005776c8c673ac29448e8b955ab3fdadf00
Opcode Fuzzy Hash: e6026be9f0a419bcdeb31b0915247a09dc53c61f0d8e2c588cf5f80630e5ddae
Instruction Fuzzy Hash: 5E414574E05218DBDB08CFA9D944BEEBBB2FB88300F109069D818B7391C7355A84DBA4

Function 00F72DCD Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4badfc6137fb2840de2299708887745ad8131590bcb48acb6afb30fcc290b544
Instruction ID: f360f4c9bf636b5c27fa58a78fbe3bcbe74ba1ca349f6c1d5cf9b85c5c978593
Opcode Fuzzy Hash: 4badfc6137fb2840de2299708887745ad8131590bcb48acb6afb30fcc290b544
Instruction Fuzzy Hash: A441B532A08209CFCB51CF58CC806EDB771FF49300F25C967D51AAB152D735AA86EB52

Function 05725C83 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99b9038917217be00e44bbc08c381966505fb4b6e573ba86e4c1e96e97d873b5
Instruction ID: ff13ac65e8776c0b2361ef007a8241439fbe8eebaefd833a9a87d5ab03a3b3b9
Opcode Fuzzy Hash: 99b9038917217be00e44bbc08c381966505fb4b6e573ba86e4c1e96e97d873b5
Instruction Fuzzy Hash: FE510C74A06229CFEB24DF24D945BADBBB2BB45304F1081EAD50DAB241DB745E84DF41

Function 00F7BDC9 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc6686d408da8098a991be4da23eee7e185249f3e9dd9e4998042a687782bc66
Instruction ID: 3fd5bb6c9e7e96ca9f279be5917548c22cb869ae337416ad1060576bbe603f32
Opcode Fuzzy Hash: bc6686d408da8098a991be4da23eee7e185249f3e9dd9e4998042a687782bc66
Instruction Fuzzy Hash: 9F41A632E081159FD710CFA9C840BAFBBB5EB45300F218167E15AEB291C7749D41ABC2

Function 0562F750 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe77b1426f04a24cfddb004c2a21f6e2cef82c58706791d5281d1e28d395499
Instruction ID: a7d69cc463dd2c5beb1e33ba6de19d552b0cd9af52d3bcb5caae89a66caa7860
Opcode Fuzzy Hash: 8fe77b1426f04a24cfddb004c2a21f6e2cef82c58706791d5281d1e28d395499
Instruction Fuzzy Hash: FA31DE353006158FCB18AB78D859A6AB7B7FBC9320724842DE41ACB7A1DF35D842DB90

Function 00F7BDD8 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7ab17acf575b413949583b5c2663498fbf5d07d2e7d6070ae2fd93c1aa22c65
Instruction ID: fa05830c23135ef78d14bccbb92ed6c585415f8e6e0f70ebae13bb8323c69043
Opcode Fuzzy Hash: c7ab17acf575b413949583b5c2663498fbf5d07d2e7d6070ae2fd93c1aa22c65
Instruction Fuzzy Hash: E2418432E08119DFD710CF99C980BAFB7B5EB49700F218167E55AEB394C7749941ABC2

Function 00F72DB0 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba3b4fa6719b892705361107f545c276ab56bff298e774789fb90a27fc4df46
Instruction ID: e961da992553f017330d35ed29a77c9d7b9f4695976d4ee66d062e9cafe83b20
Opcode Fuzzy Hash: 6ba3b4fa6719b892705361107f545c276ab56bff298e774789fb90a27fc4df46
Instruction Fuzzy Hash: 42416031E04209CFCB50DF99C880AEEF7B1FF49300F65C467D519AB251D734AA85AB92

Function 04E30048 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84898186cd2a77110f8231478899a63f3c1009fd22c7633bb4296aa3b557e3b7
Instruction ID: 0771a9493fe4e0229d262b336e0fc8f1164b4e2e349fb19d832f387075de7daa
Opcode Fuzzy Hash: 84898186cd2a77110f8231478899a63f3c1009fd22c7633bb4296aa3b557e3b7
Instruction Fuzzy Hash: E741D6B050A3849FD717CBA8CD59F963F79EF02709F1905CAE1049B2E3C278A844CB22

Function 00F74C7A Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d9dfcabf9494a7a0759c286a9c546e1c94faaced22d9553fd38b344ceeefbe
Instruction ID: 0923c0b64c5e16d8aee09ca8372217bc318fb8663f86ef7582637db512365cb1
Opcode Fuzzy Hash: 54d9dfcabf9494a7a0759c286a9c546e1c94faaced22d9553fd38b344ceeefbe
Instruction Fuzzy Hash: DF415A35A05109DFCB11DF98C480AAEB771FB44310F21C926E99A9B355C734FC82AB92

Function 05734CCA Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a639cf5cf3d4c4f6416eaa1d78fd74aec746284a0a1c78065b1a5c1ef3af1040
Instruction ID: 6c53480c026c20c531deca9043cabb062387735bba0ba8bc83a70395019bc9aa
Opcode Fuzzy Hash: a639cf5cf3d4c4f6416eaa1d78fd74aec746284a0a1c78065b1a5c1ef3af1040
Instruction Fuzzy Hash: B9315C36610214DFDF19DF64D849FA9BBB6FF48321F0580A5EA099B272C731E855EB80

Function 00F77BF8 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61d1f485a542386fe1890e422b0d639684d9793fe485ffd648449e215c7ffe0d
Instruction ID: cf94146c6ddeeb4ebcf9d1003f0f952cc49381a7b2ae07e5b30abcfe79108be2
Opcode Fuzzy Hash: 61d1f485a542386fe1890e422b0d639684d9793fe485ffd648449e215c7ffe0d
Instruction Fuzzy Hash: F431A532B142198FCB11DB68D880AAEB7F1EF8C320F10483AE50AD7351D735DD95AB92

Function 057344B0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a41b23244582657fb07585178d37b1afe62461c844918a62472f7b16e58ac65c
Instruction ID: df6dd0495ff6fb92dd0cb7fe39c48043641ad149019c6a737cbf5bd2626083d5
Opcode Fuzzy Hash: a41b23244582657fb07585178d37b1afe62461c844918a62472f7b16e58ac65c
Instruction Fuzzy Hash: 1E311536A101049FCB09DF69D889EA9BBB2FF49321B1680A9F5099B372C731ED55DB40

Function 05736E81 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc0531af8942f8c274c0dbf86e6861bad845630f4d2a8bbd8320af0e9b8b2847
Instruction ID: f970a5f5975f0839fb0c5705756ec49e2c230c7bbfe555d985c7e7b40a23029a
Opcode Fuzzy Hash: fc0531af8942f8c274c0dbf86e6861bad845630f4d2a8bbd8320af0e9b8b2847
Instruction Fuzzy Hash: FC417175A001099FCF05DFA4D855AEDBBB2FF88320F148066D841BB3A2DB319D05DBA0

Function 00F718C7 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45a68b9419852623a8ae85ffa7055874c76abe90bc159f39cb5a4436d112e320
Instruction ID: d33bc139f5216df53400dfb457d0122a87f799932140fabb8a7a561ea0f574c6
Opcode Fuzzy Hash: 45a68b9419852623a8ae85ffa7055874c76abe90bc159f39cb5a4436d112e320
Instruction Fuzzy Hash: 6421D332B182415FEB60853D9C647AB2BF5FB95360F14893BD68EC2181E224D84EE313

Function 05727B5F Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d663080f0d766f388db38dfe683f2d33907ff2d1b6ba7d29f39c81b6fa0877ce
Instruction ID: 268b1632fada494c0f554a6b2d55ef2b5f529ae80ab8ab09b28040c4a9d25105
Opcode Fuzzy Hash: d663080f0d766f388db38dfe683f2d33907ff2d1b6ba7d29f39c81b6fa0877ce
Instruction Fuzzy Hash: 54310274E01218CFDB08DFA9D944BEEBBB2FB88300F109069D814B7291C7355A84DFA4

Function 00F70BE8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9596283abfedb58b7fdbd36bb7587f5ac08f026c0c047539f7fb3559005fdfac
Instruction ID: 65039a1b4e02d021dac4ce7ce3469b37bf28b22456af9a5d24040916213b9b07
Opcode Fuzzy Hash: 9596283abfedb58b7fdbd36bb7587f5ac08f026c0c047539f7fb3559005fdfac
Instruction Fuzzy Hash: EC21BE36708101CBE7138639AC5076A77A5DF85764F2486BBE80FC7391EE26CC46A353

Function 05727B70 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4351f22f877baaa0845dfe1a27d125abd9e5be36c0334c06a2fd88d20d430156
Instruction ID: 277839b4b4c31678bcad371529c985378825863fd5776ceab024f2fcca20b945
Opcode Fuzzy Hash: 4351f22f877baaa0845dfe1a27d125abd9e5be36c0334c06a2fd88d20d430156
Instruction Fuzzy Hash: 4B312574E05228DFCB08DFA9D944AEEBBF2FB89300F109069D818B7251C7345A40DFA4

Function 05734430 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5df42c8c66d565ddbb391976cd1a70e8ae274bd66f6307dc3677e9b566b5025f
Instruction ID: 45b5af674b95969f0efe980fd157384fc8ac6496b99a77550c3c49f25da12f5a
Opcode Fuzzy Hash: 5df42c8c66d565ddbb391976cd1a70e8ae274bd66f6307dc3677e9b566b5025f
Instruction Fuzzy Hash: 063161366041459FCF05CFA8E848D99BFB2FF49324B0985A9E1499F273D732D815DB40

Function 05732678 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0221d3be3d33886dc79b1b183eebb2c52b3c5c99d8872b7520c2acc8e81be96
Instruction ID: ecef84734975f079950067314110b91cffdad5fc0dd4d29ea86591c427ccf4d4
Opcode Fuzzy Hash: c0221d3be3d33886dc79b1b183eebb2c52b3c5c99d8872b7520c2acc8e81be96
Instruction Fuzzy Hash: 1B21F5363052049FC7248B6DE995A6ABBEAEFC1331B15807AD50EC7A53CF31E8419790

Function 05727D40 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d9c4cca97ad17f26f257105dac13a838d484d55ff2d79fec1bbc0bd7c23ba0b
Instruction ID: 6c3c2f75a8ce3e205f7d941565fbf7432393e5faf0b020260d6918d199e2ab14
Opcode Fuzzy Hash: 2d9c4cca97ad17f26f257105dac13a838d484d55ff2d79fec1bbc0bd7c23ba0b
Instruction Fuzzy Hash: 81314275E00228DFDB08DFA9D944BEEBBF2FB89310F10802AE415A7280D7B05980DB90

Function 05728474 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dec13b7d1a1d802feff8631e2bacee987e2e479a2215c49f581ef7541d5098b
Instruction ID: f8fbe878c842a02ab5e7bfd02afbc262d498946f853548acf7c3fd03de863274
Opcode Fuzzy Hash: 5dec13b7d1a1d802feff8631e2bacee987e2e479a2215c49f581ef7541d5098b
Instruction Fuzzy Hash: C3313E70D02228CFDB14DF5AC954BAEB7F2FB89301F508159D409AB354CB75A985DF01

Function 00F770E8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9107737989bbc037e6115a76b30fc7c342b113c0f7e65ce7a180ad0858a04b0c
Instruction ID: 06346d91747eedf52a8bdf7dff929c222b6f46d1a4933899a2885d6f3672677f
Opcode Fuzzy Hash: 9107737989bbc037e6115a76b30fc7c342b113c0f7e65ce7a180ad0858a04b0c
Instruction Fuzzy Hash: DD316D35E1070ADFCB11DFA4C85499DFBB2FF89310F20861AE815AB351EB70A986DB40

Function 05727D50 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf1982ed94b6cecda7a1a4c8ff3c8698a43edff68f463c8ea5a65afce244e553
Instruction ID: 95cb6ff67a71d6610ed8ba391d34ef758d28b8bc39f8a9f3f69c64481d900e68
Opcode Fuzzy Hash: bf1982ed94b6cecda7a1a4c8ff3c8698a43edff68f463c8ea5a65afce244e553
Instruction Fuzzy Hash: A6313474E01229DFDB08DFA9D944BEEBBF2FB89310F10946AE415B7290D7705981DB90

Function 00F770D8 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391be4f0e9bc7df0cba309d73ce0e72f884acdb436393ae600e1cafab2d763b6
Instruction ID: 9f396eabdf5be851a18abb073e5ee10a1745a62696d5386256dcf350da48c692
Opcode Fuzzy Hash: 391be4f0e9bc7df0cba309d73ce0e72f884acdb436393ae600e1cafab2d763b6
Instruction Fuzzy Hash: 7E319E34E1071ADFCB11CFA4C85489DBBB2FF89310B20C61AE815AB251EB70A982CB40

Function 05729508 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 943bb6b48955970f4d76500d803c6c1dc4b6257258f96fae63f5f89b99db1dbb
Instruction ID: 84c6d2ffedd1c39acc63998a31383560fe309fb0934807387c002baeb0e774bc
Opcode Fuzzy Hash: 943bb6b48955970f4d76500d803c6c1dc4b6257258f96fae63f5f89b99db1dbb
Instruction Fuzzy Hash: 3A3138B4E05618DFDB04DF9AC440AAEBBF2FB89310F14D06AD509A7384DB349985DF50

Function 04E3040C Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6069eea2dc70fea5a16e8f1b333a41cfb2ec5461e995f7aeb8d128c987f9a9de
Instruction ID: 0e259dad49a8bc29f3b8ffc7150d7e4e7a2f99189685d6936d62535312612a33
Opcode Fuzzy Hash: 6069eea2dc70fea5a16e8f1b333a41cfb2ec5461e995f7aeb8d128c987f9a9de
Instruction Fuzzy Hash: AF31C270A05205DFC323CF28CA4C7AA7BF1AB06305F05A4A6D446DB26AE770EA45DF51

Function 04EA3359 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2caf6f06917090ec47c9cd238000036c7d4dde223c5611dbb87bf39b76bd4b7
Instruction ID: 60b01b38542b3e5bce9530f011655f51a20fe8755ba09839496a08e0341f27bc
Opcode Fuzzy Hash: e2caf6f06917090ec47c9cd238000036c7d4dde223c5611dbb87bf39b76bd4b7
Instruction Fuzzy Hash: D33137B0D06108DFEB04DFA9C4497AEBBF1FF44305F10906AD419A7244EB796A94CF51

Function 00F79F20 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd82b09e905e41b0a0e1ddf725f2164a16bf63b5189ad94cd73fa835dddd12f7
Instruction ID: c7fb6dc6843be5b242b6d60cd49a519e9df796c172ffbb4cfac1f99f17977072
Opcode Fuzzy Hash: bd82b09e905e41b0a0e1ddf725f2164a16bf63b5189ad94cd73fa835dddd12f7
Instruction Fuzzy Hash: BD21B53630D3809FC711CF29D894E967BB5EF8A32071580AAE94ACB762C671DC45DB62

Function 04EA71E8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c50157164f4b3501ef9c317cd109b533a68be90c1ccfa932baf93830061acce
Instruction ID: e06209e746839795cf99dfbe9b117885aa8a1610aff76dc73a977b27bd6f7f89
Opcode Fuzzy Hash: 2c50157164f4b3501ef9c317cd109b533a68be90c1ccfa932baf93830061acce
Instruction Fuzzy Hash: 5F3121B4E05109CFDB04DFA6C4057EEBBB1FB88304F00A426E519B7244DB78A9559F61

Function 04EA3368 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b90843a618b3b95007a4c6c2a0fffa926b5a7960899ed8fc2f6c1b5102383b2
Instruction ID: 39c523bec35b6eac4dddeb4b31159717faf74e6a67f95e93e109adb2d4083523
Opcode Fuzzy Hash: 8b90843a618b3b95007a4c6c2a0fffa926b5a7960899ed8fc2f6c1b5102383b2
Instruction Fuzzy Hash: 9C3132B0D06108DFEB04EFA9C4487AEBBF1FF49305F209069D819A7244EB796A94CB51

Function 05620DC5 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d28db0e0305983b4caf5910b83a09640739b55ed21d6be1735e76c617a020d21
Instruction ID: d16c343dba4cbe39bfcab35f2143bba8dca73d0d7d7acbba55d530deeb0fce6f
Opcode Fuzzy Hash: d28db0e0305983b4caf5910b83a09640739b55ed21d6be1735e76c617a020d21
Instruction Fuzzy Hash: 193115B094A628CFEB24DF09C849BEAB7B2FB49314F0080E9D54AA7254C7B44EC1CE40

Function 0562F881 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43916cdef1a4083c70651e221775acb9e3d21b68cb27f6111c529f948331bca5
Instruction ID: 694a7b2f5ac9dee20c1f49e2bf169ec383e153ff1765054c26cd73b6b652db66
Opcode Fuzzy Hash: 43916cdef1a4083c70651e221775acb9e3d21b68cb27f6111c529f948331bca5
Instruction Fuzzy Hash: 87312775A002199FDB18DF94C685ADDB7F2FB89310F2041A5E405BB361DB71AE86CFA0

Function 00F77BE8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6735d3c1fdfd25699eb8140e0d165088c3e781ba422c1797e76fd24925a2d761
Instruction ID: 15476de1d09bdb16efe1c85f99944ca5a00a20944f0cfedbe98952678a70292f
Opcode Fuzzy Hash: 6735d3c1fdfd25699eb8140e0d165088c3e781ba422c1797e76fd24925a2d761
Instruction Fuzzy Hash: 8421B631A183098FCB11DB38D8806AE7BE1EF49350F14897AD40AD7241D774D945B793

Function 0572F770 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7043c8d496fb24844f8d76b7284cf614553700788c69cbdac73ac735f27eee1c
Instruction ID: bd65243996834e539b2f82afb75f1c2b5dc6ab6295f711240653f46f99791520
Opcode Fuzzy Hash: 7043c8d496fb24844f8d76b7284cf614553700788c69cbdac73ac735f27eee1c
Instruction Fuzzy Hash: D4218731E04229DFDB00DFB8C905BAEBBF5AF04350F508066D91ADB290E734DA41EB91

Function 00F2D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1668834824.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f2d000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c7103fff715f9ee3a40d1fc103ab6b7a7ce364b0ca69d6024bfeed14cca5879
Instruction ID: 05b4ce6fdcfecf396681d5ed2f9cd1fb2880380f4974a61a99d1a68de7104553
Opcode Fuzzy Hash: 3c7103fff715f9ee3a40d1fc103ab6b7a7ce364b0ca69d6024bfeed14cca5879
Instruction Fuzzy Hash: 212129B2504244DFCB15DF14E9C4B26BF65FB84324F24C569E9090B26AC336D847EBB2

Function 0572BAA9 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d4ccb9218ec80d34b649bbccbd75654596448373cd5eaa00c5d6a0ee3bc49f8
Instruction ID: 7bb00fdd8f290d900fc49dd48e20aedcd32ac2104de148253831ad66a7fe4a44
Opcode Fuzzy Hash: 1d4ccb9218ec80d34b649bbccbd75654596448373cd5eaa00c5d6a0ee3bc49f8
Instruction Fuzzy Hash: 67219271A102189BCB08CF58C8859DE7FB6FB8D320F14912AE815BB394DE319845DF60

Function 00F70A40 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 307fbd5375b39e7413012cceaeca44cec0aa182f82e7b08ff6aa595835033fcb
Instruction ID: da4986b105ff549b272794befe41b4110cd00d33432590b2fbb760b8fe6ea72d
Opcode Fuzzy Hash: 307fbd5375b39e7413012cceaeca44cec0aa182f82e7b08ff6aa595835033fcb
Instruction Fuzzy Hash: C511B4313042118FD706A678E8A076D3B52EF85714F4599BAE10ACF2C6CE789D45B392

Function 05732620 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0c25a1993dce0be26f66c968ddfe8cd325894ec27acb55c70285fafa1516600
Instruction ID: c29efe1dcc52f92fcc39d18bc5feeaab51e3064dae9f5c790a0dde21feb81712
Opcode Fuzzy Hash: d0c25a1993dce0be26f66c968ddfe8cd325894ec27acb55c70285fafa1516600
Instruction Fuzzy Hash: CC1106363092149FC7689E69E89579A7BEAEF85631B1400BAE50ECB752CE21DC41C390

Function 05728F0B Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dbbff25dcd3812610245fa871f1bb90563229aeb102d2e171bc3e66f6e5fa6a
Instruction ID: b6cd4556bb422edc85102bc04da56abf641e1d0ddd0821d9c00d639bc91320ee
Opcode Fuzzy Hash: 0dbbff25dcd3812610245fa871f1bb90563229aeb102d2e171bc3e66f6e5fa6a
Instruction Fuzzy Hash: 77316FB981C3A69BC701CB648448A86FBF2BF15640F4EC7EED4495B613C2729584E7C7

Function 00F7FE30 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ba6ca567a7c5f5119c9f6c30bed8327600f90c6ba59a5f6e2a4ac807a463b30
Instruction ID: 61a2e30afd2970a47395d10fdc94655ed1ceee7be932cd96f8041f4aa896cbf6
Opcode Fuzzy Hash: 4ba6ca567a7c5f5119c9f6c30bed8327600f90c6ba59a5f6e2a4ac807a463b30
Instruction Fuzzy Hash: B01106757003049FDB14DB69C89046BBBA6EFC9350710D566E60C8B376CA30AC4AD7A2

Function 0572B431 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16ff1cd6da1e518dd6839f25cc2e2aeef1d43c277771c83a617de2b643b7a9e8
Instruction ID: 55480505ecc2d6748d858b53203115817a0d3c5fc89cd5c16980abc308debb10
Opcode Fuzzy Hash: 16ff1cd6da1e518dd6839f25cc2e2aeef1d43c277771c83a617de2b643b7a9e8
Instruction Fuzzy Hash: FB2129706102059FCB08EB69D8457AE7FE6EFC4300F404979F006DB681DF71A9499BD1

Function 0562BDB2 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e1f44ba4e5f4a04fd55717e7ff3934ad10a641748171dc0110ada6e644ab2a1
Instruction ID: 03d620f788972e997e389b17d076b26020fefd7fa95507dd186d7f06db13eac6
Opcode Fuzzy Hash: 4e1f44ba4e5f4a04fd55717e7ff3934ad10a641748171dc0110ada6e644ab2a1
Instruction Fuzzy Hash: 55219F75905108EFCB50DFA8C941BADBBF5EB58320F10C0AA9858A7360D6369E51EF81

Function 05758270 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5488e6a0f1ef0fcbb0ca2cbe65aa5cbde5dc31162662e98bf256f28adc075015
Instruction ID: a2085438e33ebeeda2862f142c8058b5cba2fe19dc2a429da606018f5f01ac2e
Opcode Fuzzy Hash: 5488e6a0f1ef0fcbb0ca2cbe65aa5cbde5dc31162662e98bf256f28adc075015
Instruction Fuzzy Hash: A9217A70E04209DFCB04DFA9D080AAEBBB6FF49320F6081A9C805A7344C7759981DF82

Function 04EAF5E0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6eceacd9d57d0b04feb8f61ce563e5ca962ec467be52313308a7ff8d0f45eb1
Instruction ID: 8611c366edca2b070c6514803b4a5324e88243e13669f0f4d14d2bef798067b5
Opcode Fuzzy Hash: d6eceacd9d57d0b04feb8f61ce563e5ca962ec467be52313308a7ff8d0f45eb1
Instruction Fuzzy Hash: 1E217C70E05208CBDB04CFA5D5452EEBBB5EB8C315F14A829D405B7250EB782A54CFA1

Function 00F2D005 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1668834824.0000000000F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f2d000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56bccd5750e81bce4af78af6ce9906103b9db28197554ac141e002e137fa0e2f
Instruction ID: 96d6d1d4927bf5e6b0a0cc921032627888690723c0bcd430ad2a040ebd6bc72a
Opcode Fuzzy Hash: 56bccd5750e81bce4af78af6ce9906103b9db28197554ac141e002e137fa0e2f
Instruction Fuzzy Hash: 742183755093C08FCB13CF24D994715BF71EB46324F2981DAD8458B667C33AD81ADB62

Function 04EA0228 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7061a0309a9104906096a97a44b1a993f2f139d64eb9a1e101aad690eff904
Instruction ID: a2a11138d630972e612d19c342eef305da4d09bf3f06dc6eaafd6bd9ad22a2e1
Opcode Fuzzy Hash: 4d7061a0309a9104906096a97a44b1a993f2f139d64eb9a1e101aad690eff904
Instruction Fuzzy Hash: BC11A3B1B042044BE708AAFC5C5137F6ADBEFC9314F21D06EA649CB396DD649C8253A6

Function 05626ACF Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eef46395101a68628d57c3f91fa48a1d115adacc3603bbc35492824552d6fb7b
Instruction ID: 5175327d97f07a9da90ffa1f5160538b185f9cba04cc4b512fec248eed1ea09b
Opcode Fuzzy Hash: eef46395101a68628d57c3f91fa48a1d115adacc3603bbc35492824552d6fb7b
Instruction Fuzzy Hash: 51219A70A011098BDB04EFACD9455EEBBF1EF88300F1081A9E009BB385DB389E45CFA1

Function 04E30922 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26aaa93f2b01d1bfa984aa8f682056417f0031975a9b746a364b7485872ee53f
Instruction ID: b01872eb9eb50d5a370f29f6d68dd979250e2cfa6bf581d514f8ca512d8462f2
Opcode Fuzzy Hash: 26aaa93f2b01d1bfa984aa8f682056417f0031975a9b746a364b7485872ee53f
Instruction Fuzzy Hash: 8321F635A01108DFDB05DFA5E65CA9EBBF2FF4830AF119469E806A3258DB74AC41CF00

Function 04EA8518 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82f98a6ed8d49a0b9d5a19c011bfe5b0119f6bd6c78d08eeae48cf8a69537681
Instruction ID: 646a383e454c8cf5b36f9eeb3ca5da2c464259977da0471d8546cc9a61145399
Opcode Fuzzy Hash: 82f98a6ed8d49a0b9d5a19c011bfe5b0119f6bd6c78d08eeae48cf8a69537681
Instruction Fuzzy Hash: B12144B5E00109CFDB08DF9AD845AEEFBB5FF88310F04942AE904A3250E7746A55CFA0

Function 00F7FE21 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67927129fe007732900aed26c1293734033901d8b146581f54dcf90a90318bb6
Instruction ID: 48d60a07896b97a99e839311efc9505ad7511fb09acb8278c649f724e69f5c5e
Opcode Fuzzy Hash: 67927129fe007732900aed26c1293734033901d8b146581f54dcf90a90318bb6
Instruction Fuzzy Hash: F611A7747007045FDB14DBA9C8808ABBBA6EFC9310710D56AE61D9B365CE34AC459791

Function 04EA8528 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7a5a8769f66c3f893874b6ee9a6dbc236586256bbdf9181bf39169a404b3b69
Instruction ID: 4d56a69f2fe25d1f6eed01c1b27f6a425184c17d91f32a9e39b61b5982a994a4
Opcode Fuzzy Hash: a7a5a8769f66c3f893874b6ee9a6dbc236586256bbdf9181bf39169a404b3b69
Instruction Fuzzy Hash: 841126B0E04209CFCB08DF9AD4446EEBBB6FF89310F04942AE905B7250D7746A55CBA0

Function 05626AE0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd32b3ae30104ab695af58d56393827b9dc9c3fc724372df75500a0f9bff57e9
Instruction ID: 8c8e97eee16fa1345630ed5ea94dcc1f6e11eb19be208442282a2dda986c6c0e
Opcode Fuzzy Hash: cd32b3ae30104ab695af58d56393827b9dc9c3fc724372df75500a0f9bff57e9
Instruction Fuzzy Hash: 39211A74A111198BDB04EFA8D9555EEBBF1EF88301F108169E509BB384DB34AE45CFA1

Function 00F77318 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69af90fb6a39fdd8f63d7a53eab96953fe9393f50ae6150ef35d060919439150
Instruction ID: d1f412c05e280bf2988c300124ec7715abf8031112e10787c6f01ca40478a29a
Opcode Fuzzy Hash: 69af90fb6a39fdd8f63d7a53eab96953fe9393f50ae6150ef35d060919439150
Instruction Fuzzy Hash: DC11C6326042049FDB15DF64D840A9DBBB2FB88310F10C46AE956D7350D732EC16DB51

Function 05A00CF7 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d9f7222571e852289349fde4750f5bce36f5770c74e366a61e299eaaff0e288
Instruction ID: f218d6cd3444a03412d7528b768fc46e4a9b0a8cf1da179b085cd02ccc12170e
Opcode Fuzzy Hash: 4d9f7222571e852289349fde4750f5bce36f5770c74e366a61e299eaaff0e288
Instruction Fuzzy Hash: C4319C78A01228CFCB65CF28C894AD9BBF5EB08301F0580EAE90DA7355D735AE81CF40

Function 04EA0131 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7743e7ef625974300771142a4054f4e4f1450c57107de77e4cae366c95e27c1c
Instruction ID: 49f9f41d285ba1354571cb588e19f88f5640996a42e89f244144872feccf5620
Opcode Fuzzy Hash: 7743e7ef625974300771142a4054f4e4f1450c57107de77e4cae366c95e27c1c
Instruction Fuzzy Hash: F50124B1B083440BD7056A381CB73E62BB2DFA3204F4991AAD50ACB1DBED1898975792

Function 00F7A9B6 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c5ac2886e133b3b904e9a6a925b403837e7b83225d465270f66ff4c347079e
Instruction ID: 6d6a8a48dfb93997530cd0ad3b17c8ba46151ed38ca0fafc7b81616dd63bf6a2
Opcode Fuzzy Hash: 12c5ac2886e133b3b904e9a6a925b403837e7b83225d465270f66ff4c347079e
Instruction Fuzzy Hash: 8B114270D05908EFCB00DFA5D98479DBBB1EB85304F22C9ABD10AA7241D7741B55BB43

Function 00F7A9B8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe87256bbff1bffc86fb1a410db6dff28bb959d6718d979bf22f02e0233b87a8
Instruction ID: e3d2ec9e8ab6f1cd26236e5217568de679754277de0b76a98ae35385df0cb655
Opcode Fuzzy Hash: fe87256bbff1bffc86fb1a410db6dff28bb959d6718d979bf22f02e0233b87a8
Instruction Fuzzy Hash: EF115470D05A08EFCB00DFA5D98479DBBB1EB85304F22C9ABD10AA7240D7745B55BB43

Function 057508C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ca8994b8f8be5f54d5c7030a489af818e4cfc05e8d65848cd39617dd4dd172
Instruction ID: 0e18b523a14e3ef83ae823d7ad9653406568090aee919ecf40b858806bca6031
Opcode Fuzzy Hash: 61ca8994b8f8be5f54d5c7030a489af818e4cfc05e8d65848cd39617dd4dd172
Instruction Fuzzy Hash: 7511DAB0E002099FDB44DFE9C8457AFBBF1FF88310F20856A9518A7394DA355A819B91

Function 0572C4C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dee9f5871bf0abb1bc384df9c69de077ee7b2c45e1da0b036d5304ef0a84297
Instruction ID: 968df9a3e4206a1e13d0cb322260faedaf260dc888f3552f2fed5a813d9df09e
Opcode Fuzzy Hash: 2dee9f5871bf0abb1bc384df9c69de077ee7b2c45e1da0b036d5304ef0a84297
Instruction Fuzzy Hash: 2C017536340214AFD7148E5ADC84F9A77ADEB88721F10802BFA04CB290DAB1D8059B90

Function 05531B7B Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1688727764.0000000005530000.00000040.00000800.00020000.00000000.sdmp, Offset: 05530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5530000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154c7d93ec12e7956fa905a6aae33eb3994c80a84b528f3e587f3c192c34ec00
Instruction ID: 45553ce7b9a715360017e126c6c9bb8e2cfde0ca4734ab113c2efcecd02b3d15
Opcode Fuzzy Hash: 154c7d93ec12e7956fa905a6aae33eb3994c80a84b528f3e587f3c192c34ec00
Instruction Fuzzy Hash: BA019EB05093449FC716CFB8CD95F9A3FB4EF56300F2501DAE5089B2A3C2749808CB62

Function 00F7C3A1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc097a598cf04cf6b5fa7f5329d06a5f015b7af78e1ded75a8f3418163247a0a
Instruction ID: 0fff5c080b6749ddb1b59a5ca90af113c89ef0277bb266338a2b976ac3586297
Opcode Fuzzy Hash: fc097a598cf04cf6b5fa7f5329d06a5f015b7af78e1ded75a8f3418163247a0a
Instruction Fuzzy Hash: 3D01F5706092805FC701DB78DCA6AAD3FF0DF42314F1944EAE585CB2A3E9209C45D752

Function 057274B0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f5681d072fd5345b63a59d2254372cd9fe00b95c8ce065e787c333f63fd2f99
Instruction ID: dd859d8ca547b34cac60288759de6052a610abc95a7f234a78d11ded8b0e1536
Opcode Fuzzy Hash: 2f5681d072fd5345b63a59d2254372cd9fe00b95c8ce065e787c333f63fd2f99
Instruction Fuzzy Hash: 6A112775E001199FCF04DFA8D9456EEBBF5EB88315F10406AE919B3384D7395A44CBA0

Function 05622EA8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec1a557edb64f549278c7f7c78e4be71d3feeafc92fc27491e9f51fcf4be2903
Instruction ID: 7b74c68bfbc59c75c9fb9f7a0271104799074445ec97e27a01085e736f162958
Opcode Fuzzy Hash: ec1a557edb64f549278c7f7c78e4be71d3feeafc92fc27491e9f51fcf4be2903
Instruction Fuzzy Hash: D20192B5D09108EFCB00DFE8D555BADBBF4EF54300F1485A99808D3340EA369A55EB44

Function 05531B80 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1688727764.0000000005530000.00000040.00000800.00020000.00000000.sdmp, Offset: 05530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5530000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc74aace65c7ed6e3a8381eadc105e7fe2b7fa98fd62c5ad32f4478a9b0f8da
Instruction ID: ab9f6694e42c5c251cfb2cea11feaad8154c835f85a7b3852dcd2e2c10cb4134
Opcode Fuzzy Hash: 3fc74aace65c7ed6e3a8381eadc105e7fe2b7fa98fd62c5ad32f4478a9b0f8da
Instruction Fuzzy Hash: 2B0171B05093449FC716CF78CD55F9A7FB4EF56300F2541DAE5489B2A3C6759808CB62

Function 00F7E361 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 814bc330d06788eb0e8dc79790dc37df2ff53ad3038b1ad3cba6208e1bffb0dd
Instruction ID: 392fb3b6ba582a399f78747f309fb37ebef2af9b19fe1f12347a30c6d1731b8c
Opcode Fuzzy Hash: 814bc330d06788eb0e8dc79790dc37df2ff53ad3038b1ad3cba6208e1bffb0dd
Instruction Fuzzy Hash: E40144A2E092001FD304953828E26E62BB0EFA5204B5990ABE149CB187FD984D4BA352

Function 00F715AC Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86c49f05d4e600b5778ee36d42e03f35d084e4b4f8123a0c53480d00b313da74
Instruction ID: 5cf92c525bf956618baeb7edae338fdfd0a07b227f73afe6d9895893a8e566e9
Opcode Fuzzy Hash: 86c49f05d4e600b5778ee36d42e03f35d084e4b4f8123a0c53480d00b313da74
Instruction Fuzzy Hash: F511F735B001048FDB18CBACD955B9EBBB1BB88354F248067E91BEB390D771D849AB42

Function 00F70D98 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1f1466908e1b8a7e62cbfa68ae78737c2c67f95f2d2115dbcb801cc2f032b18
Instruction ID: 40e41ee964c9514f6541eef4439824537859ff911b826614bbed9471358e59b1
Opcode Fuzzy Hash: b1f1466908e1b8a7e62cbfa68ae78737c2c67f95f2d2115dbcb801cc2f032b18
Instruction Fuzzy Hash: 3511A574701101CFD715DB34D555B2A3BB2EF85304F2488A9D406DB296EF71DC01DB82

Function 04EA001F Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f521903ea29e7c1eda050e1f9d8b7fb2d5213f2fa7f90c9cb7142675bd00df5
Instruction ID: 9a16450b58f837610615cb9d0f31e2f477b5c1fafc98748a863d64ba6e12fef0
Opcode Fuzzy Hash: 5f521903ea29e7c1eda050e1f9d8b7fb2d5213f2fa7f90c9cb7142675bd00df5
Instruction Fuzzy Hash: C701F9A57083445FE70512782CD13BB1B66DFC2314F15407BE549CB2D7DD15AC4763A2

Function 04EA0AA1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 932b0da83730c2317216e3cb9c7f9a1f274a3d3b2b81d9757db327ce6dfb13ca
Instruction ID: 97946f024ef5411406bf3a88cb9ad68fcceb78db8401f504ac3423af31af5f30
Opcode Fuzzy Hash: 932b0da83730c2317216e3cb9c7f9a1f274a3d3b2b81d9757db327ce6dfb13ca
Instruction Fuzzy Hash: 3901D6B07002545BD308AABD9C506ABA6DEFFC8300B35C52DA549DB389DD249C8253A2

Function 057274A1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dcb92124bbb6f75bdabdfaf018ff2d6d5d05767c3d6b5c7e071931adcb19987
Instruction ID: 3e7d35dd193d2fbb8a3d07689b7e461e549d92737753083c2ae01f3713422299
Opcode Fuzzy Hash: 1dcb92124bbb6f75bdabdfaf018ff2d6d5d05767c3d6b5c7e071931adcb19987
Instruction Fuzzy Hash: 5D114530D05218CFCF08DFA8D945AEEBBF1FB49301F10806AE809A7280D7395E45CBA1

Function 05728FE2 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e237029f8478fce093a6c571a4e89cc802012a89ce532376a72b5db2dc985eda
Instruction ID: 9e3f9a553c528d337fa1402566ebfa01c15cd7b8d436c2f5c96d2b036b5e37bc
Opcode Fuzzy Hash: e237029f8478fce093a6c571a4e89cc802012a89ce532376a72b5db2dc985eda
Instruction Fuzzy Hash: 3801D871809258DFC741EBB8D9457ADBBF0EF46211F1840EAC84CD7252EA369E84E752

Function 05736FD8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 582d9e2cad4c54551ee5b933196a128c6099f6311e8ebccc9bf56be9200de63e
Instruction ID: dec0d1523b3cbe1818e26b0f7aff21f6c8ad67ac305d53044e2d6823927268e5
Opcode Fuzzy Hash: 582d9e2cad4c54551ee5b933196a128c6099f6311e8ebccc9bf56be9200de63e
Instruction Fuzzy Hash: 0601C0713002008FC7199B68D54AB7A77A3EF88335F1885A9D5564B796CB75D843E780

Function 00F7D9A8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d8d78f0749bb0c43464e9e99434d418d8c14392da0472dc8abc0b3102a4eb6
Instruction ID: 08e8b2b47530db900b1cb0683cec6a2ef3106640e0eacba251d2784c7bdd7106
Opcode Fuzzy Hash: 11d8d78f0749bb0c43464e9e99434d418d8c14392da0472dc8abc0b3102a4eb6
Instruction Fuzzy Hash: F701A260A0E3945FE30782386C726652F796F83250F5E80EBE585DB1E7C9194C4BA363

Function 00F7EE8F Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1375bb1b259809e77a5645c25a4877941c5b5d60b963e096b28dd1940770b23c
Instruction ID: ec8ca9745828010fd24ee4abadd2bc5b720831493c7c33dba0254ce12bfc1721
Opcode Fuzzy Hash: 1375bb1b259809e77a5645c25a4877941c5b5d60b963e096b28dd1940770b23c
Instruction Fuzzy Hash: E20186B0B001145BD308AABD5C9066BAADEFFCD710B35C52EB549D7385DD348C8253A1

Function 04EA0AAF Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcae03f996160852d0e8c50d3d91a796771c44389dd4f4fe3815c169461306e6
Instruction ID: 83a0c3d3739909fcee3750ca65916b0084b59cf7edf20913cb16abc0d4c76dd5
Opcode Fuzzy Hash: dcae03f996160852d0e8c50d3d91a796771c44389dd4f4fe3815c169461306e6
Instruction Fuzzy Hash: 5D0181B07002145BD308AABD9C9466BAADEFFC9710B35CA2DB549D7389DD249C8253A2

Function 05728318 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe425eb579ff03d3231eac821e8b0da64ee1e2c95a53fc1d82ce66676971b732
Instruction ID: e503be2dae3a3e09b0db36d918a4d95f1c0b750096b478ce399f9b1b8326d861
Opcode Fuzzy Hash: fe425eb579ff03d3231eac821e8b0da64ee1e2c95a53fc1d82ce66676971b732
Instruction Fuzzy Hash: 70117970904328CFDB54DF69D8857EDBBB6EB8A300F4080A9E44DA3246CF765985DF02

Function 05A05BDE Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 953d0035fef996947b0966316850800a808cb711bad2150a3957282daefc9e94
Instruction ID: 02e030e32782794e636d611fc638dd6d8aa934dc42c4cfdc415de061f72d3aa9
Opcode Fuzzy Hash: 953d0035fef996947b0966316850800a808cb711bad2150a3957282daefc9e94
Instruction Fuzzy Hash: 6D21AFB8A11228DFDB64DF58E899AD9B7F1FB48300F1050EAA409A7784DB349F85CF50

Function 00F7FC87 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f4d098a297f7183976b3c8346da2b515a9f2a7ebfe9f81fab4d699b4cdbe69
Instruction ID: 1a14dff843ee4c7da8057d0c932105b3e735a9979537b48ddcaeafc1b32e8764
Opcode Fuzzy Hash: f1f4d098a297f7183976b3c8346da2b515a9f2a7ebfe9f81fab4d699b4cdbe69
Instruction Fuzzy Hash: EF01492064A3801BC3185678585059A7FA5EFCA34036985AED4498B2D7CD284C4B5792

Function 00F76FFF Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e76835842fdead32b9b73d0b916a6a44a6a2edd5b8e67c3336b3ce9c21d77aed
Instruction ID: fcbc59dec28054acfa53ef41f4e342c835a238869ad64318eb5cef04ca54d150
Opcode Fuzzy Hash: e76835842fdead32b9b73d0b916a6a44a6a2edd5b8e67c3336b3ce9c21d77aed
Instruction Fuzzy Hash: DA118374E01218DFCB44DFA8D9909DDBBB2FF88310B208569E909AB354DB31AE46DF50

Function 05734EE0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d21d51da026058b48ebd25fb7c2e58f3e5ff7a67d7c7940a79721a0fd66d49
Instruction ID: 4a734f9e4d9f9e8e12b94e2af76067e9b33852b2358da33f1b268f44b88eb77f
Opcode Fuzzy Hash: 34d21d51da026058b48ebd25fb7c2e58f3e5ff7a67d7c7940a79721a0fd66d49
Instruction Fuzzy Hash: A001A2363006109FC7099B24D45EB2ABBA3EBC9721F148169E9068B365DF76EC46DBD0

Function 0572A6F0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15241f31d06f01fde9717e82155a6cfd4ea6379e4e4b0036a72f6c94b9304862
Instruction ID: 740b9e3fb785924fe35902e09b9bd119c3db6bfdca64843d97205c5aaeea7062
Opcode Fuzzy Hash: 15241f31d06f01fde9717e82155a6cfd4ea6379e4e4b0036a72f6c94b9304862
Instruction Fuzzy Hash: 50012675908208EFCB00DFA4D944AAD7BF6EF55311F2080EAD80863351DA329E55EB50

Function 05622E60 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faaedd9e01f1145f09ceacb8f8e8130a3249755d5b5bb0e81161c8a56a6b4b5e
Instruction ID: ef3146bde41e46e6ad456cba9da268a9b5c3f3daa864e545492a67234035328c
Opcode Fuzzy Hash: faaedd9e01f1145f09ceacb8f8e8130a3249755d5b5bb0e81161c8a56a6b4b5e
Instruction Fuzzy Hash: 4901F276905108EFCB00DBF8C852B9DBBF5EB44311F2081A99848A7390DA379A46EB45

Function 00F75442 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01d46f1c8fc4452b85678ddc16d51ca2733d06bc2ff1a7e15c4d77f6c6ea9394
Instruction ID: 34b1e4be49d25932ee4172ab4051af4e83ba0c1fbe1fe6ba90a675e2f380d946
Opcode Fuzzy Hash: 01d46f1c8fc4452b85678ddc16d51ca2733d06bc2ff1a7e15c4d77f6c6ea9394
Instruction Fuzzy Hash: 1201F771208915CBD700DF60D8B076E3761EB54711F20882BE15B8F2A5D7759DC2A783

Function 04EAC8B8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cfc176ae360f8d727b18bd63e39a700ce52f92a86c4586a6ed5ee703784303c
Instruction ID: b4b0a0f04298dcbb806329cefc01f239138c55662c03ec30907fbf8fb199da33
Opcode Fuzzy Hash: 3cfc176ae360f8d727b18bd63e39a700ce52f92a86c4586a6ed5ee703784303c
Instruction Fuzzy Hash: F0012871904208EFCB40CFA8C945AECBFF0EF45311F2051EAD8089B291D636AA55EB01

Function 05736FE8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d17039066f51c4f82ca609733b3f1a8dacefb4841d7a0ae1f1204a8db7f0d01d
Instruction ID: 227d628bb5482abf058606d15788b692ffcd176867b2aad428642bdb75dc1f4c
Opcode Fuzzy Hash: d17039066f51c4f82ca609733b3f1a8dacefb4841d7a0ae1f1204a8db7f0d01d
Instruction Fuzzy Hash: 2B019A703002049FC729AB34D44AA3A77A3EBC8330F548569E5564B7A5CB76EC42EB80

Function 057318C8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 034cc426fdbccbaebfc969f7aa4daf2c684f666a7bbee5a9e63dc5a5ea15a173
Instruction ID: 9070fc71636a94272fd30abc4f2af4d2eb971b49513b9447f4dd6ccc05482b89
Opcode Fuzzy Hash: 034cc426fdbccbaebfc969f7aa4daf2c684f666a7bbee5a9e63dc5a5ea15a173
Instruction Fuzzy Hash: 88F0F6377110096BDB185619D8999AAF3AAEBC9230B448026E915D7361DE7098169690

Function 05758261 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b3e519949475426f1d3322795708717b621275c38fc393aa5bf1b1f6769239
Instruction ID: e2971904f75aa705f67b106dee86ba3ca486140588186d3d7754b21adac1640f
Opcode Fuzzy Hash: 39b3e519949475426f1d3322795708717b621275c38fc393aa5bf1b1f6769239
Instruction Fuzzy Hash: A201B170D0974ACFDB14CFA9C9406ADBFF2FF45321F6482AAC818A7250D7754581DB41

Function 0572B8D8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa7b7b43c93355966173ad6ec645f85b752bf0d1cdb75d4884f685076934190
Instruction ID: f20141baea3096a265f95612c802b7c8a15db66118b33ca17d4df5aa44b42487
Opcode Fuzzy Hash: faa7b7b43c93355966173ad6ec645f85b752bf0d1cdb75d4884f685076934190
Instruction Fuzzy Hash: 10F04632B082145FE3188618E805B3BFBA8EBC8320F08443AE4898B340CA72EC0593A0

Function 00F76FB2 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2991ecde35bf0f7715a74f8e0984cbb2641a1587bbd42a5f02cbb341b14fcab
Instruction ID: e2ff6bd5ca3122db90c8266393e5ad103e846062d2c23fd9966c0cfcb6558843
Opcode Fuzzy Hash: c2991ecde35bf0f7715a74f8e0984cbb2641a1587bbd42a5f02cbb341b14fcab
Instruction Fuzzy Hash: 45014875A04249AFCB05DFA4E8108DCBBB2EF88310B15C16AE84567254C7315926DF50

Function 05751760 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4efe9d55ccd7a760712486f5ac96acd56f5a78d11ba50ecff6aa02a64ec5c11
Instruction ID: ad5f9f2d8b35f3205ee26c3e61c94c3408c3d163b29320cbcffde4210658146a
Opcode Fuzzy Hash: a4efe9d55ccd7a760712486f5ac96acd56f5a78d11ba50ecff6aa02a64ec5c11
Instruction Fuzzy Hash: D5F04679448008BFC700DFF8D845BEDBBB4EF85321F408199AC4957740DA769A44EBA1

Function 04EA08F8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ea94324d2c4079a6d869802300f5fb9df5406034bdca5102112168b21bc24ed
Instruction ID: 5fb01942a9c612c3d852e5fabeb568dbbceccf63c9fa64aaf3292186821293a7
Opcode Fuzzy Hash: 7ea94324d2c4079a6d869802300f5fb9df5406034bdca5102112168b21bc24ed
Instruction Fuzzy Hash: E6F02BA07043045BD308E6BD5C6137BA5CBAFC9300F24C43EB609CB3DADD244C8113A6

Function 0573CE21 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70db902cdd860c442087bf44a1d14e9419d69fc032255d9df72a2e10ef3432b5
Instruction ID: 42e2ccdc8665cdce305a22b4fc38537d50f1242b1e26a3b938bbc0785fb93dda
Opcode Fuzzy Hash: 70db902cdd860c442087bf44a1d14e9419d69fc032255d9df72a2e10ef3432b5
Instruction Fuzzy Hash: 7DF04C72846108EFD702EBB4C806A9D3BFDEF01231F141699901CA31D1EE728E44F792

Function 05728E2B Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4b55650e79cb51a9be7c87f3dfe07206d40634d758272edc819a75a953edc69
Instruction ID: 07275f1df8d7789b5e35e4d3a61e0ca1ea97e9a015e836697be42e33596e09bc
Opcode Fuzzy Hash: e4b55650e79cb51a9be7c87f3dfe07206d40634d758272edc819a75a953edc69
Instruction Fuzzy Hash: 5F11C5B4A112288FEB54EF64D8457EEBBB2FB49304F1041AAE40EA7744CB345E85DF90

Function 05734EF0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23f9dadd50870e6cacf0390b46531abae73959c07fa13d4ba28528ecb6894ecd
Instruction ID: d463396a4e4598000b89cb4580859dc89d2982525a0752678ac03a8cb9241277
Opcode Fuzzy Hash: 23f9dadd50870e6cacf0390b46531abae73959c07fa13d4ba28528ecb6894ecd
Instruction Fuzzy Hash: 2A014F353006149FC7099B24D459A1EBBA3FFCD721B10816AE90A8B364DF76EC46DBD1

Function 0572B940 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23982801e63750cb221b3cb08ecfb64d1c89274380f00227ce3dfd338b01b154
Instruction ID: 9b39c4bae94e12da5a5c1d6aa3cbc00407c0f3a02cdd8e31aeac244870b154ff
Opcode Fuzzy Hash: 23982801e63750cb221b3cb08ecfb64d1c89274380f00227ce3dfd338b01b154
Instruction Fuzzy Hash: BFF02BA2B0D2609FE31602385855335BFA1DFD6200F09449BC0C98F392DD969806D351

Function 05726988 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45505754e83967685aac98be3105bf2124c2d549f357d584049285a240b501ae
Instruction ID: 3a0a03443f45bbe9e2d08c8bf75e9613241ca67b391f1cfbb019065e83e6bdca
Opcode Fuzzy Hash: 45505754e83967685aac98be3105bf2124c2d549f357d584049285a240b501ae
Instruction Fuzzy Hash: 14F0C231A08108ABCF44DFA8D485ADCBFF0EB64310F04809EEC089B241CA379A82EF41

Function 00F7D7C5 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c24e8a34bda61ce0b497239a0f987070f486ea05fa7ddc1434523b9327b8ad8
Instruction ID: 01d06107c18d9352e2985562a16b51205bb5dbf581db8356a78434a19c3ec3ff
Opcode Fuzzy Hash: 8c24e8a34bda61ce0b497239a0f987070f486ea05fa7ddc1434523b9327b8ad8
Instruction Fuzzy Hash: FDF0E951B042486FE34561391C9036B1D866FC9314F35C0E7F18DDB2C6DD548C82A363

Function 0575E300 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2b5038fb883f91a0b048d2e3b5e05fcc68d3cb36cc73ca562556f8d333a9147
Instruction ID: a1dbbd7d1ec43493125b9c9245a49000eba7b8093786c8a8474fe9abaf23eece
Opcode Fuzzy Hash: e2b5038fb883f91a0b048d2e3b5e05fcc68d3cb36cc73ca562556f8d333a9147
Instruction Fuzzy Hash: A60116B4D06209DFDB40EFA8D4466AEBBF5FB48300F2080AAD909E3348DB745A40DF91

Function 04EA0380 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 631976da827ada43064d85ec7e3f690c8fe391bf1ac7688bf5ffeee93fca10b5
Instruction ID: 2ec49a855c36eb497ae229a1529ed804a7c022d02f6ef21dd8f29a812952d696
Opcode Fuzzy Hash: 631976da827ada43064d85ec7e3f690c8fe391bf1ac7688bf5ffeee93fca10b5
Instruction Fuzzy Hash: DDF0C251A0A3C01FD716A6795CA13A93F729B83210F0E86EBE291DB1EBD9144C869356

Function 05734C68 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83a4f4ca590456315e1c059f196e5125aa87076c39c9ce6f6f3c42daa0ce26a7
Instruction ID: 5d1377de26b2e51d2f26a94a15e15e331804df005a932aa4deb03dcefab977ea
Opcode Fuzzy Hash: 83a4f4ca590456315e1c059f196e5125aa87076c39c9ce6f6f3c42daa0ce26a7
Instruction Fuzzy Hash: 59F068753403009FC3059B25C855D267BB6EFC9721B1540AAF556CB3B2CA71DC41D750

Function 0572B8E8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b8c2061a47d77d2bff7d381f2963fba94dd33c4580e07e6c0a6bfe21cf9ad55
Instruction ID: 2433060e9ddd23d2ddb436c0bb87ddf57563151ca2f0c647f74681c9b1327f94
Opcode Fuzzy Hash: 6b8c2061a47d77d2bff7d381f2963fba94dd33c4580e07e6c0a6bfe21cf9ad55
Instruction Fuzzy Hash: 45F0E971F046255FE31886199844B3FFBA9EBCC720F14446AE5899B340DA71AC418394

Function 00F7D288 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9355545b9c7a0d8a1e17e32b6e7178c1d13bd32c700fa2c71bd42762083aea60
Instruction ID: 4349c1d464c599c9472c5f95eb61469f05e2e7cae57aafdbf6b7b0d3b014a712
Opcode Fuzzy Hash: 9355545b9c7a0d8a1e17e32b6e7178c1d13bd32c700fa2c71bd42762083aea60
Instruction Fuzzy Hash: A2F020A1B082281BD71411BD6CA033794AE9FC9310F64C07FA309EB3CACC648C8263A7

Function 05A05108 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8eac3a4d6a4870143dae006a540b3e095495d0cb4edb4115c36264d7c28c74c
Instruction ID: 4e3b982d8fe780766f1fa18e0a43f52a2535fa21d4577f6f15b88b75fe3cdeb2
Opcode Fuzzy Hash: e8eac3a4d6a4870143dae006a540b3e095495d0cb4edb4115c36264d7c28c74c
Instruction Fuzzy Hash: E211D074915229CFEB64DF28D888BE9B7B1FB08300F4050D6D529A3281DB349E858F11

Function 00F7DC80 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a34bcfbc33baa9f6093b0cd90ff0c77894c0680cd1dc7d75279e708ed94142ab
Instruction ID: 028102abfe4c279d047cc533d92d8a7e3e7a0932f0985e6cc887a1d23d749539
Opcode Fuzzy Hash: a34bcfbc33baa9f6093b0cd90ff0c77894c0680cd1dc7d75279e708ed94142ab
Instruction Fuzzy Hash: 01F027707002141BC3186A7C1C517EB37EAAFC5310B29C56EF509E7286CD685C836391

Function 00F76FC0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bb2efccc9b38994b901302ad4100e4ecd0c0a4dad236ff421ab379d0e992dc8
Instruction ID: 5849a48f334a12134d344b36e7d4da973f4cf06e172428e8e1ecc64a3bd9a139
Opcode Fuzzy Hash: 2bb2efccc9b38994b901302ad4100e4ecd0c0a4dad236ff421ab379d0e992dc8
Instruction Fuzzy Hash: 5D01E475E00208AB8F04DFA5D8008DDBBB6EB8C320F10C02AE81667350DB315915EFA4

Function 057376B8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4774a7d3898747d851b541768fa3b0c579b9b3833bf2666b6cf11cd521d9affc
Instruction ID: 9e397fc4677830c6e9ec36ecd973979ca7c0de0cc29878e1453ec0df034aebd8
Opcode Fuzzy Hash: 4774a7d3898747d851b541768fa3b0c579b9b3833bf2666b6cf11cd521d9affc
Instruction Fuzzy Hash: 02F027723403108BD72E6B74D8977A93B92FF05636F144479D4068F281EF32D802A301

Function 00F7C3D0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c500a84e15836f8641c0d1c20af7bc7177dc2ea0c610b8de1723d4378fa01a70
Instruction ID: 0f375e96c83f19668fc15e754d89d308c96b0841008fe2470880e62f745de614
Opcode Fuzzy Hash: c500a84e15836f8641c0d1c20af7bc7177dc2ea0c610b8de1723d4378fa01a70
Instruction Fuzzy Hash: B5F05E313002045FC340EB79D845B6E3FE5DF88720F1144A5E609DB3A1ED319C809795

Function 057376C8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71dd29d4ff780659bd85a4c16403f5be068260f5996bc4fabf5eebf47eb98e51
Instruction ID: 98cb73bccc169dfcfab6fc2bda739037efbef6d7583bcdc86e1fa57b0ee03ede
Opcode Fuzzy Hash: 71dd29d4ff780659bd85a4c16403f5be068260f5996bc4fabf5eebf47eb98e51
Instruction Fuzzy Hash: 41F0EC707103508FDB2D56785C1AB693BDAFB89631F504479D5058B281DF71DC00A351

Function 05737B60 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62f48278e831904c8758af5ed87963968045561eeb547efd2e44401f8f75a9cb
Instruction ID: ed4ae1fa872f01bf99aa6f64effaf531257a413f3f204b8b98488bc9c6492f91
Opcode Fuzzy Hash: 62f48278e831904c8758af5ed87963968045561eeb547efd2e44401f8f75a9cb
Instruction Fuzzy Hash: 93F0A77060914C5FC714DFA4681623C7B64D747325F1405EAED0D87642D9275D105381

Function 05728CDA Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e09083117589165c71da56a3a569c76ba8d781e1755a2827e855f6cb3d7a1e1
Instruction ID: 87561c0561c2bbc58021e679fcc2b81649eb73936daf856a14fe70993c5154c0
Opcode Fuzzy Hash: 9e09083117589165c71da56a3a569c76ba8d781e1755a2827e855f6cb3d7a1e1
Instruction Fuzzy Hash: E7011970A06628CFD714EF69C8447AEB7B2FB8D304F1490AAD40AAB255DB749888DF41

Function 056226A0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 337b24644994a4b3a1f392087457e94259a570cc1d7bfa4ecc5272b26906ca17
Instruction ID: 28913c67c42a6c724f461bfeeb4553d4cac0bb976e6cf299f882fd9a0dbbe6b1
Opcode Fuzzy Hash: 337b24644994a4b3a1f392087457e94259a570cc1d7bfa4ecc5272b26906ca17
Instruction Fuzzy Hash: B4F0C276904108EFCB01DFA8CA559ADBBB1EF49301F1485DAEC0897350DB329E15EF51

Function 00F7E7D9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 877bb164399968f58b12713d7eb33e8d6e7e568c0a07d5d1bf2f27b5ac9916b6
Instruction ID: 08d816fad320142d310bbfb7758a00c3abb04dddfb4dc7c64b97725d7112af06
Opcode Fuzzy Hash: 877bb164399968f58b12713d7eb33e8d6e7e568c0a07d5d1bf2f27b5ac9916b6
Instruction Fuzzy Hash: 05E0DFA2B0561427E70811BE2CE57FB8B9EDBC5350F24802AB20CD328BDD584C8323A1

Function 05730CD0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06de14c7c8d17eac4122a933568bdd4536d06eef1d62583efccdc46c2c2f23ab
Instruction ID: df04bb4bee7f8c658f3d6a59f8dfb33e96cc1bce302c6ddb52d8c7b31d79efb9
Opcode Fuzzy Hash: 06de14c7c8d17eac4122a933568bdd4536d06eef1d62583efccdc46c2c2f23ab
Instruction Fuzzy Hash: 55E0D83230652247DF68046EAC5A7A695E6EBC6771F90413AFD06CB306CD408C4253D5

Function 057262F8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 297cd04743790814dae80e93303032cdd3594346dbedcc95b0f87671c338e301
Instruction ID: 1c41170f0b93340ca2bd31e0b111929427ea85f17a33b11dc764b7b5b93c10c5
Opcode Fuzzy Hash: 297cd04743790814dae80e93303032cdd3594346dbedcc95b0f87671c338e301
Instruction Fuzzy Hash: 6AF0B4719091489FCF41DBB4C515AADBFF0EF46211F1481EBDC0CD7211E9369A04E751

Function 056228B0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ee967cf00f6719f6fbab51f4be9dd8c618666654cfc196e32c0485370ce41fd
Instruction ID: 399f4fed153f0621df1697cffdb9fd0a16555f343e855b67618525346936f3d7
Opcode Fuzzy Hash: 8ee967cf00f6719f6fbab51f4be9dd8c618666654cfc196e32c0485370ce41fd
Instruction Fuzzy Hash: DCF0A73590910CEBCB04DF94D941AACB7B4EF45310F1052A9EC0863350EB36AE59DB85

Function 00F72D40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0a128062a844d7ce456cbf1d83f8e26a1846cc7d31318681fca8d5777762ed5
Instruction ID: 9161f527a765eb76f7a136fdbb7deaa2871bfe147ecf59c09fff13f1ac59b409
Opcode Fuzzy Hash: f0a128062a844d7ce456cbf1d83f8e26a1846cc7d31318681fca8d5777762ed5
Instruction Fuzzy Hash: DCF0203030C7440FCB166368BCA04AB7FA2EFC221234609BEE14BD7253CD546C0AA3A1

Function 05734C78 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d56ee6c8398974c6527b78fd7020272b7323860c075bb29e89b9bb7a14c0325b
Instruction ID: 91f5fb3c8c6ed21d292f9bccee5dc7126f3ee122644e667593bb91a9c4daee04
Opcode Fuzzy Hash: d56ee6c8398974c6527b78fd7020272b7323860c075bb29e89b9bb7a14c0325b
Instruction Fuzzy Hash: C4F05E393102009FC308DB29D458D2A77AAEFC9721B10806AF9168B3B1CA31EC42DB90

Function 05727450 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e747e30ab70db5800043c8a33cddda944db2fabe03fe93ba7e0fe9b2902f5ac
Instruction ID: 1fad45fd7c61420b74c70eb40ff78e92b069fac3a35b4b8aff5e8b65ac771463
Opcode Fuzzy Hash: 1e747e30ab70db5800043c8a33cddda944db2fabe03fe93ba7e0fe9b2902f5ac
Instruction Fuzzy Hash: 7EF09A70908248AFCB45DFA8C9409ADBFF5EB06310F14C0EAEC489B382D6369E41EB41

Function 00F7EC08 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec4f4cc6a4b9593b6d98e7796c72f8d0aa4b42a67c15f2460fbcb4db9aee5edf
Instruction ID: 7bac2c5511d619f248608c1565dfb22ba3135155a9dc66bd637e33a49cbc2e1d
Opcode Fuzzy Hash: ec4f4cc6a4b9593b6d98e7796c72f8d0aa4b42a67c15f2460fbcb4db9aee5edf
Instruction Fuzzy Hash: 33E04F6271522422E71820BE3C907FB96CA9BC8720F14803BB349D3289DDA948C32196

Function 05754943 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62de7892ba1c78d3a7a2cad23150144138a1fea7179bf87df74b9c71749e77cd
Instruction ID: 9484e53478c61dfac28fc595402ff248307db76004f56aade14189e28ebb3d20
Opcode Fuzzy Hash: 62de7892ba1c78d3a7a2cad23150144138a1fea7179bf87df74b9c71749e77cd
Instruction Fuzzy Hash: C6F03A71904248BFCB80CFA8C855BAEBBF9EB48310F14C09AAC58E2340C2399A51DB50

Function 04E30B40 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70773c765cc385fc7e8a94e5dfb53769e6162483c4f28c4e82e8cc27ccb89d9
Instruction ID: 330f67fab41753d982443f608d8c9853cfb60fa81495de2b283d9f4e8cf1f866
Opcode Fuzzy Hash: c70773c765cc385fc7e8a94e5dfb53769e6162483c4f28c4e82e8cc27ccb89d9
Instruction Fuzzy Hash: DCF05E74A00600CFDB02AB6AE44CB59B7F5EB8834BF0094A9E80AC7259EB74EC41CF41

Function 057285AA Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92b5b4f63c5f5072b2e1f20a7cdb7a16875797be1e08d8b2b3f3807f7df36a97
Instruction ID: 978d02e90c7e4c68e79a75d11528aa8b33c793bada16a1c93327ec1906165c15
Opcode Fuzzy Hash: 92b5b4f63c5f5072b2e1f20a7cdb7a16875797be1e08d8b2b3f3807f7df36a97
Instruction Fuzzy Hash: 280108B49052288FDB54EF24D8457AEBBB2FB48304F1080DAD40EA7395DB745E859F91

Function 05627C48 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89632326cd2bc25607c6a516675718f5304b8e76124adacbec0b8ada96347248
Instruction ID: 74c6711650805c39ae693f990dc33dc449f3929fff988b9656859e3126ad064e
Opcode Fuzzy Hash: 89632326cd2bc25607c6a516675718f5304b8e76124adacbec0b8ada96347248
Instruction Fuzzy Hash: 1EF03A35A04208EFCB04CFA5D949EADBBB5EB09310F148099E81867351C6329A51DF51

Function 00F7D3A8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0217cc87c0a0ec2413131055a2dded760da2cc8cbce32373c3d46eb644a0f7eb
Instruction ID: 15665a660e20f4c8793fffc36995ae4a243fb953b130d7dd4702d23a8bf57cf8
Opcode Fuzzy Hash: 0217cc87c0a0ec2413131055a2dded760da2cc8cbce32373c3d46eb644a0f7eb
Instruction Fuzzy Hash: 20E022A1F083685FE30519787C6037A24AA6FC1350F35C0B7EA86DB3DADD614C4223A3

Function 05756F80 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb15318011cd061ac5cf19a7544148a9087af810e68a6840643f64e6dac90f59
Instruction ID: 6749b7b7a6b5d75c113887fab9e012c869c3e8d30b0d88186fde8a4a4c32256c
Opcode Fuzzy Hash: fb15318011cd061ac5cf19a7544148a9087af810e68a6840643f64e6dac90f59
Instruction Fuzzy Hash: D8F0BEB0E05208BFCB00EBA4E856BECBBF0EB44314F1580A9E844E3381EA359A44CB50

Function 04EA0837 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa930e2141f715d99df8f8e171236c907621190fa6439ff34fe725372040595d
Instruction ID: bf5f70ba752f4aa7122f2d12502d9bf57df534a4ed23fde0324fa2d3a890e253
Opcode Fuzzy Hash: fa930e2141f715d99df8f8e171236c907621190fa6439ff34fe725372040595d
Instruction Fuzzy Hash: 2FE022207093400BC309AA3C5CA27FA3B72DF82220F4DC1AAE121DF1EFD958188B6752

Function 05730D20 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 327438b9fcafb012572282e0a800a6739df91c5799cd4cef8fae4aea28cbc054
Instruction ID: badc7830f05efc87b109ceca68f42c3c42055c2cfd5e8c6400bc43cdb1144957
Opcode Fuzzy Hash: 327438b9fcafb012572282e0a800a6739df91c5799cd4cef8fae4aea28cbc054
Instruction Fuzzy Hash: 26F06C3220420557C714972AECC5A4BBFAEDFD1361B54D93AF10A8B612DD7099499790

Function 05727581 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eba34e7576ddd9dd93f56b11d2f903394b38484348996795359b88491407ade4
Instruction ID: 173ad86be736b62371920286912e5518dc7306e8b7f9ab7da96e03137e27a3bc
Opcode Fuzzy Hash: eba34e7576ddd9dd93f56b11d2f903394b38484348996795359b88491407ade4
Instruction Fuzzy Hash: 5EF09030D09248AFCB44DBB9C5409ACFFF0EF06210F1481EED85897392D2369A42DB91

Function 0572837D Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d28d622dbd2c104d3bdc1ef72b0d228337520e29def80066bc740c9dffbd8f8a
Instruction ID: bc328af0b313ee979836772a3dc96234d362a2ecac37c2e1609cc459a6daa318
Opcode Fuzzy Hash: d28d622dbd2c104d3bdc1ef72b0d228337520e29def80066bc740c9dffbd8f8a
Instruction Fuzzy Hash: 94012870902258CFDB10DF58D48579DBBB2FB09300F00859AE40AB7345CB349980CF41

Function 0562BD1A Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68152382e931042127e8102318da1c5dc9eef7fba30f85bec83984b096886fb1
Instruction ID: 0ba1a5848e89149b7db822b5e1aaa9de3cabccd69d57113ad2309b5a621eb654
Opcode Fuzzy Hash: 68152382e931042127e8102318da1c5dc9eef7fba30f85bec83984b096886fb1
Instruction Fuzzy Hash: 9FF0BE70D04208ABCB54CFA8D841AECBBF4FB08320F1081A9D858A7391D33A9A42DF44

Function 04EA82D8 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adf93aa9c09198d67ba295bf81bb34392ea320455fda5f5219bebda417538b2b
Instruction ID: a08fc442ab57396b0799b14510838de9c7cff7193cec7e193f9881b8a3dd1c6a
Opcode Fuzzy Hash: adf93aa9c09198d67ba295bf81bb34392ea320455fda5f5219bebda417538b2b
Instruction Fuzzy Hash: E1F05434905248EFCB45CF98D9419ECBFB1FB45321F24D699DC18D72A1C3369A56DB40

Function 05727CF0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5123c105d7144f72aa0a177873de64526a7c9b2554e275dc4211124dc60ebfb1
Instruction ID: 3151ab79006a3685a6bc45cb12b5cc17269d5580f87441f22a0b11e21144eee7
Opcode Fuzzy Hash: 5123c105d7144f72aa0a177873de64526a7c9b2554e275dc4211124dc60ebfb1
Instruction Fuzzy Hash: ADF01C31D44208ABCB84DFA8D9457ACFBF4EF48311F1490A9DC09A7341D636AA42DB45

Function 057287DF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51b95528a9835f430275d59b0357f7e6449d1db4c6df340c0b3211d83b422477
Instruction ID: b2fc3022eedbf1a2c7c62269dd559509b8666838d0029ba0f73e2660e3f62e55
Opcode Fuzzy Hash: 51b95528a9835f430275d59b0357f7e6449d1db4c6df340c0b3211d83b422477
Instruction Fuzzy Hash: CF011970D11668CFDB44DF59D895A9DBBF2FF48300F5081AAE409E7256DB309985CF04

Function 05626D40 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc6a88f463c0608f2669198482eb234f8d986543a4d60fd2b5300f4a270b9c0d
Instruction ID: 3a8e99af1cca6309e8ed297f12d19826479cb182e02673295c4caa13e5d1cf63
Opcode Fuzzy Hash: fc6a88f463c0608f2669198482eb234f8d986543a4d60fd2b5300f4a270b9c0d
Instruction Fuzzy Hash: 37F09A30D08658AFCB41DFA8D844AA8BBF4EB05220F1081EAD81897395D7355A46CF41

Function 05629DF9 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36f5e178731a8de9b992e3b5873cad872b009ddf37c3c3902269a51e1cad2864
Instruction ID: 3cd28b4de90819614bc18059dc323c02f99cf62dfcd8c6b4779425b51fa5c5b6
Opcode Fuzzy Hash: 36f5e178731a8de9b992e3b5873cad872b009ddf37c3c3902269a51e1cad2864
Instruction Fuzzy Hash: 14F05E35809218ABCB05CF94D9409ADBB75EF85315F14C099AC4817251C6329AA2DF90

Function 0562AE40 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bbe1f9dd137bb773b3df634f1d709f097210fd9e3ed3a38ca3f80bc095ea1a7
Instruction ID: fe6f947ea05743f79e451b8f355de944b3e2a0d265fa68e8664c502467f5d924
Opcode Fuzzy Hash: 1bbe1f9dd137bb773b3df634f1d709f097210fd9e3ed3a38ca3f80bc095ea1a7
Instruction Fuzzy Hash: BCF0FE74D05108AFCB40DFA8D845BDDBBB5EB48310F10C0A99808A3340D6759A42DF55

Function 0562BE50 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 272b786b63a1d7db165e52b6ea50a77fb20221c3960dc8772101787e7e471e0b
Instruction ID: aca9691e35a0135c7196920d1070de5840925cd903951795955db0a1c098d02c
Opcode Fuzzy Hash: 272b786b63a1d7db165e52b6ea50a77fb20221c3960dc8772101787e7e471e0b
Instruction Fuzzy Hash: 2BF0F874905208AFCB90DF98C986BDEBBB5EB58310F10C1A9A848A3351D6369E42DF85

Function 056290B9 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb083b447dffdc5d052ac977e165abe8e7250815d56f9d0ac122b84b0cc3d048
Instruction ID: 53dbb37ddca9f7312296655d1899d3262f2b352361da70cf0ca37d2e6de36abe
Opcode Fuzzy Hash: bb083b447dffdc5d052ac977e165abe8e7250815d56f9d0ac122b84b0cc3d048
Instruction Fuzzy Hash: 30F08C35504108EBCB04DF94D840AADBB75EB58311F10C09CF84817381C6339A92DB81

Function 05626A81 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ad671cb1b9cbf228353a62ea9232165f79ed7bafad424ccc3f807233f454de
Instruction ID: 952eb3eeb2bfbb4ce778d4b1eea08a39a4e67b2a94ea6e4c013998f915f0ce82
Opcode Fuzzy Hash: a6ad671cb1b9cbf228353a62ea9232165f79ed7bafad424ccc3f807233f454de
Instruction Fuzzy Hash: 02F09030D04608AFCB54CFACC9409A8FBF0EB05314F20C1AAE858A7391DB369E42DF41

Function 00F7AAB6 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6dc710a1149aa5e196749d81b0064a2a3cb3db811a9ce5aafdd44a0c64287d3
Instruction ID: 59db095d9a0b26951bff868c2958cc73a7a1d5759c245ab5c79daab24267b488
Opcode Fuzzy Hash: f6dc710a1149aa5e196749d81b0064a2a3cb3db811a9ce5aafdd44a0c64287d3
Instruction Fuzzy Hash: F1E039357040104FC704EBBDE8559AE77EAAFC921135580AEE50ACB7A2CEA5DC028B91

Function 05754E88 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f94a1d4e2556a313fc2087de84dd19617ee05b996e8a720b84b631b6a4ecea67
Instruction ID: 1bf0542bd3eaac1ccc33c1dc347f82427076b18b6b2d7c2d8df757c8f077e1be
Opcode Fuzzy Hash: f94a1d4e2556a313fc2087de84dd19617ee05b996e8a720b84b631b6a4ecea67
Instruction Fuzzy Hash: 1EF03074D09108AFDB04DB99C841AECBBF9EB45224F14C1B99C1892340DA3A9E82DB50

Function 05728C60 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e65bfa3ad2d28bc92573815cc487e9adf7c07e2183bf4b15222e3985c753be4
Instruction ID: b7b5f63e87deeeb8322cabb4bb9a0c9e06a67d134c1acce017930fe2ddb5eb35
Opcode Fuzzy Hash: 9e65bfa3ad2d28bc92573815cc487e9adf7c07e2183bf4b15222e3985c753be4
Instruction Fuzzy Hash: 9101F270901368CFCB54DF58D889BAD7BB2FB49301F20409AE40AAB246CB7499C4DF46

Function 057267C0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03f7e2ee9e9c4abfd2629dc4464171cf1f88eacff47a8426682e778115e9d483
Instruction ID: 8d63157a96ef3028a0881c596f680496b09cfc04eca2eaf28fcacc8f979d7ec8
Opcode Fuzzy Hash: 03f7e2ee9e9c4abfd2629dc4464171cf1f88eacff47a8426682e778115e9d483
Instruction Fuzzy Hash: 6BF03075D04248AFC784DFA9D8457ACBBF4EB48310F1480AEDC58D3341D6369A45EB40

Function 05726341 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14b55e9fbaac40ebe1f3726758be2e7723c93a094657501e9bfecc0d8f599662
Instruction ID: 56100d500a3e081453b59ad8ae8acf84764f2784aa4eefd1bb478b58b9402996
Opcode Fuzzy Hash: 14b55e9fbaac40ebe1f3726758be2e7723c93a094657501e9bfecc0d8f599662
Instruction Fuzzy Hash: E0F03430D09248AFCB41CFA8C8806ACBBF5EB4A310F1480EEDC0897252C63AAA45DB41

Function 05729AD0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35ce1b65830de7ab426e4836e21d95e915088727776d350a3fc39cd0df0ac192
Instruction ID: 1a07fcc25a36980e4e558caf914a2ac22845baa49499cf3fc58e1caf17238208
Opcode Fuzzy Hash: 35ce1b65830de7ab426e4836e21d95e915088727776d350a3fc39cd0df0ac192
Instruction Fuzzy Hash: 3FF03075D04208AFCB94DF98D9867ECB7F4FB48310F1480AADC08D3340D6369A85DB44

Function 05754950 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33dc7072e99893e7537ad3929a2206b49036b0d11708a2bf1fbb4d630b1e7922
Instruction ID: 13f43de5d4310cc20c4bd713b7003b685d58e66d7aaf703c86d810364781b8ca
Opcode Fuzzy Hash: 33dc7072e99893e7537ad3929a2206b49036b0d11708a2bf1fbb4d630b1e7922
Instruction Fuzzy Hash: CAF0F874D04248AFCB84DFA9C845AADBBF9EB49310F14C09AAC58D3241D6359A51EF50

Function 05729A88 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d1627dc9ac0429ef2531d1d4afc60b03e718dea692ddbf838ffe4218a33e518
Instruction ID: e7619a159c854f07688d51bcfc16b61d494ebe702a324b56802c8ef07935e798
Opcode Fuzzy Hash: 9d1627dc9ac0429ef2531d1d4afc60b03e718dea692ddbf838ffe4218a33e518
Instruction Fuzzy Hash: 42E0867744550CABC714EBB4DD8A7EDBBF8EB04210F6004A5D80593241ED37AF58E795

Function 05621EF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 988d0605f72fba5a9b0c97fabfaf488112904e60bc2de1aa7b947b5a7b0b1fd1
Instruction ID: 8a2318db10cc986260c1ebd4f5344743d09fdffc07e2457ac0c870cad8547085
Opcode Fuzzy Hash: 988d0605f72fba5a9b0c97fabfaf488112904e60bc2de1aa7b947b5a7b0b1fd1
Instruction Fuzzy Hash: EDF03070D09218ABCB94DFA8D8857DDBBF4EB49301F1480A9A818A3341D6359A41DF45

Function 056229D1 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08accc2f9e7849b5f23503b59f395d3e8c81ab8670fbbba1a89081a6fc3b1904
Instruction ID: 4f7e35ceb993f6a29236d593b8daff6a6a71497cd239d36b117c30cadf421a32
Opcode Fuzzy Hash: 08accc2f9e7849b5f23503b59f395d3e8c81ab8670fbbba1a89081a6fc3b1904
Instruction Fuzzy Hash: 6FE09275805108BBC744DE98DE82FDABF79EB44314F148169BC0863351CA329A41EA99

Function 05623881 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee43b0451eef81c99e213d2f471764768fb42cc0946f1be21988c7ef0bf6fe7
Instruction ID: 451277a5aeba6bf39ec02856e18f6a8613dc27834cc2202e8df56f9e34e11cc2
Opcode Fuzzy Hash: 0ee43b0451eef81c99e213d2f471764768fb42cc0946f1be21988c7ef0bf6fe7
Instruction Fuzzy Hash: E5F03A34909208EFCB01CF98D880EACBBB1EF48310F14C4AAEC1897351D63A9A55DB41

Function 00F7A251 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7df5c519e07b2da108ebd60da80966e377b589e66730d86f426da737482314e2
Instruction ID: a80a1e97e3118a3f2d8b4e6a0c4722043530132cc24614a7c888993cb531c5b0
Opcode Fuzzy Hash: 7df5c519e07b2da108ebd60da80966e377b589e66730d86f426da737482314e2
Instruction Fuzzy Hash: FCE0ED7194E3C54FC7538B3088A48847F306F2B51071D45DFD885CB2A3D1299C0ACB12

Function 00F70B99 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0bfad33e2c1b73a295259ce108b0ccc25b9545031c85047f715645313c9b8d
Instruction ID: ea22bff4acb9d73533fe72d8bf83464f5b740e3e245ba1be3d3d7638c9c77496
Opcode Fuzzy Hash: 5b0bfad33e2c1b73a295259ce108b0ccc25b9545031c85047f715645313c9b8d
Instruction Fuzzy Hash: 12E0923110D2852FC71A9775AC908AE7F769EC26107094AEFE4018B1A7CE684C8A9791

Function 0575AD29 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ccfca9c19f91b63b89f7671fc2ad772f9c08c67ad9d5fc7d9592f7ba0445421
Instruction ID: d97e5ef2fb07fd88d78878565fcfcad135b5720b3602d9c95b010b07945d5e4c
Opcode Fuzzy Hash: 5ccfca9c19f91b63b89f7671fc2ad772f9c08c67ad9d5fc7d9592f7ba0445421
Instruction Fuzzy Hash: E3F0D0B4915228CFDB50CF24C844BE9BBB5F705315F1055E9D98DA3241CBB45A81DF26

Function 05757110 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd420ec76007cd972f42920b37e54b3ebf6025d1cb83c3662331418eabf9d8f6
Instruction ID: 5bef44a834118963979b21eae0d73f70b9e8e16a469b7d4fb6441d1392eeff2b
Opcode Fuzzy Hash: fd420ec76007cd972f42920b37e54b3ebf6025d1cb83c3662331418eabf9d8f6
Instruction Fuzzy Hash: B4F03975C05108ABCB14CB94D885BECFBB4EB98310F14C0AAEC49A3341E6369A42EB95

Function 04EACC68 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ccac311eab9b5d16433e5d52281875e81320aed90e52852cec681ac0163d324
Instruction ID: 797d8e2d28735d3fdf3a6976711ed572ab45137703a58dbef7c4ba0295129d74
Opcode Fuzzy Hash: 1ccac311eab9b5d16433e5d52281875e81320aed90e52852cec681ac0163d324
Instruction Fuzzy Hash: B2F02B3440D2449FC701CBA4D8819D9BF74DF46314F2980DEC8485F343C6326D56C752

Function 0573EF80 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3580b144d835030783f6a29e7b87f21f04354f59159934e2a826285d21370998
Instruction ID: 3e731fa567f65812bd895384f95519fed104eab67311a55a6c08556a0df698a4
Opcode Fuzzy Hash: 3580b144d835030783f6a29e7b87f21f04354f59159934e2a826285d21370998
Instruction Fuzzy Hash: FCE0223080D2089FC701DBB4E942998BFB4EF42314F2490DDC8085B383C6729D02EB45

Function 0573C809 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25134882088ffd72520cc97f0c3c653d0ee63fc21ff0bb656ba20a2813d324e5
Instruction ID: ca7f65d1b770e36bce0827eece4a5221d6db301a8babfa638cf1a3f93d12a804
Opcode Fuzzy Hash: 25134882088ffd72520cc97f0c3c653d0ee63fc21ff0bb656ba20a2813d324e5
Instruction Fuzzy Hash: 19E06D34909148AFC701CB98D5816ECBBB4EF49311F1491DACC6993342D63A5F42DB40

Function 0572DBB0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 454047812ba6bf941f1e791c12d978bab7c46710b3917cc4f1f02507eba344b3
Instruction ID: 40673e7c9e23da6c5d0e082a5f85bb95cc20d72c472bb423549c32e11a58e140
Opcode Fuzzy Hash: 454047812ba6bf941f1e791c12d978bab7c46710b3917cc4f1f02507eba344b3
Instruction Fuzzy Hash: 29F06531A04258AFCB1DCFA4D4586DDBFF6EF44211F148096E04AD7240DF745A85D784

Function 05728B93 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc06f6d693396fe9bea4abb2db48a024eb8383eff13b2980226b0c7c05102ed
Instruction ID: d2033920af2960177f4126541204733aa66bf1aef1116d55f6b4658653375d65
Opcode Fuzzy Hash: fbc06f6d693396fe9bea4abb2db48a024eb8383eff13b2980226b0c7c05102ed
Instruction Fuzzy Hash: 1CF014B4901228CFCB14DF58D89979CBBB2FB48301F40419AE44AA7386CB719AC4DF01

Function 05623D90 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a34ea6e1961f2c65b880bb35fe8902e8cc038f69bd3b30a25b864cce54ce8b
Instruction ID: 6fe83a0736d80a3fff3a518754d9ee2ec8d7ce58c3ce9e7278bc80a60028046c
Opcode Fuzzy Hash: 89a34ea6e1961f2c65b880bb35fe8902e8cc038f69bd3b30a25b864cce54ce8b
Instruction Fuzzy Hash: 02F06534904118BBCB04CFD8D541BECBBB6EF49304F2488E9D85857381D73A9A46DF51

Function 05756F90 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d10d3f1869810c726a0982f6df184473e2a691fc003e76426925bd7351bbd53b
Instruction ID: 9780ecb770e4b0655afe7e5d2e94c1e16361a49fe9e2177bd2a2e07f1caff79d
Opcode Fuzzy Hash: d10d3f1869810c726a0982f6df184473e2a691fc003e76426925bd7351bbd53b
Instruction Fuzzy Hash: BEF03070D05208EFCB40EFA4D4556ACBBF4EB48310F108199E84897381DB759E44DF50

Function 04EA2CC1 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53ea9114d919cf1afce0b3b7d326252f97bb69351245aaac11230806bfbafc53
Instruction ID: 4300e27fb77f74b2ee24d2d34ab626a767387db1185fa88c4fc73872db3b3081
Opcode Fuzzy Hash: 53ea9114d919cf1afce0b3b7d326252f97bb69351245aaac11230806bfbafc53
Instruction Fuzzy Hash: 15E092341192804FC756DB10CCA67417F30EF42204F0980DAC851CF3A3DE16E807C782

Function 05730D30 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f3d9b005ab86db02ad34227b8277091c8c7ac921116cbfe63fcc833f8725fb9
Instruction ID: 163d89aa5011beb238904f02191a8d2faed2f8a1f3a65db492ad89fe96baef45
Opcode Fuzzy Hash: 1f3d9b005ab86db02ad34227b8277091c8c7ac921116cbfe63fcc833f8725fb9
Instruction Fuzzy Hash: F4E0487130020557C7189B2AECC4C4BFF9AEFD0365714DA3AF10A8B615DE70AD4997D0

Function 0573C4B1 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1642af158d94394eba8c78150a4a558da955c93dd3ee6886ae05b13a2ffd44bf
Instruction ID: b231c6d94275a3f57904b46c220305de2aa4f99f0e7904bfb193196ba93b9585
Opcode Fuzzy Hash: 1642af158d94394eba8c78150a4a558da955c93dd3ee6886ae05b13a2ffd44bf
Instruction Fuzzy Hash: 46F0E530A042449FC754CBA8C9919B8BFF1EF45320F2481CE8858973D2C6369E42DB41

Function 04E32CCC Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17fe197db9ac064e5b551c5c976d7a0ce252f0081aa458af7a98f2a2f3497bdb
Instruction ID: 2190954a9ca40ec6a035ed1848a173eedfbc434f58d52e01e795be27449b0184
Opcode Fuzzy Hash: 17fe197db9ac064e5b551c5c976d7a0ce252f0081aa458af7a98f2a2f3497bdb
Instruction Fuzzy Hash: 70F0C97214E3C86FCB038F609C65B853F31AF07600F0944C7FA859F5A3D2659A25DB66

Function 0572A521 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0210e17a1204a510a710e05a2a9a0bf21bf5dae2989e1086a17e0581c3e9470d
Instruction ID: aa8285448d0c6ebc56aea78a41c72f1dacf71747f3dcc6f51fb951fba016093c
Opcode Fuzzy Hash: 0210e17a1204a510a710e05a2a9a0bf21bf5dae2989e1086a17e0581c3e9470d
Instruction Fuzzy Hash: A4F0E5719082449FCB14CB9CC890AADBFF1EF46321F2081DE986D873D1D6364E42DB40

Function 05756F37 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5804bf3e3d7d6f119dfb19f8fb84f38ab6fcae019cf2021f2036b96035ef636
Instruction ID: 1ac31c6e8e18e87bde7544d1a8f8fd9b22e95d51715766ae3000cd6a2343ae2d
Opcode Fuzzy Hash: d5804bf3e3d7d6f119dfb19f8fb84f38ab6fcae019cf2021f2036b96035ef636
Instruction Fuzzy Hash: 39F065B09592848FCB55DF98D484E987BF0FF06326F1442D5DC55CB3A3C2759941D741

Function 04EA82E8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b97c4f3c9cb2ee367c4a111c993aa9a47b7c9ac8280eac98e16b1476b42ec3
Instruction ID: df1ff7a14f733f40665f89b2db907f3801a876f6dfdeba1c8cba820f16d12a67
Opcode Fuzzy Hash: 58b97c4f3c9cb2ee367c4a111c993aa9a47b7c9ac8280eac98e16b1476b42ec3
Instruction Fuzzy Hash: CFF0C974E04208EFCB44EFA8D941AACFBF5FB48311F10D0AAAC1897350D636AA55DF40

Function 04EA7340 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2652e927ddebeda2b84149799004cd9af4eb7287c54e63b1cb4b0352dac7e4fd
Instruction ID: fa6ff84b7db565e622a49268e3f74ef9b72b05229ad627c583047eae835e7569
Opcode Fuzzy Hash: 2652e927ddebeda2b84149799004cd9af4eb7287c54e63b1cb4b0352dac7e4fd
Instruction Fuzzy Hash: 35E02676800008DFC740DBF0CA597EE7BB0EB44302F0011AAC40CA3250EB3A9E14EB51

Function 0572AF6F Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27e72963dd5fbce21bfef27e1473672875d156528d351d2f9328aa9e8c6cbf93
Instruction ID: 51fcad9ec82246197ce72afc63665b1572b5772d69cbba4ae4a4e6e25cff2d8b
Opcode Fuzzy Hash: 27e72963dd5fbce21bfef27e1473672875d156528d351d2f9328aa9e8c6cbf93
Instruction Fuzzy Hash: F0E09B3190524DEFC704DF74D88159C7FB5EF45214F6145D5D808D7242DA356F099791

Function 05728948 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7483fc25b677ee93af71e9b1299ea4bfe46a13fb33c9c37b39a7f29fb63f0ca
Instruction ID: c09b277e12fe74ee70a929f462decf6c73fbdbfeb300170221f7fdc8e73a853c
Opcode Fuzzy Hash: c7483fc25b677ee93af71e9b1299ea4bfe46a13fb33c9c37b39a7f29fb63f0ca
Instruction Fuzzy Hash: DEF0DA70A012289FDB68EF68D8956ADBBB2EF86300F504499D00F77244CE345EC5DF45

Function 05726998 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 401aa12d338c715b934a17a6ea7c96f25af66100a8725d64ae913899d6e5ba75
Instruction ID: 552f527d78aa283863e5e87ef0de3a8e8306b2f958578a4fd4e3374ceed30b95
Opcode Fuzzy Hash: 401aa12d338c715b934a17a6ea7c96f25af66100a8725d64ae913899d6e5ba75
Instruction Fuzzy Hash: 68F0C974D04208EFCB44DFA8D945A9DFBF5FB58310F10C1AAAC5997350DA369A51EF40

Function 0572A818 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 029cb1102df6a0b6b16cc9447c935fce399fed9840de2d7bfe982eee59fde687
Instruction ID: e0374cffa3dea3dba4c1a73c77795c7eeebb4b0d869442660d67dd9743a99ce0
Opcode Fuzzy Hash: 029cb1102df6a0b6b16cc9447c935fce399fed9840de2d7bfe982eee59fde687
Instruction Fuzzy Hash: 75F0A0319081449FCB11CBA8C491AD8BFF1EF46321F2481DACC585B3A2C2365A83DB41

Function 0572B3C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29d8a5e556afc6406eb64bb2b82b5ad7ec03f81aef3c75704d7f55a2de02fc74
Instruction ID: 31bc5d5543cf21f1a724b702cce904f0686b9014f8bc59a4095430b102855133
Opcode Fuzzy Hash: 29d8a5e556afc6406eb64bb2b82b5ad7ec03f81aef3c75704d7f55a2de02fc74
Instruction Fuzzy Hash: E0E0DF31A0120CEFCF08DBA4ED427AD77F5EB84200F4040A9E804AB241EE326B45AB50

Function 05A05FBC Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a98e49da7314d1d454f070e6ad2239fc53c1c347deb047b28df3c22c47b49b3c
Instruction ID: 61bba920371faa8ea4fd6f4a0fd0e39d706f0b4708b6ef5edb54105a8a65fa76
Opcode Fuzzy Hash: a98e49da7314d1d454f070e6ad2239fc53c1c347deb047b28df3c22c47b49b3c
Instruction Fuzzy Hash: 2FF0B774A461188FEB94EF14D895A9DB7B6FB48304F1090D9E50EA7385CA34AE858F50

Function 05A1DD80 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a93d9aad987383fa27d16465498fc92c70f12789f200effb59454b695d6a78
Instruction ID: e947ad889d1f42914a3792af609ce3a0d3f6e0cf528c9b3e4b3572ece0fc7a8a
Opcode Fuzzy Hash: 79a93d9aad987383fa27d16465498fc92c70f12789f200effb59454b695d6a78
Instruction Fuzzy Hash: 30E0ED74D05208EFCB84DFA9D541A9CFBF5EB48310F10C0A99C1893340D6369E51DF54

Function 05A15CF8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a93d9aad987383fa27d16465498fc92c70f12789f200effb59454b695d6a78
Instruction ID: 4689c5bb468665104232b600e65d4c3d2772840132fc0540822e882a6967842a
Opcode Fuzzy Hash: 79a93d9aad987383fa27d16465498fc92c70f12789f200effb59454b695d6a78
Instruction Fuzzy Hash: 58E0C974D04208EFCB44DFA8D585A9CBBF5EB88310F20C0A99C1993351D6369A51DF95

Function 05A1BF10 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a93d9aad987383fa27d16465498fc92c70f12789f200effb59454b695d6a78
Instruction ID: 27d97e7f02b8a2c90581adbe04347225f24db82838ffa397174e76ef710def90
Opcode Fuzzy Hash: 79a93d9aad987383fa27d16465498fc92c70f12789f200effb59454b695d6a78
Instruction Fuzzy Hash: 47E0C274E0820CEFCB84DFA8D941AACBBF5EB48310F10C0AA9C18A3350D6369A51DF94

Function 00F709F8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c7c447833f2a331af1cc3cc906a1b7826e83c198c32866c8d37a53a6a06d26
Instruction ID: 97f775e898b42a443a348d8ceef3b86519079e55b9dd221af7732be6d78e9475
Opcode Fuzzy Hash: 89c7c447833f2a331af1cc3cc906a1b7826e83c198c32866c8d37a53a6a06d26
Instruction Fuzzy Hash: 5DE0DF30A0A2899FCB02DBB4ED125DC7FB1DF4230471046EED448EF262DA300F08AB52

Function 0575ACAE Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5997230a5a65872ebe84f60ace603c89a1fda86554f043a369f3d19c7def3e5c
Instruction ID: d77e4da394eb60ea8031e1e8c973fad417fe0097a55817caa06d0272044ac991
Opcode Fuzzy Hash: 5997230a5a65872ebe84f60ace603c89a1fda86554f043a369f3d19c7def3e5c
Instruction Fuzzy Hash: 74F0DAB4915228CFDB20DF20D848BE9BBB5BB45315F1055E9E94DA3241CBB45E80DF26

Function 04EAC458 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8db301fa7573084f280e134a19e73195b49aead18b812424728620385b44005d
Instruction ID: 92f7397aa2df9a49c6ee9c345248f82fdcbade5f70a0f9b834f5aed0036f6dcb
Opcode Fuzzy Hash: 8db301fa7573084f280e134a19e73195b49aead18b812424728620385b44005d
Instruction Fuzzy Hash: FBE0C275595004ABD704CB94DC42FF9B7ACDB01329F24629CA80957381D63BAD42C7E4

Function 0573DE40 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cc5e554189a80dd3f1a0ff0dd745f14a2647d55093199db8edd1650ba8dc9e
Instruction ID: c7a5e2ad1f7a2586f92f00a91d880e4592a9c519244755569ff8c4f062cf7a97
Opcode Fuzzy Hash: 30cc5e554189a80dd3f1a0ff0dd745f14a2647d55093199db8edd1650ba8dc9e
Instruction Fuzzy Hash: DDE0C23268A104ABC754CAE5C943BE8B7ECDB17335F28809C980A53382C773DE46E741

Function 0562BD28 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fac580ddd153bafea29527ff0217cf902d744d01867a41cc503e7f8537624a5
Instruction ID: 25bd405542b41baaad4a8d2dace087ffcfcc6d2c37282a3020518a23adc70f29
Opcode Fuzzy Hash: 0fac580ddd153bafea29527ff0217cf902d744d01867a41cc503e7f8537624a5
Instruction Fuzzy Hash: D5E0E574E04208EFCB44DFA8D941AACFBF5FB48310F10C4AA9819A7350D63A9A52DF80

Function 0562BE60 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fac580ddd153bafea29527ff0217cf902d744d01867a41cc503e7f8537624a5
Instruction ID: 424765af29c85cd85f90b856932d0d6857082934cf8110c72e6bd1adf3433e54
Opcode Fuzzy Hash: 0fac580ddd153bafea29527ff0217cf902d744d01867a41cc503e7f8537624a5
Instruction Fuzzy Hash: D7E0C274E04208EFCB84DFA8D941AADBBF5EB48310F10C1AA9858A3351D6769E52DF81

Function 0562AE50 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fac580ddd153bafea29527ff0217cf902d744d01867a41cc503e7f8537624a5
Instruction ID: f9cb60f5f7b5ce85db5c87c19af433507c8e1706fbd494e3b518b149e15b89ba
Opcode Fuzzy Hash: 0fac580ddd153bafea29527ff0217cf902d744d01867a41cc503e7f8537624a5
Instruction Fuzzy Hash: A5E0C974D04208EFCB44DFA8D941A9DFBF5EB48310F10C0AA985893341D6769E52DF41

Function 05626A90 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fac580ddd153bafea29527ff0217cf902d744d01867a41cc503e7f8537624a5
Instruction ID: 0890c8f171db8175a364a9158df66043fd9f9bc53d3ece6e7a4eb24ccb04d4be
Opcode Fuzzy Hash: 0fac580ddd153bafea29527ff0217cf902d744d01867a41cc503e7f8537624a5
Instruction Fuzzy Hash: 93E0ED74D04208EFCB44DFA8D541AACFBF5EB48310F20C0AA9C1893340DA369E51DF41

Function 00F7B452 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb74337611542fc2a3dabb7ddd1e032469edc14d3635707aeb38057f11ce3322
Instruction ID: 4de1490ac2e60ba2b99ed2400d26136ffeb0adae8bdbf2374335dd63479a79c7
Opcode Fuzzy Hash: cb74337611542fc2a3dabb7ddd1e032469edc14d3635707aeb38057f11ce3322
Instruction Fuzzy Hash: D4E0484450E7C11FD71A86344CBB928BF206A82210B8E89CFD5C59F8A7D659081AA352

Function 0575F7A8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f568f99d2e457532a5a7628d556d22b827642a82ab0867e849e578e53a5e24a
Instruction ID: 7e21298d653add472a5ac9a0bfc6e017338f2a70fa90af10a8da81deb8743027
Opcode Fuzzy Hash: 6f568f99d2e457532a5a7628d556d22b827642a82ab0867e849e578e53a5e24a
Instruction Fuzzy Hash: 02E0E574E04208EFCB84DFA8D941AACBBF4EB48320F10C4AAD80893340D6769A42DF40

Function 0575EE90 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f568f99d2e457532a5a7628d556d22b827642a82ab0867e849e578e53a5e24a
Instruction ID: 8e4e9a7c0140257e12c4e5a94cf0f05b873ff878373ce3dc90467ee533e4f1f7
Opcode Fuzzy Hash: 6f568f99d2e457532a5a7628d556d22b827642a82ab0867e849e578e53a5e24a
Instruction Fuzzy Hash: 40E0E574E04208EFCB84DFA8D545AACBBF8EB48310F20C1E99C1893340D6769E41DF80

Function 04EA0424 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 320053e66b48b09e782c3b00830b5f961fc1ae1cbd89be04ac766cec378938a2
Instruction ID: 9b70aba01e2477fac6b17f78157b7e1d4848e74979434a0288cda76ed3f9e072
Opcode Fuzzy Hash: 320053e66b48b09e782c3b00830b5f961fc1ae1cbd89be04ac766cec378938a2
Instruction Fuzzy Hash: 9CD05B2171815426D305267D3C51BF71A9B8FC7710F1984BBB245DB29ACC945C4322E9

Function 04EA2780 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c731e44feeb29a65601c1ce69945bcac57fe7534c470cbe7f3d6e0b19c6ce7b
Instruction ID: 5adc149633eacb7cc3d465e83a2b5da3f35f5538ee117b6ddc7cbffbf3f0e1ca
Opcode Fuzzy Hash: 1c731e44feeb29a65601c1ce69945bcac57fe7534c470cbe7f3d6e0b19c6ce7b
Instruction Fuzzy Hash: 3FE0867561C0409FC310D254E9A14A97B62AB9521431584EBE1459BA52C625A913C7D1

Function 0573C4C0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ad5b763a05a0151972773183ae146da4cd8f870cedb09e8ebc0277403fdce8b
Instruction ID: 473f4410394dbce90c316de48323cd904034f21338338a810cce3b0bb8107c9b
Opcode Fuzzy Hash: 4ad5b763a05a0151972773183ae146da4cd8f870cedb09e8ebc0277403fdce8b
Instruction Fuzzy Hash: 07E0E574E04208EFCB94DFA8D945AACBBF8FF48310F20C0A99818A3341D636AE41DF40

Function 0572A530 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af84ef4e5a216e873f13701343dd7a5a0ca5921a6047c9573391c637a4d5d9ba
Instruction ID: 115483165333b184a5a758295f590fd098792e6581c469ab46f37363132fcfb8
Opcode Fuzzy Hash: af84ef4e5a216e873f13701343dd7a5a0ca5921a6047c9573391c637a4d5d9ba
Instruction Fuzzy Hash: 2FE0C274E04208AFCB84DFAAD581AADBBF4EB48310F2080AA981993340D6769A41DB40

Function 0572A828 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af84ef4e5a216e873f13701343dd7a5a0ca5921a6047c9573391c637a4d5d9ba
Instruction ID: e56a42e934c24c4e8a0aa323c2aeec4d579a97e773b792957a4421172a549802
Opcode Fuzzy Hash: af84ef4e5a216e873f13701343dd7a5a0ca5921a6047c9573391c637a4d5d9ba
Instruction Fuzzy Hash: 03E0E574E04208EFCB44DFA8D541AACFBF4EB48310F10C0A9980893340D6769A42DF40

Function 05726350 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af84ef4e5a216e873f13701343dd7a5a0ca5921a6047c9573391c637a4d5d9ba
Instruction ID: 847a544266d36a474640cbc2020dad8aea429511ba27c829582d73c01a586a2a
Opcode Fuzzy Hash: af84ef4e5a216e873f13701343dd7a5a0ca5921a6047c9573391c637a4d5d9ba
Instruction Fuzzy Hash: 08E0E574E04208EFCB84DFA8D581AACBBF5FB49310F10C0AE981893341DA369A41DF40

Function 05729AE0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af84ef4e5a216e873f13701343dd7a5a0ca5921a6047c9573391c637a4d5d9ba
Instruction ID: 4ab9370130e6721e8f6264590dbb5c412e09236c9a3f034aa35e3f5bf85cd862
Opcode Fuzzy Hash: af84ef4e5a216e873f13701343dd7a5a0ca5921a6047c9573391c637a4d5d9ba
Instruction Fuzzy Hash: 01E0E574E04208EFCB84DFA8D581AACBBF4EB48310F14C0AA981893340D6369E81DF40

Function 0572A2E9 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a44d24e9456e5caa78d7625797caaea20ae886cefef83b7ddd4bee4177850dd
Instruction ID: 1de9b12d2aacb0a3c2a9676db881357eb1b50ead3dbd51e35e4ef8eb96d82132
Opcode Fuzzy Hash: 7a44d24e9456e5caa78d7625797caaea20ae886cefef83b7ddd4bee4177850dd
Instruction Fuzzy Hash: A6F0F2B4912258CFEB54EF69D944B9DBBF2FB49300F5440A9E109A7284D7346EC1DF00

Function 05622C68 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 675f9cc992b635166ad5c7427832c113c164b9eba68127e22c1bd1266b953597
Instruction ID: 4689d19df3bb6d8e38e96f6b99b7e239b920552a9bc0c25f75a0204d82ba9e93
Opcode Fuzzy Hash: 675f9cc992b635166ad5c7427832c113c164b9eba68127e22c1bd1266b953597
Instruction Fuzzy Hash: C7E01A39908108FBCB05DF94D945DADBBB6FB59310F10C19DEC0917350C6729E62EB81

Function 05621F00 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96947db3321bae783db322dfa57ef411bf884720a3f44f22b7630f5f31a5e606
Instruction ID: 9e9e70bf61b4d7e5125a0d258f6087178bab3855de200f3c5c6d642b6b6dae9d
Opcode Fuzzy Hash: 96947db3321bae783db322dfa57ef411bf884720a3f44f22b7630f5f31a5e606
Instruction Fuzzy Hash: B3E0E574D08218AFCB84DFA9D5416ACBBF5EB49310F10C0AA986893341D6369A41DF40

Function 05622EB8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8991803c87dc68930e111fcf74155e0acce8a0de532dd74cfd417a3d381cce3
Instruction ID: 4412544f6341a1b793ce1c9660d003549b55d4c194c4c959276152d1984d5e64
Opcode Fuzzy Hash: d8991803c87dc68930e111fcf74155e0acce8a0de532dd74cfd417a3d381cce3
Instruction Fuzzy Hash: 86E0E574E04208EFCB44DFA8D551AACBBF8EB88310F10C0A99808A3340D636AA82DF40

Function 056290C8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 675f9cc992b635166ad5c7427832c113c164b9eba68127e22c1bd1266b953597
Instruction ID: 4a0b0ebb4985dd92253b50837999456c89dc1d96cd248de7ad8eaede6cbb8bde
Opcode Fuzzy Hash: 675f9cc992b635166ad5c7427832c113c164b9eba68127e22c1bd1266b953597
Instruction Fuzzy Hash: F8E01A3590810CEBCF04DF94D945DADBBB5FB89310F20C09DEC4817350C6329AA2EB81

Function 00F70BA8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592efd88de582f5491964a6dc2775dc019a36a88df026dbe358a4e26c72ef660
Instruction ID: 1373a547c0307efcc737fc7122c29d3243d3dfbad12ff2085d5a8f9dce0d6644
Opcode Fuzzy Hash: 592efd88de582f5491964a6dc2775dc019a36a88df026dbe358a4e26c72ef660
Instruction Fuzzy Hash: 14D02B3120020A23C608B776FC4096E775EEFC1A207009939F4044B254CF71AC4257D0

Function 05757120 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 355d70be04d1ba342e752120b0fc7809df4390ed1f5c2eef265db77540bcb55f
Instruction ID: 2ac9c05af92dc589eaf2cf10ec32b5b4cf70231e78d769f2330fbfe738989dc1
Opcode Fuzzy Hash: 355d70be04d1ba342e752120b0fc7809df4390ed1f5c2eef265db77540bcb55f
Instruction Fuzzy Hash: FBE01A74D0820CEFCB04DF98D5419ACFBB5EB89360F10C0AAEC4953341D6769A51EB80

Function 05751770 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 405a3ed5875d2f42c9c86e3d2d3995a0ce18e9777a47f43ab42af3f771d09522
Instruction ID: 58b870e3ed1066a1ab9d3870795b088a26566d2c62abd75408559930742ad760
Opcode Fuzzy Hash: 405a3ed5875d2f42c9c86e3d2d3995a0ce18e9777a47f43ab42af3f771d09522
Instruction Fuzzy Hash: 8AE08679908108FFC704DFE8D941AADBFB8EB45321F10C099DC4857341C6729E41EB90

Function 04EA2238 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 044ec0f196b977ce8d347fd3924d728775d749e7b9061531b71afd0e750cd850
Instruction ID: 76e20929b8d89588ad07b55471666c3761bfbbd4a5c0c3d78e7accd61dab6177
Opcode Fuzzy Hash: 044ec0f196b977ce8d347fd3924d728775d749e7b9061531b71afd0e750cd850
Instruction Fuzzy Hash: 0EE0867550A2505FD316E750B8518687B60EB8131430984DBD4088B393E6766C53C792

Function 05733ABD Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01a071c479f0ad9f7b3f1154294250949a19d47f16910e633cae78dce21819f
Instruction ID: f8de8b2d3f16bb7e621563f4015c04e677ede99c6cc9dc246e0674794ae3e7d4
Opcode Fuzzy Hash: f01a071c479f0ad9f7b3f1154294250949a19d47f16910e633cae78dce21819f
Instruction Fuzzy Hash: 8AE0C27B7041A49BCF08DF2CE8564EEFFA1EF8922175481A6F996C3201CB31595AE7C1

Function 04E30EDC Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55daddd92a1dd768d83ca3af18dca75a84257023baf717e891c8c801a20f09c1
Instruction ID: 165cf9f991f7c6aaaf22143a3a9ec5c6fae05582fe9b609052fe0f2bbffa8511
Opcode Fuzzy Hash: 55daddd92a1dd768d83ca3af18dca75a84257023baf717e891c8c801a20f09c1
Instruction Fuzzy Hash: B0E0176665E3C08FD3038B6898285043F74AE2B91030B00EFD2C9CFAB3D124AD08C762

Function 057288A3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f80588f2a995943c7e058d1d9de6551546cfdfde39dd81c67f332c346c33fe4
Instruction ID: 07a2423d4b211edac464cdd16303b1cdba441fce08e3cf00975ec152b1fdd5f8
Opcode Fuzzy Hash: 6f80588f2a995943c7e058d1d9de6551546cfdfde39dd81c67f332c346c33fe4
Instruction Fuzzy Hash: 81F01270501358CFDB00DF98D489BBE7BF1FB46315F51116AF005AB296CB359884DB06

Function 05A18900 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 802ac996ca910643a1a265eb21934672ad90e2a14c47662d6331faf1c62a9abd
Instruction ID: 5d2ba6401b371f432d542396d9b53527843abf2c225fcb919646ab932fa494fb
Opcode Fuzzy Hash: 802ac996ca910643a1a265eb21934672ad90e2a14c47662d6331faf1c62a9abd
Instruction Fuzzy Hash: 3EE01A34D08108EBCB04DFA8D541AACBBF4EB48210F1080A99C5953341C63A9E41DB45

Function 05A1A218 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec7b910a92d8bf4087af41b7c18f21ab0dd88a1ff1fb363e63a98ce21919898c
Instruction ID: 04c1abf9a2eee0ecc4fde252a9d5da673443838aa2fe5ba25655a2bb9155154f
Opcode Fuzzy Hash: ec7b910a92d8bf4087af41b7c18f21ab0dd88a1ff1fb363e63a98ce21919898c
Instruction Fuzzy Hash: 70E04634909208EBCB04DFA4D945DACBBB9EF5A310F2080A99C0827350C6329E92DB88

Function 00F7E4E0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dbc27f6f34f454ff86414688ec7a3d7a8e8e6b3ce4e2c4107af7a734e4556bf
Instruction ID: 872fcf754401ea533461edfbc1f4683b2cce7ce61e55a9458e7bc8538dbe384a
Opcode Fuzzy Hash: 2dbc27f6f34f454ff86414688ec7a3d7a8e8e6b3ce4e2c4107af7a734e4556bf
Instruction Fuzzy Hash: EAE08C36200108AFCB01CF84DC00DFA7726FB88220B14C24AF86942290CA728823AB81

Function 00F7F751 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e432f2b750931b3fbbc8b8b7540ff88ab77df9e1a4a773ae97c688e666372ffa
Instruction ID: f461b8978751d8e159279dbad243bc65470abc35015d504bf1f758f2eb5abb01
Opcode Fuzzy Hash: e432f2b750931b3fbbc8b8b7540ff88ab77df9e1a4a773ae97c688e666372ffa
Instruction Fuzzy Hash: E9E0C2868083908FC3562235282A0EA3F448BE650432E89EFD0948B487E8180D039392

Function 05756F48 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f5ea7cc543737ff36946611a62404a8e8ac7e749822ff0458d6cec4ccad63c1
Instruction ID: e757963cbeaaaf39535e249c730ca21f221320ebe32932bb934736099892b352
Opcode Fuzzy Hash: 2f5ea7cc543737ff36946611a62404a8e8ac7e749822ff0458d6cec4ccad63c1
Instruction Fuzzy Hash: 0EE012B4D14208EFCB44EFA8C484A98BBF8EB08711F6040E8E809933A0E6719A80DB40

Function 04EA0858 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 829a697d95ef06844770bd89154e7930afbaacacb8d6d22258bfc219a4399cfb
Instruction ID: 10b8ae5a70c29635cf1447565fd3ee366bddd27bd5c8e7107796d0328fba1700
Opcode Fuzzy Hash: 829a697d95ef06844770bd89154e7930afbaacacb8d6d22258bfc219a4399cfb
Instruction Fuzzy Hash: C5D0A751B0021512D344357D3D907BB50579BC1730F18C63AB221EB2DECC988C822595

Function 0573C818 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8059cd628bd64281291d5ceb12330d5f6265ce918334c5618ac81dd9fda8ca6a
Instruction ID: d0cd10ddf127b2ebf0e54601505aa9364669b8fea0b983033901473d3f295e50
Opcode Fuzzy Hash: 8059cd628bd64281291d5ceb12330d5f6265ce918334c5618ac81dd9fda8ca6a
Instruction Fuzzy Hash: 13E01A34D09108EBCB05DF98D5415ACBBB8EF48310F2080A9984863342C6369E42DB40

Function 04E32F48 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ab3cd4146fbca38ccba31b85b5abce613b41c89927300362d763b2817065626
Instruction ID: 5b15ab90e37a46d2f53751dfee367b81f5fee469b4a7280bca29ae94cda41e9b
Opcode Fuzzy Hash: 4ab3cd4146fbca38ccba31b85b5abce613b41c89927300362d763b2817065626
Instruction Fuzzy Hash: B1E0EE2951E3C4AFC7034B6488288083F70AE1323030A82C7E5A5CF0F3C2398968D726

Function 0572A700 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45f8a0664ff86128a45de557136940c6577fc6b35da6b07e8abc0f90a621479d
Instruction ID: 33a65d8c811fbb565c25cad25c215edd7b193b7b3c7201bd61248c3c00740038
Opcode Fuzzy Hash: 45f8a0664ff86128a45de557136940c6577fc6b35da6b07e8abc0f90a621479d
Instruction Fuzzy Hash: B7E08C34908208EFCB04DFA4D981DACBBB6EB45310F20D0A9DC0923341C6729E92EB94

Function 05728FF0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59bfb16ac844fb22179c6855c0e478cbfaa844935d3eade7c69ebb4f93b5fc87
Instruction ID: 1e45c87ef2b3d3d3324a08c92daa33088c0f927a3a2ed93a8dfe648b7b82c9e7
Opcode Fuzzy Hash: 59bfb16ac844fb22179c6855c0e478cbfaa844935d3eade7c69ebb4f93b5fc87
Instruction Fuzzy Hash: 82E08C3090421CEFCB80EFA8C981AACBBF4EB08310F2480ADD90CD3341E6329E81DB41

Function 05622FE8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1cc28ccbe76a5fc8066f20caac717cae02fc0ca6675fb4c9d69f430397a6a8
Instruction ID: 569fe56c98e6af3426e05929a1e48c4e55112869fe9d587441e7a06977ded85b
Opcode Fuzzy Hash: ac1cc28ccbe76a5fc8066f20caac717cae02fc0ca6675fb4c9d69f430397a6a8
Instruction Fuzzy Hash: 0DE08C34A08208EBCB04DF94D9459ACFFB9EB49310F20C0ADDC0823340D7369E92DB91

Function 056229E0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1cc28ccbe76a5fc8066f20caac717cae02fc0ca6675fb4c9d69f430397a6a8
Instruction ID: 471f1334abf5cab37555ab4711ccadcc8aa748cb8019f658829d38299401baa1
Opcode Fuzzy Hash: ac1cc28ccbe76a5fc8066f20caac717cae02fc0ca6675fb4c9d69f430397a6a8
Instruction Fuzzy Hash: 4EE08638908108EBCB04DF94D941DADBBB5EB45310F10C199EC0913350C6329E92EB90

Function 05A1B5E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49a042f533f153d71168e40be9512f91f70e498279fd35fe97125e4f9ecf884
Instruction ID: 0aad13d78a179c223e6c6ab6099f0f6079da858143e94e1bdc199c0edb74a28d
Opcode Fuzzy Hash: f49a042f533f153d71168e40be9512f91f70e498279fd35fe97125e4f9ecf884
Instruction Fuzzy Hash: 81E02B7150210CEFC700FFF4C409A9EB7F8DF04310F0004A9880997100FE329E54A7A2

Function 05A1E278 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d44ad5b85ddd9c02c0386471d101c92507b33fffe3b89d0f8906a9922e52b0
Instruction ID: 3f98567bf47c1dbbebda1dc0ac4361d0c01213b1ca2d7ee30ca9ce9bbf522c0d
Opcode Fuzzy Hash: 12d44ad5b85ddd9c02c0386471d101c92507b33fffe3b89d0f8906a9922e52b0
Instruction Fuzzy Hash: 75E0EC34909108EBCB04DF94E955DACBFBAEB46315F20919D9C091B345CA329E42DB95

Function 05A01441 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f78a656e8f24af6e0530ee1b25add949c32513cdfdf0c2c94b57674b48be3df9
Instruction ID: cfd59488d5b6a2d61ce86e9b9a584e5157978f91546f65f3e1803708884ce986
Opcode Fuzzy Hash: f78a656e8f24af6e0530ee1b25add949c32513cdfdf0c2c94b57674b48be3df9
Instruction Fuzzy Hash: DAF01574A011188FDB64DF18C894ADAB7F1EF48300F4090D6E409A7351CB30AE80CF21

Function 00F7742F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bba72290e43433ad6571cadb7515f217c54cf9665271a4eeeb016be9707a0e1b
Instruction ID: 5fcd85cda33c105de9b5e4a5be355bdad90bb19cf213f5d642a4aaf196dea58d
Opcode Fuzzy Hash: bba72290e43433ad6571cadb7515f217c54cf9665271a4eeeb016be9707a0e1b
Instruction Fuzzy Hash: 53E0CD3264D2954FC7220B742C154F93FA14FC661572D82BDD559876E3C42818029790

Function 00F7CF1F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea5088bf2ed4c2710e2eff3c3038d3106386e962f812ecc32bb8af7be74b03d1
Instruction ID: 2a0660b5697daf70003d459869e88f48ee54b5a44fabc6a76073b39bc856953c
Opcode Fuzzy Hash: ea5088bf2ed4c2710e2eff3c3038d3106386e962f812ecc32bb8af7be74b03d1
Instruction Fuzzy Hash: 9BD05B856066904BC38556341C944D55F62D75110038CC5FF9595C7297ED18490B6256

Function 0575E130 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e99584f2c883b96ca543300cbb95efc1d0a5453592ed3d07c3c76cf25d6a7ca5
Instruction ID: de8423aba8eb8cc351998b7bf6dc3a01a4ef68d1ac507af0a54bae977c9d65d6
Opcode Fuzzy Hash: e99584f2c883b96ca543300cbb95efc1d0a5453592ed3d07c3c76cf25d6a7ca5
Instruction Fuzzy Hash: 65E0EC70D15208EFCB40EFA8D546A9DBBF8EB09211F1050A99C0993340E6715A80DB51

Function 0575FC18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef8b8cbdb93139694c522ace818cae533ba34137d8d31a1c2c2704d9dbaab831
Instruction ID: 11ca422f7c04e20f9ce4b6f0c1c30d0f5d1680488435efc83b793948773759bd
Opcode Fuzzy Hash: ef8b8cbdb93139694c522ace818cae533ba34137d8d31a1c2c2704d9dbaab831
Instruction Fuzzy Hash: 5EE0127490920CEBCB04DF94D9419ACBBB9EB45325F2091ADDC0917381CA729E43DB85

Function 04EAF5A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7784c007455569285f012ac922f4dcbe94bd25eabaead0cae1a8499e2a8cb38
Instruction ID: c85cd15ac8eeced11c8af2302bac7d30282d559d9c59186d6b3c25eb6ca3c4cb
Opcode Fuzzy Hash: e7784c007455569285f012ac922f4dcbe94bd25eabaead0cae1a8499e2a8cb38
Instruction Fuzzy Hash: 6EE01275D09108EBCB04DF94D9419ACBBB5EB45315F20919DDC081B345D732BE52DB85

Function 04EA7350 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e2e9f98253169f68be828df83ff79b1e4dbe1d4c6b34ad8fa929c8b5c3551a
Instruction ID: feb98076ccc456e436b3f2027c982b31043b777d8bc8b30eee52f2168aff2af4
Opcode Fuzzy Hash: 41e2e9f98253169f68be828df83ff79b1e4dbe1d4c6b34ad8fa929c8b5c3551a
Instruction Fuzzy Hash: 53E0C271800108EFCB00EFF5D508A9E7BF8EB05312F0010A9D80893100EF369E14EBA1

Function 0573EF90 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6299896d0fb1e87b6b7c1c6be14625bce143f8fe5eb7b03e71af0181d49d058
Instruction ID: 73a06b7ec6be8dace4e87031eafc474620c3cb29787c83a2b086d6192dab5d11
Opcode Fuzzy Hash: a6299896d0fb1e87b6b7c1c6be14625bce143f8fe5eb7b03e71af0181d49d058
Instruction Fuzzy Hash: 0DE0C274908108EBCB04DF94D9429ACBBB9EF85324F20919CDC0817341C6729E42DB80

Function 05732798 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e35eb68e59f84b0a2fc0be2a982c217ed6a9d3b4005061b941119455c07dfb7
Instruction ID: bed977f41c56a44362db9ca8ed27989483889ffb5ee8bfe8ea5742861bf01077
Opcode Fuzzy Hash: 0e35eb68e59f84b0a2fc0be2a982c217ed6a9d3b4005061b941119455c07dfb7
Instruction Fuzzy Hash: 98D02B7350D48487E741D66CE8073D13F92E78B250F08A854D0CE87607D5144407BF90

Function 0573CE30 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7f4f274498438d341d0ec62268f34f4c37fd5e0ea6195dc6e5dcc55fec07ed
Instruction ID: 27281fffb2aa2ba6c650f517debe5c24e20ebd95062f09ec3575ecf313e2daa1
Opcode Fuzzy Hash: 6c7f4f274498438d341d0ec62268f34f4c37fd5e0ea6195dc6e5dcc55fec07ed
Instruction Fuzzy Hash: DDE02B71441108EFC701EFF4C40AA9E77FCEF04220F0004A5840897100FE325E04F791

Function 05729A98 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1caa876be44369499d07b9767b9f885ae42a23541188096a1d67092b6ec25a88
Instruction ID: 1ee07e8e746f7cf03ee4bdb4c11e3a335bafe99265a3158ba28df10d1ca4fff0
Opcode Fuzzy Hash: 1caa876be44369499d07b9767b9f885ae42a23541188096a1d67092b6ec25a88
Instruction Fuzzy Hash: EBE0C772801208EBCB00EBF4C909AAE7BF8EB08210F1004A9880A93100EE329E44E792

Function 05627530 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2be038442b4b79a7bdebda7712b4d5a1386809c617cbbc13369c9ee2ef40cd49
Instruction ID: 24b1e4f6441aa1749b2a20c93d7e9724879bda556caf8f10eec9f89f0ebf5f0e
Opcode Fuzzy Hash: 2be038442b4b79a7bdebda7712b4d5a1386809c617cbbc13369c9ee2ef40cd49
Instruction Fuzzy Hash: 8AE04EB4A001199FDB50CF58C981BAEBBB5FB48304F108694A949E7205DB30AA869F80

Function 056228C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198db3a148ecf03477d7270d22d0b7774ee7487aa70fd4a1e7546ad9c430520b
Instruction ID: b68c0a33556c726b7d623ef5a1d644ec89b986b19cb434c971ec5eb087bd422a
Opcode Fuzzy Hash: 198db3a148ecf03477d7270d22d0b7774ee7487aa70fd4a1e7546ad9c430520b
Instruction Fuzzy Hash: A6E0C238908108EBCB04DFE4D9419ACBBB4EB45310F20809DD80823340C7369E8ACB80

Function 00F7E8C1 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2fc0761ac6483558c09a85e600d73fe986ffb54793ff0e5b8f875a29592e7e6
Instruction ID: 9dee89143b95a8e4480ec2fc48895e9850d0d07c49becf97767fd5ab7a4c8bbc
Opcode Fuzzy Hash: a2fc0761ac6483558c09a85e600d73fe986ffb54793ff0e5b8f875a29592e7e6
Instruction Fuzzy Hash: 7AE02BF750C3805FDB41DB40EC808A5FB71FBE5300714888EE45043312D6618D03D741

Function 0572B3D0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca45331070002be34fcc163a959a2c0a247d8759b541f84c8dfcea4d49bd7a2a
Instruction ID: d5bf8289d5553c342ddda9b9dabbe013badbaa9f2c3b76c8a595abf56fed9ac2
Opcode Fuzzy Hash: ca45331070002be34fcc163a959a2c0a247d8759b541f84c8dfcea4d49bd7a2a
Instruction Fuzzy Hash: BCE01270A0120CEFCF08DFB5ED41A6D7BF9EB88204F5085D9E4049B241EE315F04A791

Function 00F7E4F0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10b978a203dd74a01f4924c0c6be216be6abed0c65836411231a4f34ec2295d8
Instruction ID: 37fd6a4153a512db0c7243229672cb55fdb3d2aae6cca10a2ed48d4c87c6151b
Opcode Fuzzy Hash: 10b978a203dd74a01f4924c0c6be216be6abed0c65836411231a4f34ec2295d8
Instruction Fuzzy Hash: 9CD01736200118BF8B01DE84DC00CAA7B6AEB88220B04C05AFD1547211CAB3EC22EB90

Function 00F7E4EF Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e409b93e034e514ff40f993416d75ba5a237b4103922ceeca9fb0465bb69694c
Instruction ID: ee4b8195ef048ea114f0a32bea8fcb4c6674388007df4104d8c810b35f150093
Opcode Fuzzy Hash: e409b93e034e514ff40f993416d75ba5a237b4103922ceeca9fb0465bb69694c
Instruction Fuzzy Hash: 48D01736201118BF8B01DF84E840CAA7B2AEB88220B04C05AFD1947211CAB3DD22EB90

Function 04EAC468 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3f3e7185aa61c823e80e7987c3ad1cdfa61f78ce76a1e0a700cc592ea76bf09
Instruction ID: 04a13e0169fe4d015bef928f00bcb8a2a0b98c39c67b01995f78bcb19d55dfc8
Opcode Fuzzy Hash: a3f3e7185aa61c823e80e7987c3ad1cdfa61f78ce76a1e0a700cc592ea76bf09
Instruction Fuzzy Hash: 44D0A730509108EBC704CB94D941EB9B7BCDB46318F20A09CD80D4B345DA33BD51D794

Function 0573DE50 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 480e88224c4796741e14e404039a9d57ea9879707cb20f721679e7566ee708f7
Instruction ID: e8f36494e17557c48cde8344cd38fa590f350d2c7dff321d3c046a3075943ced
Opcode Fuzzy Hash: 480e88224c4796741e14e404039a9d57ea9879707cb20f721679e7566ee708f7
Instruction Fuzzy Hash: 42D0A730549108EBC714CBD4D942E68BBBCEB56324F10909C980D53382CB33AD41D740

Function 0573D280 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 480e88224c4796741e14e404039a9d57ea9879707cb20f721679e7566ee708f7
Instruction ID: 0c56a19bb96691b1a219d738f701b82c12a8d258d71aad62e0d27ceca696787d
Opcode Fuzzy Hash: 480e88224c4796741e14e404039a9d57ea9879707cb20f721679e7566ee708f7
Instruction Fuzzy Hash: B0D05E34509108EBC714CA94D942EA8B7ADEB46324F14909C980D57342CB33DD52D741

Function 0572AF80 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4e7d38893e2683d54b47627ae34c7d4ac6f8ad4811360aa14dd8a8ed9b532f
Instruction ID: c6c5802f1b71553fda412a77acd76d92764400048e7ae8fa85d42431af2a6efc
Opcode Fuzzy Hash: fc4e7d38893e2683d54b47627ae34c7d4ac6f8ad4811360aa14dd8a8ed9b532f
Instruction Fuzzy Hash: 5EE0EC71A01208EFCB04DFA4E94169D7BF5EB48214F504599A808E7201EA316F44A791

Function 05728B3B Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e802b98b61c41aeb4d8e4ead8bbc2d066d74fd5cb4e987130ecd0d401a105977
Instruction ID: 1f1e8425301fb05e01e4214705a165ad373acaad055150ef97ac4acd45e6234d
Opcode Fuzzy Hash: e802b98b61c41aeb4d8e4ead8bbc2d066d74fd5cb4e987130ecd0d401a105977
Instruction Fuzzy Hash: 3DE0E578A023248FCB64EF18D85A79EBBB1FF86301F0040A9E00AA7355CB705A819F46

Function 00F70A08 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1245bedf90879f5d47dee8751bd06eef3b8a9f885874dea322683b3b7688c490
Instruction ID: 90c776c6d3243e217e2f6b65d8b1e1ff440a3aa71f7ad8f53a97251770ede072
Opcode Fuzzy Hash: 1245bedf90879f5d47dee8751bd06eef3b8a9f885874dea322683b3b7688c490
Instruction Fuzzy Hash: A6D0127090110DEFCB00DFA4ED4159D77F5EB44304B1045A89508E7211DA315F04AB91

Function 04EA0EF8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dedd6581c0d396c0080dad9ae2600b021dcfa5f9f34ca3394c4347df524e4d26
Instruction ID: a4989f592326ab3abfeef2de73abbac3c7ca5a922daa4b48e80b09281c942ab6
Opcode Fuzzy Hash: dedd6581c0d396c0080dad9ae2600b021dcfa5f9f34ca3394c4347df524e4d26
Instruction Fuzzy Hash: 73D013FD6158105FD205DA44D9908B5F365D7D4710315C46FDC1547314DA73ED13CB54

Function 057285B4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a48f590a2e73381d93e808c820715c5290373231341edec9c9d02c79c50e0e
Instruction ID: e0f6d63be771fa4bd6f9fe946f287da4ed500d6f9638fa9f129c3f6cbaddb3f2
Opcode Fuzzy Hash: e1a48f590a2e73381d93e808c820715c5290373231341edec9c9d02c79c50e0e
Instruction Fuzzy Hash: 5BE0E5709101298BC728EF24D8867EDBBB1FB48310F4040EAE00AA7645DF345E84EF90

Function 0572877D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe972ff3426e868a00b771e14df24819a4108fb0cec95d8a3a5e28ba7cf24677
Instruction ID: 6dcc188c2a8ee0b80e1f717cb65a57e8aba09499d26f939e9e223f6b5b3124aa
Opcode Fuzzy Hash: fe972ff3426e868a00b771e14df24819a4108fb0cec95d8a3a5e28ba7cf24677
Instruction Fuzzy Hash: 11E01A74A015288BD718EF24DC55BDDBBB1FB4A300F4041DAE60A67380CA345E84DF90

Function 05728727 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dd9e6d4efd94d20efb7c8af1283328f591686c620ed26046fe0ede2f784f102
Instruction ID: 8c9f36327f6d4eacf665fcc4565d19b48e44e5a0331f12086621d32aa6e2e9d8
Opcode Fuzzy Hash: 2dd9e6d4efd94d20efb7c8af1283328f591686c620ed26046fe0ede2f784f102
Instruction Fuzzy Hash: 80E012749411198FC72CEF14D9457ED77B5EB48310F0040A9D50A67784DF341E84EF00

Function 057286D1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be21f9cf59a15502cbbcb3bc03153b929ed284da1bc79ec4bffcb5654c942fb
Instruction ID: 9fc0255e7193567c1c66dd8f75dea3487676965e98d5b6eaab3902352951adbd
Opcode Fuzzy Hash: 3be21f9cf59a15502cbbcb3bc03153b929ed284da1bc79ec4bffcb5654c942fb
Instruction Fuzzy Hash: F2E0E5709111248BD754EF18DD99BAD7BF2FB89310F0001A9A00AA7290CB745E84DF41

Function 057289E5 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54a9025f636fd6a0626f13648e2af54ae0a2b023fc6756f77307ff45e14eb84d
Instruction ID: f4b79738f0b2ad52cb62a9e5afd708fd96d6d7932c12f980734bdb10d0c34147
Opcode Fuzzy Hash: 54a9025f636fd6a0626f13648e2af54ae0a2b023fc6756f77307ff45e14eb84d
Instruction Fuzzy Hash: 5CE01A70A10224CFEB24EF29E845B9D7B72FB48305F104099E00EA3242DB345E849F14

Function 00F7D260 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e0172a743b0d698f7661da236451332ba5fcd8652a4b9b6a7e890e8f5ffab04
Instruction ID: f2f31f4589346e4649366f7aa55174a21c34adef47a7cba299ac6a4cc7b3bdb3
Opcode Fuzzy Hash: 5e0172a743b0d698f7661da236451332ba5fcd8652a4b9b6a7e890e8f5ffab04
Instruction Fuzzy Hash: 43D05E3414D2915FC702EB30CCA64447F70EE4728430900CAD885CF1A7C714A51ADB92

Function 00F77440 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1174eee850505426a8a4310f4cdff292961f56ecbbecbc3844a4c5b82de927c
Instruction ID: 563c1f6c4f9ca34f55a06a6ee12ea0ff22e1ccef30d019a40548b9e42ddab4f8
Opcode Fuzzy Hash: e1174eee850505426a8a4310f4cdff292961f56ecbbecbc3844a4c5b82de927c
Instruction Fuzzy Hash: BCD01232B0162887472427AD6C0509576DA9FCAA263148275E91DC73E5D935AC0257D0

Function 05725FEF Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e045d8403089a140caaa296c2492a0f5112a767b9279a8d9c166dc1a26d7d3d1
Instruction ID: e20a8d11bd58e03175c47a44a651667a9cb9074840495bd995269b584d49e32d
Opcode Fuzzy Hash: e045d8403089a140caaa296c2492a0f5112a767b9279a8d9c166dc1a26d7d3d1
Instruction Fuzzy Hash: B6E0B6B4A02618CFEB50EF24EC45F9E7BB2FB4A301F009196E80DA7344DB3459949F55

Function 00F70839 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 851fb64830d8fb859fea026ea6dacdbb06fae3f66a4516928cc9eda30c4df771
Instruction ID: c980c8124892407fdf1cbb358806001d16f7dc6be6cad508afe78f4bfd2bccc3
Opcode Fuzzy Hash: 851fb64830d8fb859fea026ea6dacdbb06fae3f66a4516928cc9eda30c4df771
Instruction Fuzzy Hash: C8D023315493C8BFE71103F02C2576D7F219741300F18C09DE2429B5D3C7F141055700

Function 00F7D038 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a60d2cefb7ca5e95de5323c8e84cebfcbc6d1cbfec647abcc97ae1f4d4fb147
Instruction ID: 990eed4715cd4f4164c88b10b69fc68b65e8076c15ac67e6e5dfb61bed22536c
Opcode Fuzzy Hash: 0a60d2cefb7ca5e95de5323c8e84cebfcbc6d1cbfec647abcc97ae1f4d4fb147
Instruction Fuzzy Hash: DBD01200A4D3C81ED30652341CB673C3F211B82534F0A86DBD5B9AF1FBD91D5A4A5366

Function 00F7A298 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95a726e872418600a7eafb6d984fe8e6aae084e83fbbb690d3e75f18a9effccc
Instruction ID: 16c0f16e75db75a12f6e563e30b897c566b07a4c76d6471799e31aa41dfe6f66
Opcode Fuzzy Hash: 95a726e872418600a7eafb6d984fe8e6aae084e83fbbb690d3e75f18a9effccc
Instruction Fuzzy Hash: 2DC080D1FCD3481FE79581362CB27B51A4147D9B40F04817AD35EDE9C3DC590C0A2305

Function 00F7BD99 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a068b112de55e71ed2ddbbd3377a62b7de5599ae4d3fc9c5e5584982a3a2df2
Instruction ID: 230421bac9a10d3570090993cc6772644ce51e553909832549486ff04a5b2ffd
Opcode Fuzzy Hash: 3a068b112de55e71ed2ddbbd3377a62b7de5599ae4d3fc9c5e5584982a3a2df2
Instruction Fuzzy Hash: 03D0C92058E2C85FCB0283B82C794A97F35999319435A85DFE4C6DB5A3C26549078752

Function 00F7AE9A Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42835e2a99ee562106f6701eccedbccdf793099f2f65627976b2a66d3f89181b
Instruction ID: 82130970fee597434a011caa441e3a1dc0a56e36a14ccfa4ada74c35cc2fea59
Opcode Fuzzy Hash: 42835e2a99ee562106f6701eccedbccdf793099f2f65627976b2a66d3f89181b
Instruction Fuzzy Hash: C2D0A92010D3C41FC71302204D6025A3F298B83010F9A44DBE082EB6A3C028180283A2

Function 04EA2752 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc1222cc2d2f22be2ab9187d79f76bd4a6731d437561511ceb210b98448aa054
Instruction ID: ed01dc1ccdb7e60d10219bd5e15761565fedc6db69a6780f377b6c6d9e4dceb2
Opcode Fuzzy Hash: bc1222cc2d2f22be2ab9187d79f76bd4a6731d437561511ceb210b98448aa054
Instruction Fuzzy Hash: 9CD012B56041109FD344DBA4E481CF1F7A2EBD8720715C49EE91547318EAF6AC53D690

Function 05734C40 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90765132b73a5cbd00e6b51cea4abc1d53b703aaf274a9138d0f1408fabc447d
Instruction ID: 00a02fed7a1f9c2d3b186833e317bb13c82494bd685055702f07db2bf154f37e
Opcode Fuzzy Hash: 90765132b73a5cbd00e6b51cea4abc1d53b703aaf274a9138d0f1408fabc447d
Instruction Fuzzy Hash: B1D0127708021DAFC7808B64DD46FD277B9EB07330FA5C051F9098B732CA61E812EA44

Function 05725AB8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82ca93f9c1dc15c27a3a1c1fdfcfe2f78872b1349b034348f484104aa12b51c1
Instruction ID: 72a2bb3e9d1939f02691c824c660cfddedf24d1739cedb0987563e06cb747537
Opcode Fuzzy Hash: 82ca93f9c1dc15c27a3a1c1fdfcfe2f78872b1349b034348f484104aa12b51c1
Instruction Fuzzy Hash: F8D012B67014004BE784D624DC53B50B3A1D7C5904F25C4EDA408C7386EA35ED0BC601

Function 00F7EBE1 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a74040507acc50c1a6d019376750578def78824ae18683ebaa56381ac470f4c
Instruction ID: b4d2595724b2174417a227a63f2b48a84de5f10c063655233e7ed01d8418fe2d
Opcode Fuzzy Hash: 8a74040507acc50c1a6d019376750578def78824ae18683ebaa56381ac470f4c
Instruction Fuzzy Hash: 37C01235640504CFCA40CA54C8D45D4B7D0EB89205720819ED40AC7209D721E94BE745

Function 00F7FF89 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 422873526cec7f821eeb5c4d5e0ffdc40758889a71bbe221d70b8395484281aa
Instruction ID: 552d99f7113792f14c17dcc7eaca3d94b77f0f7ba9396486207d80ce05acbfd8
Opcode Fuzzy Hash: 422873526cec7f821eeb5c4d5e0ffdc40758889a71bbe221d70b8395484281aa
Instruction Fuzzy Hash: 3BC012385004059FC340CA14C499994B3E1EB8920472485BEC409CF219DB35D60BA705

Function 04EA718A Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a129ec1f1934000a813b4a9dcdb7f88e507adfba9602ad73217afe922e9a4361
Instruction ID: 18f221faf0e33e8231c60fcbceed33f5d2805a01ae4a3ae022ff795e5f32479b
Opcode Fuzzy Hash: a129ec1f1934000a813b4a9dcdb7f88e507adfba9602ad73217afe922e9a4361
Instruction Fuzzy Hash: DAC0803210560443D514B3E4994FBB5B5A88B1032DF402104E84C11041FE75B450D17B

Function 04E30154 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b4786db2a39a775d82845e80d23818382506f91584cc748f7402b67059b2509
Instruction ID: 34a1edb4e02e4da7843842cf4e4c4b207c5985b7c51e36e34883db1a9dbe47f3
Opcode Fuzzy Hash: 6b4786db2a39a775d82845e80d23818382506f91584cc748f7402b67059b2509
Instruction Fuzzy Hash: 43D0EA86A5E3D48FC75343642CBA5923F315CA320438E44CBC8C5CF2A7E0584A1A97A7

Function 00F7DCE8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bd5d5a318501ae4d2df76e516cf7215a858b72a0a895061f8342bdd332240fb
Instruction ID: 4aebc7bb2bea0c91a5ad691e074c48c17dc759b9bcf5cb4f50b1bee652fd549b
Opcode Fuzzy Hash: 2bd5d5a318501ae4d2df76e516cf7215a858b72a0a895061f8342bdd332240fb
Instruction Fuzzy Hash: CFC012546C92C50FD33252941D5645C3B0709921747094B87A46D6F5D7DD2849170256

Function 00F7FF30 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c5bffe8611cb016784c22eb9468d16a799ee39e97800959bf6b7041ff511c78
Instruction ID: a03069034495a6fd548a7caef50508331a7ddb257253844729892704f54171c4
Opcode Fuzzy Hash: 5c5bffe8611cb016784c22eb9468d16a799ee39e97800959bf6b7041ff511c78
Instruction Fuzzy Hash: C2C04C9269420411E65511A52D927BA23034792730E149B66E22E1D5C6DD550447340B

Function 05739A4F Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d108e85efa8c8fe922676bd8c2fa781aee4580ffa3753b9e1d9bce9687d989f
Instruction ID: 7ec803da22f049135f7d2008ac8546bc8d5caecb2ad976dc84e7ec02a68bc4b1
Opcode Fuzzy Hash: 0d108e85efa8c8fe922676bd8c2fa781aee4580ffa3753b9e1d9bce9687d989f
Instruction Fuzzy Hash: A6D0C93614A2409FC345CB94C951995BBB2ABA6214B98C48AD5498B353CA33D807DB59

Function 00F7EA78 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e1d0ade85ef7d10021cd53ed9d063d7fd547776d28d82bac48ace48479977c8
Instruction ID: 0c501ce9b574c7dff9f23dd955a695453ffad07ef0bdabe88c3b41d02a9dc3f4
Opcode Fuzzy Hash: 2e1d0ade85ef7d10021cd53ed9d063d7fd547776d28d82bac48ace48479977c8
Instruction Fuzzy Hash: 84D012A500A1804FD715C610C9928197B10DF4629572484E68800CF196D611DD8AC752

Function 00F7C341 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc9a5e88233cdf90a2a8492bc331885d23d4c0ed24dbadac0e530678886410d
Instruction ID: f6becbf17f9ccb1e617c3e043aca5c44bf7e3e076add0055b7439261362634a0
Opcode Fuzzy Hash: 7fc9a5e88233cdf90a2a8492bc331885d23d4c0ed24dbadac0e530678886410d
Instruction Fuzzy Hash: 5EC0024494D3D11FD70763311D36B252E215B43710F5A84DFD1909B1D7E55905065756

Function 04EA7190 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c9b49f5e6560f81b21f457da35c2bf2d7b7b4bc95ef4f12c43e09e348f85731
Instruction ID: 7b65883eb637e978cc808f52d515dcd52c40a9c58046b5632aa5a574e4397547
Opcode Fuzzy Hash: 9c9b49f5e6560f81b21f457da35c2bf2d7b7b4bc95ef4f12c43e09e348f85731
Instruction Fuzzy Hash: D2C02B3110620482E604B3F4A50EB78B6EC8F2033EF003100E88C010809E79B0A0E17B

Function 05736B58 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab6adc9b73c273ac81e24f7483635e6457f098f9da46f834130789cfdaa10db
Instruction ID: 9cafa4a5c8486acbc2209b5b15938901879c8f6ad296eda02b9da9ada7ad53c3
Opcode Fuzzy Hash: dab6adc9b73c273ac81e24f7483635e6457f098f9da46f834130789cfdaa10db
Instruction Fuzzy Hash: FBD0C9B24096818FC302DB74DA4A9107B706F1636171A84D3E084CF273D2659964CB15

Function 04E39C28 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
Instruction ID: 1559b7bb1d66cdfc4324202593fed40f7269f97be06a62174427e62a94373c76
Opcode Fuzzy Hash: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
Instruction Fuzzy Hash: 8DC00235280208AFD7109A55DC46F457B68AB15B50F554091F7045F6A1C6A2E8109A98

Function 00F70848 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0a920f92877af9e30a7d5958a5e19bdeb30a14cfe20d2ba42ceb0fb8dc35f7f
Instruction ID: f123ce51ab4a70528f867ef6d97b6600d47859df1bc15053d4cd8f3c38b23cab
Opcode Fuzzy Hash: f0a920f92877af9e30a7d5958a5e19bdeb30a14cfe20d2ba42ceb0fb8dc35f7f
Instruction Fuzzy Hash: BAC02B3024030C97E35013E03C1D732770EA3C4700F448018B30A170C0CFF130021640

Function 0575B261 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d80d199fccddd7d3f0f83d82b09ec2f92fbca47054ffbf78a87ea2a69152e2
Instruction ID: c1965ab81e85f34c6b5b47baec3af19ddad48730dbccc0abb12a7b2dab4090a3
Opcode Fuzzy Hash: 99d80d199fccddd7d3f0f83d82b09ec2f92fbca47054ffbf78a87ea2a69152e2
Instruction Fuzzy Hash: 71D0A770811218CFC7A0CF10C840BA97771FB01301F1015D9980A63104CF700E80DF11

Function 05752E58 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ad422e5201136cccb7843d68e4a189dbaeb16e512f944cf2a24f370c57500ee
Instruction ID: f77cef0209b2beeb6ff824f6b69f20fe8d8bc1a6894ad16b3eff7441298d9497
Opcode Fuzzy Hash: 9ad422e5201136cccb7843d68e4a189dbaeb16e512f944cf2a24f370c57500ee
Instruction Fuzzy Hash: 2BD0677891026C8BCB22DB14C994A9EB7B5AB09310F0052D69408A7240C7315A85CF40

Function 04EA2A10 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40d38c9396458ce53df0ada221a3a3758853faef6884e1b896d90efa41fe52f4
Instruction ID: 013f31348c51d23f3ff40666a2a5c0bdf2dedb135826ab2c809f98d4fe6cb084
Opcode Fuzzy Hash: 40d38c9396458ce53df0ada221a3a3758853faef6884e1b896d90efa41fe52f4
Instruction Fuzzy Hash: C7C02B383302406701189399BC1C799360B578003A7442F95B3FE2F7F4C7212D124751

Function 05738D38 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66b61fd529a6f296ec98a3a887b5f290c6a80ccba3b7386c3f097f8de3eae8e5
Instruction ID: f71c0e1b7e64102376296bbea62bf5fa690731fe7691d442a531ce4e7585a668
Opcode Fuzzy Hash: 66b61fd529a6f296ec98a3a887b5f290c6a80ccba3b7386c3f097f8de3eae8e5
Instruction Fuzzy Hash: A5D012324089049FC7018F64DD944A57F239F6535176C80B6EC098B163C6334C27D764

Function 05727155 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81fc93137ab3f12f45f62cb28f9dd72a362c6a4c6349f03282c3de252de7bdcc
Instruction ID: fb8ed942deb777868677551d97e5900683042ee67fddcaccf89958f72e6353d1
Opcode Fuzzy Hash: 81fc93137ab3f12f45f62cb28f9dd72a362c6a4c6349f03282c3de252de7bdcc
Instruction Fuzzy Hash: 03C0123AF000188B8F00EBC8E4408CCB3B0FB89321B408026D220AB308C3302822CF84

Function 00F7D048 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af6300af6fecbb435052cefb84775153fe5881f15bc5847f14465b54530e3213
Instruction ID: 9393a43ee528dbb9ac1493d0e17567ff6826125d42f256ba1e96bc9cd781dc29
Opcode Fuzzy Hash: af6300af6fecbb435052cefb84775153fe5881f15bc5847f14465b54530e3213
Instruction Fuzzy Hash: F6B0121038430C22E10420767C53B32750E43C0B10C00C022F71C2D1CADC97641210F9

Function 00F7D011 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3633b672e7339feda37738ca6963ce9fc1883707ca65e606ae03fcfcda16a82
Instruction ID: 3c217414390a5acbb291d969d89414f4c37787446874fd53db12c69f21bca8ec
Opcode Fuzzy Hash: b3633b672e7339feda37738ca6963ce9fc1883707ca65e606ae03fcfcda16a82
Instruction Fuzzy Hash: F1C08CA48022800BCA01F360CC01018BB708E63230B05C7E6E0398A2D2CF53C80AEA16

Function 00F7A2A8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9091b08a5bd3c20a6a294abe5064e6109059f2f865c9c9593e0144bf5333e48b
Instruction ID: 4ff112989df50f7cb9b160415fc6b41c9e856ba61f4f435604f61ae1428fc457
Opcode Fuzzy Hash: 9091b08a5bd3c20a6a294abe5064e6109059f2f865c9c9593e0144bf5333e48b
Instruction Fuzzy Hash: ACB0121038430C23E10460633C13B32310E47C0B10C048021F30C1D1C6DCAB74022089

Function 00F7A280 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6aef2203434897bd4bd7f476f7d46d46cdbd88b905ceb00977e116b6cb00a01
Instruction ID: 4298650693455d130183dc6a211d6fc5809491ce626fdce41f2d2892d99bb47d
Opcode Fuzzy Hash: a6aef2203434897bd4bd7f476f7d46d46cdbd88b905ceb00977e116b6cb00a01
Instruction Fuzzy Hash: 33C04C75240208CFC304DF58D484C55B7B9FF5C7247158595E9094B332C732FC52CA94

Function 00F72C75 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cd031076b267b413ae4b2736a6031dcc7e7a1dc193fdcfcb952dc193f489b86
Instruction ID: ed37dc0ff27a0c2a4d70fc9bef61cc496128bf242a81378a512a2e161d005037
Opcode Fuzzy Hash: 1cd031076b267b413ae4b2736a6031dcc7e7a1dc193fdcfcb952dc193f489b86
Instruction Fuzzy Hash: 7EC08C3D202508CBCB54FF50F982C987B31FBC030070001E0D408032188BB02A36FF42

Function 00F74E8D Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26530b5b5a07f076d927d28f64f6714ed7bc212cabfb7298394cb9ee1a2c7022
Instruction ID: edd2bf8c8eac81d6336e11a5bf51b4e073d2ee914cd5474fdbf53080dcbcd6bb
Opcode Fuzzy Hash: 26530b5b5a07f076d927d28f64f6714ed7bc212cabfb7298394cb9ee1a2c7022
Instruction Fuzzy Hash: 16B0123734E3040F67042A587C85068B310EAC003A310013FE10AC0180C812440A0100

Function 00F7FF40 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c814313c1164f1e677c53545046ca31591a52be9d70f176cf1362b30d3b2e29
Instruction ID: ab79381a1d088e169bd69fd9c669eb7382949bc72116a9d9aa2e75890578ee9f
Opcode Fuzzy Hash: 3c814313c1164f1e677c53545046ca31591a52be9d70f176cf1362b30d3b2e29
Instruction Fuzzy Hash: F1B0121138830C22E10420733C13B33320F43C0B10C008031F30D1D2C6DC976402108A

Function 00F7FF3F Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86927f57ce2e2dfb8b6efbb5187db630a84423ed1bc456263cdea4bc6fd67c4c
Instruction ID: 2a0efe12f74ad05ab761c0b33ec616734f2ee227771e05b833c9de5c6bc8ecdb
Opcode Fuzzy Hash: 86927f57ce2e2dfb8b6efbb5187db630a84423ed1bc456263cdea4bc6fd67c4c
Instruction Fuzzy Hash: DBB0121138830822E20421723C53772370783C0B10D008031F30D1D2C6DC9744031186

Function 04EA2790 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20e32b1fa692be47bb03a1fb388a024c9c7075f823b2b362b7593319ede29ab0
Instruction ID: eaffcff3fd4f0ac894b505f18d388b15d80b451adb529072b6b91808ba9925a6
Opcode Fuzzy Hash: 20e32b1fa692be47bb03a1fb388a024c9c7075f823b2b362b7593319ede29ab0
Instruction Fuzzy Hash: F3B0127835828CF7032063C2FE7997B3E1FE2D546A350D467F18B67610CA196A134AD5

Function 04EA2A18 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2394e9bb6ff0c3a74c24c0c642a60b2369947f40a25e27393a60d443f0244def
Instruction ID: 9f6be2f2c4af61011962d33962df162ca978ae85596e9d4b4b4757cb29c1b232
Opcode Fuzzy Hash: 2394e9bb6ff0c3a74c24c0c642a60b2369947f40a25e27393a60d443f0244def
Instruction Fuzzy Hash: 6EB0143437414D77050053CDFD14D57771F55D04777445455F10D57514C5115D1145D5

Function 04E32F68 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9360f6c3753071abd6b5a8e86689413885372535260cb3c19a445abdef9116e5
Instruction ID: 740b9759760942d22b17a3cca9430a66c5404184698edbd653c299f37843b55b
Opcode Fuzzy Hash: 9360f6c3753071abd6b5a8e86689413885372535260cb3c19a445abdef9116e5
Instruction Fuzzy Hash: ECC04C39140108EFCB419F55D844C45BBA9FF19770741C051F9494B632C732E960DB50

Function 0562762B Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f896082e70d48cee37820a893f1ae99fa4074ea2bdc6400e88e56140216b911
Instruction ID: c604a59576fc28f8ef652ce0a6cbf313a8ebdb67f5d69a3847de39ef687b9c86
Opcode Fuzzy Hash: 1f896082e70d48cee37820a893f1ae99fa4074ea2bdc6400e88e56140216b911
Instruction Fuzzy Hash: 15D0CA78D10128DBEB20DFB0C885B8DBBB2EB48304F00818A9828A3202C7380A808F11

Function 00F7DCF8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0217b991688cb2789ce4f0f6bce6af8c4740404af8b70f7a59141c0b96e39599
Instruction ID: 1f3ee582afc8fef8e8484a82ccf0f0e85628062d54c905c67ce2a32282b495d0
Opcode Fuzzy Hash: 0217b991688cb2789ce4f0f6bce6af8c4740404af8b70f7a59141c0b96e39599
Instruction Fuzzy Hash: 75B012043841CC17002020856C19811360F05920D56844817B50D1F6054D2298111292

Function 00F7BDA8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 740cfec275ad5b662ad37cd4a14dd8e6e8a830a508af7f3c1a7b1343fe35cca4
Instruction ID: 74cd1d4378e16718167adac360ab93ba0c4c43b448d12a0f992fa6dfeb5f6e7f
Opcode Fuzzy Hash: 740cfec275ad5b662ad37cd4a14dd8e6e8a830a508af7f3c1a7b1343fe35cca4
Instruction Fuzzy Hash: B2B012303C414C97450022E6BC349667E0FC6910D93419407F10BA7323CA319D0307E5

Function 00F7AEA8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 990d04c8243ea6acda24fb75d1fee65668a3bbc90de3ee804d3709e898ee0d25
Instruction ID: 3940ce2a1bff196f67d8d3fc4c7aaee368e2da8e5ac4c4aa1c2c5bf945208170
Opcode Fuzzy Hash: 990d04c8243ea6acda24fb75d1fee65668a3bbc90de3ee804d3709e898ee0d25
Instruction Fuzzy Hash: C5B0123134410C6B09002295AF644AF3E0E86D60657D02416F40A7F321C92159030BE1

Function 05734C50 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 05732780 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 189948d6d5e02d361b18960c870ace758fdddddec90ebec86907ecced8969ca8
Instruction ID: e15f13f26d11233fed351dc55d4924ffbdc94792f4890722a29a99a5d4ca87e6
Opcode Fuzzy Hash: 189948d6d5e02d361b18960c870ace758fdddddec90ebec86907ecced8969ca8
Instruction Fuzzy Hash: 9BB0121338232502CA8057E0DC0339CB331EF03190FC441C4D00187F41CE6FC1418246

Function 04E3EAA8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76255853014eca31e2e2e8ac0bdd67ddfc2ffe8a2e0339b119d6101aa035005c
Instruction ID: 93f3e99bca3043d8ba7cde06d9696bd730a1f2d57a4a44413c75f9c8736ea23a
Opcode Fuzzy Hash: 76255853014eca31e2e2e8ac0bdd67ddfc2ffe8a2e0339b119d6101aa035005c
Instruction Fuzzy Hash: 2BC09239140208EFC700DF5AD949C45BFA8EF1976074580A1FA088B732C732E820DA94

Function 057286A8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1666d3b9f38dc4cedb34dba90fb486367c9c051bbf8fce8150b9340b3d4dd78b
Instruction ID: 8337a514b8f928a0716655230f68a313c912c12d32d8ee96de66553fa996fedc
Opcode Fuzzy Hash: 1666d3b9f38dc4cedb34dba90fb486367c9c051bbf8fce8150b9340b3d4dd78b
Instruction Fuzzy Hash: C2C08CB0649218CBE300EB18D0052BE3636EB4D304F00C019D00B22689CE384800EF45

Function 057289BC Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25b9fe895295f679d7de0e6db7b03b921a99961ab03aca850e43a360b8ae1f5c
Instruction ID: 00256e2e154d70a50e0463254b7d0e1c34b4775530694207ea392ffd715b5905
Opcode Fuzzy Hash: 25b9fe895295f679d7de0e6db7b03b921a99961ab03aca850e43a360b8ae1f5c
Instruction Fuzzy Hash: BAC08CB01061148BE304AF24E04A2AE3A22EBC2314F000009A10B2A188CF388C849645

Function 05738D48 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6314360cced942f2329e07d09a28171e5398bae342b09af0f047196627813801
Instruction ID: d6e1c3e18855b40a899136fd6d3a5637a498399584683e6f7c5b8f98b9503fd9
Opcode Fuzzy Hash: 6314360cced942f2329e07d09a28171e5398bae342b09af0f047196627813801
Instruction Fuzzy Hash: D7B0923200020CAB8600AB94E814859BB6AAB59B10740C02AA609061228B33A822EA94

Function 04E30F00 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
Instruction ID: cfd3c94acb28e12ede7e7a80c62375d018fe088f1f186957f4485c32e65079b3
Opcode Fuzzy Hash: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
Instruction Fuzzy Hash: 6CB092301602088F82009A59E448C0137ACAF08A0434100D0E1088B632C621F8008A51

Function 00F7EB38 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32f8819b6f39e89dde83eb362aeb54ebb09db47722ec68745e3baf3bd38484e7
Instruction ID: 6c291ec64a612e6a847bee7be3dbc0b4dc609364cf030a7d0eba6d1560de8373
Opcode Fuzzy Hash: 32f8819b6f39e89dde83eb362aeb54ebb09db47722ec68745e3baf3bd38484e7
Instruction Fuzzy Hash: B0B012387050008BC348DB04E591810F3A2EBC8304324C0ECA809C7349CF33EC03DA00

Function 00F74B35 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d36058fa366999b5a752558f55e73b87a5dc4f2ee1c0ced0c9235516c55a22ee
Instruction ID: ff24f4dda86310d76075f9cae562699e62f8c10b9422e79f5009708f1ec6c923
Opcode Fuzzy Hash: d36058fa366999b5a752558f55e73b87a5dc4f2ee1c0ced0c9235516c55a22ee
Instruction Fuzzy Hash:

Function 04E33F50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686740464.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4e30000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da8465b5b52f89553a1feed8657c0d042702613ab613e7ffd845002eb051cbd
Instruction ID: 209cbfe3ec99dfff9330dd894a8e0dc6b56432bb1e886c7f9fcf111b34990cf7
Opcode Fuzzy Hash: 7da8465b5b52f89553a1feed8657c0d042702613ab613e7ffd845002eb051cbd
Instruction Fuzzy Hash: D0A00275544112BFCF425B51DD0484EBE65FF94352F018419B18D44035C7354465DB11

Function 00F70D50 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee0ae9022d4d4dcfe676e08db0d2cbfa02fb89372095e653d4bd833af00fb375
Instruction ID: 9309f3ec035a02a9964f68d6874fb0c8f93f3d49b19d08f2a1cbc3673968e5a9
Opcode Fuzzy Hash: ee0ae9022d4d4dcfe676e08db0d2cbfa02fb89372095e653d4bd833af00fb375
Instruction Fuzzy Hash: 12A002B06004068BDE18DB11DB59414FF21FF903013078294900A454A18BA0AC41DE40

Non-executed Functions

Function 0572F2B8 Relevance: 2.8, Strings: 2, Instructions: 331COMMON

Download Yara Rule

Strings

(jq, xrefs: 0572F65C
,jq, xrefs: 0572F3AE

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: (jq$,jq
API String ID: 0-324742079
Opcode ID: 4794aa084edea46246f721b35a6f5fe3f814faf3cee0eb25b4f9538cc0d0a62e
Instruction ID: fb2970b74e7ed03f1ad8b3e5ec92aed51e8f3f6ce488d4663f4ed29dcdd76489
Opcode Fuzzy Hash: 4794aa084edea46246f721b35a6f5fe3f814faf3cee0eb25b4f9538cc0d0a62e
Instruction Fuzzy Hash: 8ED10734A005158FDB14DF69C585EAABBF2FF88310F65C5A9E905AB362CB30EC81DB50

Function 04EA34B0 Relevance: 2.7, Strings: 2, Instructions: 173COMMON

Download Yara Rule

Strings

4'fq, xrefs: 04EA3577
4'fq, xrefs: 04EA35A2

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq
API String ID: 0-751858264
Opcode ID: 47b7fed7796183b9cf0855fefa864526c74e48729a8ea63f738af1bf0dbf5edc
Instruction ID: 706780dec9ee67d3fa1737d61ecf6846649dee354ea73e42023fe7055204db7b
Opcode Fuzzy Hash: 47b7fed7796183b9cf0855fefa864526c74e48729a8ea63f738af1bf0dbf5edc
Instruction Fuzzy Hash: B4712F70A11604CBEB48EF6AE88069EBBF2FFC9301F24D46AD0089B269DF7519558B51

Function 04EA34C0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'fq, xrefs: 04EA3577
4'fq, xrefs: 04EA35A2

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq
API String ID: 0-751858264
Opcode ID: c6d3e3c38e801d73f2cce1685131d3e03396de1c9328ee31146a6540d0a82a4e
Instruction ID: 845150452422bfade85f716213f82da2a298ca843a742fdd9e9aa891d96c97a7
Opcode Fuzzy Hash: c6d3e3c38e801d73f2cce1685131d3e03396de1c9328ee31146a6540d0a82a4e
Instruction Fuzzy Hash: 5C711D70A11604CFEB08EF6BE88069EBBF3FFC9301F24D46AD0089B269DB7519558B51

Function 0573A0F8 Relevance: 1.8, Strings: 1, Instructions: 596COMMON

Download Yara Rule

Strings

(jq, xrefs: 0573A1C8

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: (jq
API String ID: 0-3225323518
Opcode ID: 0b60c3f4927ad6278b16e710ed34f97bb209dc60d3652848666b28bdf5cff23f
Instruction ID: 83b2456f3d952ce5cdf14dd1fd961b1183cc20af200df204cb66472cc2667e2d
Opcode Fuzzy Hash: 0b60c3f4927ad6278b16e710ed34f97bb209dc60d3652848666b28bdf5cff23f
Instruction Fuzzy Hash: 56325A74B006158FCB18DFA9C496A6EFBF2FF88310F14852AD55AD7382DB34A941DB81

Function 0572A948 Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

Tefq, xrefs: 0572A9DC

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: 31e9da8f3cad752ac4e7f6bc140453054239b1dae53ca68b2cdc696ecbfdc6c0
Instruction ID: ae53fde86c30e5da9601234fefd1c22a0009da8a03b9634f60507c2c072a2e46
Opcode Fuzzy Hash: 31e9da8f3cad752ac4e7f6bc140453054239b1dae53ca68b2cdc696ecbfdc6c0
Instruction Fuzzy Hash: 8CB1E570E05628CFDB14DFAAD944BADBBF2BF89300F5480AAD40DAB255DBB45985DF00

Function 0572A939 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

Tefq, xrefs: 0572A9DC

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: Tefq
API String ID: 0-1066582953
Opcode ID: ae1a05dc38717d3c9d240a2ca4236433eb85f97b09a7b7f859370e753d00b2dc
Instruction ID: 01eda27a71a1f7c967c0e63923b80b8b20579349ed1d9c6f36163b8da09380cc
Opcode Fuzzy Hash: ae1a05dc38717d3c9d240a2ca4236433eb85f97b09a7b7f859370e753d00b2dc
Instruction Fuzzy Hash: 0FB1F774E01628CFDB14DFAAD944BAEBBF2BF89300F5480AAD409A7355DB745985DF00

Function 05621AE8 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

pqI, xrefs: 05621BB7

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: pqI
API String ID: 0-1078129942
Opcode ID: a16183f8a582dfc042cc01916518a101e162b7ba6a7fdca56d552cc62b4ac0ab
Instruction ID: 84b67f036a001e90be56c7d868c6f3106196b59f9e8758f6e1e47abf9987ad30
Opcode Fuzzy Hash: a16183f8a582dfc042cc01916518a101e162b7ba6a7fdca56d552cc62b4ac0ab
Instruction Fuzzy Hash: D24175B4F09519DFCB50CF69C4816AEBBF2AB8A341F658525D40AD7704E738CA42CF90

Function 05621AD8 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

pqI, xrefs: 05621BB7

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: pqI
API String ID: 0-1078129942
Opcode ID: 84079a6c6d996570b0830eef84d3132f0bedb2d1e40a61bf6de592df83afef67
Instruction ID: 88ca98cdb17edae9cb376edfacb44f1dbc0bade96d8ecb96308b97e95b4833c0
Opcode Fuzzy Hash: 84079a6c6d996570b0830eef84d3132f0bedb2d1e40a61bf6de592df83afef67
Instruction Fuzzy Hash: 894195B4B0D91ADFCB11CF69C4816AEBBF2AB86341F648565D40AD7714E738CA42CF90

Function 05758340 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

V, xrefs: 0575A233

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 920872de11e3dc84a68dabde2a268d81a00a832a6eeebed68e60e8230e8383b6
Instruction ID: 19dd3e8df7b2544009a3aa6d78a64d32a36842c114df6d32e952bd33cbecfe93
Opcode Fuzzy Hash: 920872de11e3dc84a68dabde2a268d81a00a832a6eeebed68e60e8230e8383b6
Instruction Fuzzy Hash: 4F4160B1D04A188BEB18CF6BDC4069EFAF3AFC9311F14C1BA881CA7255EB7045869F11

Function 05720007 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

+, xrefs: 057200C8

Memory Dump Source

Source File: 00000000.00000002.1689779358.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5720000_x.jbxd

Similarity

API ID:
String ID: +
API String ID: 0-2126386893
Opcode ID: 897af8cf1e8d75ebdee42c249f5529622a2f87984f9fd72c0a11b16ca52645a5
Instruction ID: 61853f08a4fc06df04157624f322b40ab7e7837f0aac3bf7d459b2aa307a126b
Opcode Fuzzy Hash: 897af8cf1e8d75ebdee42c249f5529622a2f87984f9fd72c0a11b16ca52645a5
Instruction Fuzzy Hash: 87311EB1D097989FEB19CF678804199BFB3AF86300F09C0AAD4489B266E7750846CF15

Function 0575EEE0 Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

1, xrefs: 0575F3BB

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: 0554cdd690e5a9d2cdfbd1ade7341832bf98acbcdcf2b595cf753eecba98b599
Instruction ID: d764138854a770da74e4bcdce6b70d7c0186d4282fd1c3285a987fe3bc41a57e
Opcode Fuzzy Hash: 0554cdd690e5a9d2cdfbd1ade7341832bf98acbcdcf2b595cf753eecba98b599
Instruction Fuzzy Hash: 8411FEB1D056188BEB48CFAB88006EEFAFBAFC9310F14C17AD819A7255DB744A059F50

Function 05757C88 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a9507e4584910632a943cd464b426a8fc6e78571df21c21a1446e304650bb4
Instruction ID: 69893a667b9935b177706011ca47beec95f4a0366328c78b4e53b87b6ab996b0
Opcode Fuzzy Hash: c0a9507e4584910632a943cd464b426a8fc6e78571df21c21a1446e304650bb4
Instruction Fuzzy Hash: 6512B871E046189FDB18CFAAC98059EFBF2FF88314F24C569D858AB219D734A946CF50

Function 05624CF0 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58107d892477fdbc48d8790d315efe4d5513e61246d26b3673259976b95d7fc0
Instruction ID: 3ce37a884ca4f6f3254f05c69ca69dec4eff86a31861315fae7918bd3af6d677
Opcode Fuzzy Hash: 58107d892477fdbc48d8790d315efe4d5513e61246d26b3673259976b95d7fc0
Instruction Fuzzy Hash: 1E91B074E01618CFDB08CF99D484ADEBBF2BB88311F14856AD819A7355DB34A946CF90

Function 05A1E7B0 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37eb0730154b45e8c6ccf764a0bd87e8efcee62ec7992767de25ea589b404814
Instruction ID: c447e87cbebee9c259ee9795114b6e8866d89b7a337c3d7740f2eb637c7b782a
Opcode Fuzzy Hash: 37eb0730154b45e8c6ccf764a0bd87e8efcee62ec7992767de25ea589b404814
Instruction Fuzzy Hash: C571D6B0D05208CFEB04DF99D484BAEBFFAFB49315F54906AE81AAB254D7745885CB08

Function 0570EDD8 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bb6f43da94717ff32f8713ed9f4076d4d8a218a2f5faaba07e8ab4bd0b13d0a
Instruction ID: 855eed8fb5ce076d5d5dba51c6ccb57405ba91b3472f108b9bb76d5db3c94d63
Opcode Fuzzy Hash: 5bb6f43da94717ff32f8713ed9f4076d4d8a218a2f5faaba07e8ab4bd0b13d0a
Instruction Fuzzy Hash: 2561D970E06618CFEB64DF69D844BAEBBF6BB89300F1091AAD409A7295DB305981DF11

Function 0570EDC8 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb6bd8528566854c072f60c0c995f11133d70054fa4305863c903dec347ef7d9
Instruction ID: cf27aaabdb21d20055f5168db09fdcb548c0ccf5ea6a94662fb4453f0bbd4a23
Opcode Fuzzy Hash: fb6bd8528566854c072f60c0c995f11133d70054fa4305863c903dec347ef7d9
Instruction Fuzzy Hash: 8561D974E06618CFEB64DF69D844BAEBBF2BB89300F1491AAD409A7295DB305981DF10

Function 0576EC68 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689997903.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5760000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 033ee810be4055e9141a8a84d240812983f95446a67fdb5027a80bf778bdf0a1
Instruction ID: 1847db02fe8733f70d74240dbde90f075518653b454802d2579c8d05ea187192
Opcode Fuzzy Hash: 033ee810be4055e9141a8a84d240812983f95446a67fdb5027a80bf778bdf0a1
Instruction Fuzzy Hash: 9651E574D05268CFDB24DF6AC9487DEBBF6AF89304F1480AAD809AB354D7745A88CF50

Function 04EA27B0 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ba89e29fa7120372165733b52db9a615f95c75284a24ec741b3f54927b74fba
Instruction ID: e6b6d60134b322c12a0d29ec0a87773dd3922100ce364ac65e280381e7dadc7f
Opcode Fuzzy Hash: 1ba89e29fa7120372165733b52db9a615f95c75284a24ec741b3f54927b74fba
Instruction Fuzzy Hash: D4418E35B081199FDB00CFA8C940BEF7BB5FF48700F1491A6E616BF390E674AA119B91

Function 04EA2A48 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c000df53456287d3777b61594a68e09c23922beeb78a4e058b61ff05b3f53563
Instruction ID: 2705795e238e64fc37bc269728582e73d171daf7b06f0bb6fe3110cb069de02f
Opcode Fuzzy Hash: c000df53456287d3777b61594a68e09c23922beeb78a4e058b61ff05b3f53563
Instruction Fuzzy Hash: 55415D31B04209DFDB20DF98C941BEEBBB5EB44700F1551A2E259FF394E770AA508B95

Function 04EA2A3A Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46eb83d57cd18a9c27429cc2f0d44e9f7c7e0fa2a3d6da12a5e371179fc19d30
Instruction ID: 454e1b7d8495b2829d522542a08920108448305ca429b80eaae9db98b5729c9b
Opcode Fuzzy Hash: 46eb83d57cd18a9c27429cc2f0d44e9f7c7e0fa2a3d6da12a5e371179fc19d30
Instruction Fuzzy Hash: 63416E31B041099FDB20CF98C941BEEBBB5EB44300F1551A2E256FF354E774AA518B81

Function 04EA27B8 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef382fae33734ed995cb4c0d47c865283bbb766b6a88707d9b82838751d9e10
Instruction ID: a8c4c03415243e91de8ec65b0213ccb47ed310cf21284b171b891541f8cc3b5c
Opcode Fuzzy Hash: 3ef382fae33734ed995cb4c0d47c865283bbb766b6a88707d9b82838751d9e10
Instruction Fuzzy Hash: 63417C35A081199FDB00CFA8C940BEF7BB1FF48700F1491A6E606BF390E674AA119B91

Function 05757C78 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689949107.0000000005750000.00000040.00000800.00020000.00000000.sdmp, Offset: 05750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5750000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bfe38c78c1ef8a49621bde7fd50141aad79a2af9473b3cf7b488372d250f3f9
Instruction ID: e817e5e098249c74fc2e4fc7f70b877ce42987d662d41742600ec639007cce6e
Opcode Fuzzy Hash: 9bfe38c78c1ef8a49621bde7fd50141aad79a2af9473b3cf7b488372d250f3f9
Instruction Fuzzy Hash: 964177B1E016198BDB08CFABC94069EFBF3BFC8310F14C17AD918AB254DB3459428B50

Function 0576001B Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689997903.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5760000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f3c0ad72244fc4433ec81aa5e011cd0eb5c37955f19646738373c029d4596fa
Instruction ID: dca67756115b24d84e991b3395f3b9c3e36a43f1682ab14cdb6026453c49f142
Opcode Fuzzy Hash: 3f3c0ad72244fc4433ec81aa5e011cd0eb5c37955f19646738373c029d4596fa
Instruction Fuzzy Hash: A3516DB1D056588BEB6CCF6B8D456CAFAF3AFC9300F14C1FA994CA6214EB7009858F40

Function 0576D7F0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689997903.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5760000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac4556db6c6e868dd7f34aba1f651c08b6fbae8c0ad18f823af97f47e0005724
Instruction ID: 570ade5a632fb749ad7a46651bb3be163d0aa7d361c9a2bf23b4d6e05f6c5176
Opcode Fuzzy Hash: ac4556db6c6e868dd7f34aba1f651c08b6fbae8c0ad18f823af97f47e0005724
Instruction Fuzzy Hash: 5041F0B0E103499FDB24CFA9C989AADBBF1BF49300F249029E819BB250D7749885DF44

Function 04EA3A50 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcf181282beaca2e242279a210412632731fd5cacd9298dc6abcd87ee6dbedab
Instruction ID: 7c489d4e4f232d2d1f55ad13ae04de2f5912c081adb9a1c65359992475212c01
Opcode Fuzzy Hash: dcf181282beaca2e242279a210412632731fd5cacd9298dc6abcd87ee6dbedab
Instruction Fuzzy Hash: 37516470D016288BEB68DF6ACD5878DBBF2BF88305F14C1A9D40DA7254EB751A85CF14

Function 05760040 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689997903.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5760000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dc0c3d442638b97e90ed7256e431622d6113dfc17bf66f607c8853c6882f403
Instruction ID: ede379d19e617e0400b206d669113edb61d0594c2538aca117cc49ad4198dd04
Opcode Fuzzy Hash: 2dc0c3d442638b97e90ed7256e431622d6113dfc17bf66f607c8853c6882f403
Instruction Fuzzy Hash: 7D4100B1D056588BEB6CCF6B8D456CAFAF3AFC9300F14C1FA994CA6254EB7409C58E50

Function 05A00040 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7dc80b68adbc156b7badce4c7cd09a3e73a15f19bb236f5541b518de3d2f581
Instruction ID: 797d04aabab61b1e922fb9980a9a75b7082ffb87fea982a052d78828a9443bf9
Opcode Fuzzy Hash: a7dc80b68adbc156b7badce4c7cd09a3e73a15f19bb236f5541b518de3d2f581
Instruction Fuzzy Hash: 14510E70D05228CBDB68DF1AD8987D9BAF6BF88300F04D4EA950DA7294DB744E85DF01

Function 05A00006 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690395875.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cab1a1a0776a60769a349293292ea9d90e455e8973f2070c7fa81d1ab1d2442
Instruction ID: ff5f1b0c2842026316a2ea5685984ac5f8e0c6ab543185a90325204e9ba3f799
Opcode Fuzzy Hash: 1cab1a1a0776a60769a349293292ea9d90e455e8973f2070c7fa81d1ab1d2442
Instruction Fuzzy Hash: BE311C71D087548FEB59CF2A8C98799BFF6AF86300F45C0EAC44CA6296DB740985CF11

Function 05620006 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5b4a63b8c229baf1b215bd46158b6e3d4cce908e7759d3576cc6cc6cdc4c35a
Instruction ID: 46507f3670a5d946a0df678b821586f221414646a45b4f9da6a5c0ca6dc79195
Opcode Fuzzy Hash: e5b4a63b8c229baf1b215bd46158b6e3d4cce908e7759d3576cc6cc6cdc4c35a
Instruction Fuzzy Hash: 33313271D056989FDB19CF6BDC452C9BBF7AFCA310F08C0BAD408AA265EA344945CF11

Function 05620040 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb6e41535117fd79b0bbf8ccb9eb495059473ec80cd2228da9118752fd7262e9
Instruction ID: c66d67022ed03224f86e5431ab2c506d3fef25ec27e0b4ca9b744c8fc83a4c4c
Opcode Fuzzy Hash: bb6e41535117fd79b0bbf8ccb9eb495059473ec80cd2228da9118752fd7262e9
Instruction Fuzzy Hash: 9E21CDB1D056189BEB18CF6BC8446DEFBF7AFC9300F14C069940CA6254EB744942CF41

Function 04EA3A40 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1686905308.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ea0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28f8187a3951837b63b37e38b006cb9b5af3a3b22f18664977a1f8acdc3d21b8
Instruction ID: c22f56d88c71347ec2280ed3f7d9253ecc665b19f66f754d668df669b71f5b6c
Opcode Fuzzy Hash: 28f8187a3951837b63b37e38b006cb9b5af3a3b22f18664977a1f8acdc3d21b8
Instruction Fuzzy Hash: 9C319AB1D056188BEB58CF6BC95478EFAF3AFC8314F14C2A9C40CA6264DB750A858F50

Function 059F6070 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dacf2ae9a367731c36d79bc4bfb3897b669fcb6026f0f92836e1ac57ebe4fc8
Instruction ID: 3151a15757756b71a4f020b7835b47ed9a1257375455c094680920ef8b5d89e2
Opcode Fuzzy Hash: 5dacf2ae9a367731c36d79bc4bfb3897b669fcb6026f0f92836e1ac57ebe4fc8
Instruction Fuzzy Hash: D521CFB5D142189FCB14CFA9D981AEEFBF5FB49320F14901AE915B7210C735A905CFA4

Function 059F6068 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690354597.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59f0000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638e8d3600d46c07b8b5b1b516982ee787d4da22a11612aeb2a7e5cc6083aeb3
Instruction ID: 67412aa7da629d8b784ffade7729e832a70fe78f95ef88f580d6e00f0685dafa
Opcode Fuzzy Hash: 638e8d3600d46c07b8b5b1b516982ee787d4da22a11612aeb2a7e5cc6083aeb3
Instruction Fuzzy Hash: 6E21DEB5D14208DFCB10CFA9D981AEEBBF5BF49320F14941AD959B7210C735A901CF64

Function 05704AF0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ff40bb2d53b37a494de502c6499e35ab86de3a5433d752054701a98700d0db9
Instruction ID: 0c947de4f93f65fa308ff063670bf521eb3a152d8edf59f890de411f58aaf9ed
Opcode Fuzzy Hash: 9ff40bb2d53b37a494de502c6499e35ab86de3a5433d752054701a98700d0db9
Instruction Fuzzy Hash: 63219EB1E05618DBEB18CF9AD9447DDBBF7BF88300F04D1AAD509AA254DB7509468F40

Function 05704AE0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1689683632.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_x.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 613a99aaf319718cfba68523cdf69dcb7c34d7948593a1f8ac02a7fbd011da34
Instruction ID: 8b3769868b6571acd5b4cda9abb35dc7c5388d71a0b3d5a18fe77ac8f25e7830
Opcode Fuzzy Hash: 613a99aaf319718cfba68523cdf69dcb7c34d7948593a1f8ac02a7fbd011da34
Instruction Fuzzy Hash: 4E21E4B1D01618DBEB18CFABDD5479DBBF3BF89300F14C1AAD908AA294DB7509468F40

Function 00F7EF2F Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

4'fq, xrefs: 00F7F341
4'fq, xrefs: 00F7F2BD
4'fq, xrefs: 00F7F209
4'fq, xrefs: 00F7EFC5
pjq, xrefs: 00F7EF7F
p<fq, xrefs: 00F7F2A0

Memory Dump Source

Source File: 00000000.00000002.1669027795.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_x.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$4'fq$4'fq$p<fq$pjq
API String ID: 0-4258306817
Opcode ID: 7232efd1ea722a402e9a13a04c9dcb7f9761426d0dbce063923dfa49f15f8a92
Instruction ID: d5248d494e109cd0de82c142be9b3cfaaf8a761a434c52f8f40eae7163424602
Opcode Fuzzy Hash: 7232efd1ea722a402e9a13a04c9dcb7f9761426d0dbce063923dfa49f15f8a92
Instruction Fuzzy Hash: 77D1FC76600104EFDB459FA8C944F997BB2FF4C310F1684A9E2099B2B6CB32DC51EB51

Function 05731310 Relevance: 7.7, Strings: 6, Instructions: 154COMMON

Download Yara Rule

Strings

4'fq, xrefs: 057313C4
4'fq, xrefs: 0573145A
4'fq, xrefs: 057313E2
4'fq, xrefs: 05731394
pjq, xrefs: 05731467
(jq, xrefs: 057314DA

Memory Dump Source

Source File: 00000000.00000002.1689828606.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5730000_x.jbxd

Similarity

API ID:
String ID: (jq$4'fq$4'fq$4'fq$4'fq$pjq
API String ID: 0-799542208
Opcode ID: 241785eaf2ac7399dea11e4015f918d569457280fe3c0ec716061121a7e1e9d6
Instruction ID: f629c1b665d3c129d554b80e115ccdb50a2d5d8bfb801405b9510005847517f9
Opcode Fuzzy Hash: 241785eaf2ac7399dea11e4015f918d569457280fe3c0ec716061121a7e1e9d6
Instruction Fuzzy Hash: 7151AFB1A002059BC748DBB9C8917AFBBF7BFC8310F548828D50997386DF75994297A1

Function 05624625 Relevance: 7.6, Strings: 6, Instructions: 143COMMON

Download Yara Rule

Strings

), xrefs: 056248D1
84$, xrefs: 05624581
, xrefs: 05624697
6, xrefs: 056245C0
!, xrefs: 056249F5
:, xrefs: 05624464

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: $!$)$6$:$84$
API String ID: 0-3415195157
Opcode ID: c6b69ffb0cb54b971033829bccf040712630d34fc5755b9d6a9d9929780e0da7
Instruction ID: 58869f0fea1954fedc0e297c3be245ff139c05d07f0439523ac15c1f4bc07ffa
Opcode Fuzzy Hash: c6b69ffb0cb54b971033829bccf040712630d34fc5755b9d6a9d9929780e0da7
Instruction Fuzzy Hash: DE513B78A06618CFDB20CFA9C484B9EBBF2FB49311F64A159D409EB345DB349886CF14

Function 056241F0 Relevance: 5.1, Strings: 4, Instructions: 51COMMON

Download Yara Rule

Strings

2E=, xrefs: 05624A34
3E=, xrefs: 05624A39
/, xrefs: 0562423B
(, xrefs: 05624A43

Memory Dump Source

Source File: 00000000.00000002.1689252398.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5620000_x.jbxd

Similarity

API ID:
String ID: ($/$2E=$3E=
API String ID: 0-2776023208
Opcode ID: 09e8e8d6e5f029c098e4858c02d8e514bbd0ab88760ac70cc2753f169d5f4a62
Instruction ID: 69bf593a58c998849e809abef95ba59855d441af0b8c42df1ead2be6d75fd3f1
Opcode Fuzzy Hash: 09e8e8d6e5f029c098e4858c02d8e514bbd0ab88760ac70cc2753f169d5f4a62
Instruction Fuzzy Hash: FF116670D06A18CBDF28CFAAC4447EEBAF6BB8A301F649029C409A7344DB714946CF54

Analysis Process: x.exePID: 2004, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	12.2%
Total number of Nodes:	82
Total number of Limit Nodes:	6

Executed Functions

Function 004415B0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00444830,?,00000018,?,?,00000018,?,?,?), ref: 004415DE

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 004088B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 004088D2
GetCurrentThreadId.KERNEL32 ref: 004088D8
SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004088E9
GetForegroundWindow.USER32 ref: 004088EF
ExitProcess.KERNEL32 ref: 00408A13

Strings

<]>?, xrefs: 00408915

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
String ID: <]>?
API String ID: 4063528623-142480294
Opcode ID: af201e0ca75ee4a87b7a1048b5e6cd8492f274d209216bc429e349974ef3c370
Instruction ID: 6131a18b343a1dfe26c9a2a8f686df02ef63443fea9bc33b4a6290dd0e59ef9a
Opcode Fuzzy Hash: af201e0ca75ee4a87b7a1048b5e6cd8492f274d209216bc429e349974ef3c370
Instruction Fuzzy Hash: 52312B71A442105FD724BF25AC0B75B77929FC2314F19863EA984BB3E6DA3C8406879E

Function 0043B00F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 0043B032

Strings

R,)., xrefs: 0043B060

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: DefaultLanguageUser
String ID: R,).
API String ID: 95929093-3917952405
Opcode ID: 2c3d267b58a0b726afdfc7d4f41a5c5df242e45beaf86da8c2121d5b819e8f5c
Instruction ID: 7ca917869696e76a17b39bde0e779481bf45e3d261fa63ee9d001e8c21811ee6
Opcode Fuzzy Hash: 2c3d267b58a0b726afdfc7d4f41a5c5df242e45beaf86da8c2121d5b819e8f5c
Instruction Fuzzy Hash: 9211C431A096958FDB09CF78D9907AE7BF26F5A308F0840EDC545A7385C6345E04CB91

Function 0044181E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetForegroundWindow.USER32 ref: 00441897

Strings

HKDE, xrefs: 00441881

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: ForegroundWindow
String ID: HKDE
API String ID: 2020703349-2441671409
Opcode ID: c2e016e35dd9f91458cef600323dfa86c065b02f3ad9bd12b2257f3e2a8bf76d
Instruction ID: 53daea6ee54354bc578606f44f02174766e5ea3db433d8f59aab157438f54cdf
Opcode Fuzzy Hash: c2e016e35dd9f91458cef600323dfa86c065b02f3ad9bd12b2257f3e2a8bf76d
Instruction Fuzzy Hash: E20128B1D424548BFB10CF64EC8A7EA3776E781309F1804B9C005D72E1DB7D8A8A8F08

Function 00441510 Relevance: 1.5, APIs: 1, Instructions: 41
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?,00004000,?,?,?,?,?,01317158,?,?,00000000,0041554D,?), ref: 00441550

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d31155d7f87200c80277a9f0602adf1f89147736ae3c8408725f07ec4c5b0996
Instruction ID: ba68fad8c2e057625eaf6b1adff0adc5727166bc26f018b811e1036825c6c889
Opcode Fuzzy Hash: d31155d7f87200c80277a9f0602adf1f89147736ae3c8408725f07ec4c5b0996
Instruction Fuzzy Hash: 70F022BA846202EBC2802F25BC4285B3374FF8B326F090876F40001031E739E8528E9E

Function 00441889 Relevance: 1.5, APIs: 1, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetForegroundWindow.USER32 ref: 00441897

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 53aa0b2c748544fedb55f1c6b35dec9c8436d5777c9351bf877445ccaf7ba254
Instruction ID: 2cec92797f3a9da85110bb08befa6829f646244df7d478b6df652c844766cd5a
Opcode Fuzzy Hash: 53aa0b2c748544fedb55f1c6b35dec9c8436d5777c9351bf877445ccaf7ba254
Instruction Fuzzy Hash: 50E012B9941155EFD704DF64F8958653765A74630A758043AE502C3361DA35D506CB08

Function 0043FC10 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,0000008A,004154DA,0000008A), ref: 0043FC30

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: dc12bc6f0065cc419bd34f03fe79895a22a3e675eb9ffa82fef7e35ab0aab3af
Instruction ID: 4a04c09c27fa26771d0b033790895460fd20d16492445079d4f35ac96d2a0c41
Opcode Fuzzy Hash: dc12bc6f0065cc419bd34f03fe79895a22a3e675eb9ffa82fef7e35ab0aab3af
Instruction Fuzzy Hash: ABD0A931006132EBC6002F18BC02BDB3B549F09321F0748A1B4006A066C224DC908AC8

Function 0043FBF0 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,0040892F,<]>?), ref: 0043FC00

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 61b0065705d4d7f88a69c8021d50846477de9e61274c6490f19eb4fe10d2cfb8
Instruction ID: c6669163bd448ad7b1c02651d91d367c11fe8278a119d4c12c9f3b78ac4a4674
Opcode Fuzzy Hash: 61b0065705d4d7f88a69c8021d50846477de9e61274c6490f19eb4fe10d2cfb8
Instruction Fuzzy Hash: 78C09B31045130FFD5112B15FD05FDA3F55DF45351F010455B50477076C765AC91CAD8

Non-executed Functions

Function 00435D9F Relevance: 61.4, APIs: 1, Strings: 34, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00435EC1

Strings

o, xrefs: 00435F2F
U, xrefs: 00435F43
n, xrefs: 00435FCA
b, xrefs: 00435FDE
o, xrefs: 00435EF3
h, xrefs: 00435FC0
z, xrefs: 00436006
w, xrefs: 00435F25
k, xrefs: 00435F1B
Z, xrefs: 00435F57
j, xrefs: 00435FB6
{, xrefs: 00435DBE
f, xrefs: 00435FF2
0, xrefs: 004360AB
h, xrefs: 00435EDF
2, xrefs: 00435EEE
4, xrefs: 00435F0C
x, xrefs: 00436010
W, xrefs: 00435F39
{, xrefs: 0043600B
x, xrefs: 00435EE9
e, xrefs: 00435F61
l, xrefs: 00435FD4
<, xrefs: 00435EE4
R, xrefs: 00435F4D
p, xrefs: 00435F07
t, xrefs: 00435EFD
0, xrefs: 00435EF8
d, xrefs: 00435FFC
6, xrefs: 00435F02
`, xrefs: 00435FE8
a, xrefs: 00435F11
9, xrefs: 00435FC5
Z, xrefs: 00435F6B

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: AllocString
String ID: 0$0$2$4$6$9$<$R$U$W$Z$Z$`$a$b$d$e$f$h$h$j$k$l$n$o$o$p$t$w$x$x$z${${
API String ID: 2525500382-4238756266
Opcode ID: 674c787c23a82f09fe12b3af31216e56c75d2def42b71a2830ae93cf98707e9a
Instruction ID: b761003f297fea56956db52dfdc38a5c1bd47cadaa0a4a3497a3599e0e4131c3
Opcode Fuzzy Hash: 674c787c23a82f09fe12b3af31216e56c75d2def42b71a2830ae93cf98707e9a
Instruction Fuzzy Hash: 70A1382150C7C18AD322C678884834FBFD25BE7318F494A9DE5E49B3D6C3BA850AC767

Function 00436753 Relevance: 61.4, APIs: 1, Strings: 34, Instructions: 196memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 0043686E

Strings

t, xrefs: 004368AA
0, xrefs: 00436A5C
l, xrefs: 00436981
f, xrefs: 0043699F
h, xrefs: 0043688C
o, xrefs: 004368DC
n, xrefs: 00436977
<, xrefs: 00436891
`, xrefs: 00436995
e, xrefs: 0043690E
z, xrefs: 004369B3
b, xrefs: 0043698B
x, xrefs: 00436896
{, xrefs: 004369B8
U, xrefs: 004368F0
k, xrefs: 004368C8
2, xrefs: 0043689B
R, xrefs: 004368FA
0, xrefs: 004368A5
w, xrefs: 004368D2
j, xrefs: 00436963
a, xrefs: 004368BE
Z, xrefs: 00436918
d, xrefs: 004369A9
9, xrefs: 00436972
W, xrefs: 004368E6
6, xrefs: 004368AF
h, xrefs: 0043696D
p, xrefs: 004368B4
4, xrefs: 004368B9
Z, xrefs: 00436904
{, xrefs: 0043676B
o, xrefs: 004368A0
x, xrefs: 004369BD

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: AllocString
String ID: 0$0$2$4$6$9$<$R$U$W$Z$Z$`$a$b$d$e$f$h$h$j$k$l$n$o$o$p$t$w$x$x$z${${
API String ID: 2525500382-4238756266
Opcode ID: 6804bfeff509391c170ad92c31e8f022b77c07f06e8606906cff86b625bd00f3
Instruction ID: 25150da0c18c501bc8a428e530570f484acba19c4951caa27bf4837c4ea98e71
Opcode Fuzzy Hash: 6804bfeff509391c170ad92c31e8f022b77c07f06e8606906cff86b625bd00f3
Instruction Fuzzy Hash: ACA1192150C7D18AD322C678844834BBFD15BE7318F494A9DE5E89B3D6C3BA850AC763

Function 0043CAC0 Relevance: 26.9, APIs: 11, Strings: 4, Instructions: 698memorycomCOMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,7E8E785E,01000713,?,D3D2D1D8,?), ref: 0043CBBF
CoCreateInstance.OLE32(01000713,00000000,00000001,?,00000000), ref: 0043CD90
SysAllocString.OLEAUT32(B6E2B0E5), ref: 0043CE31
CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0043CE6F
SysAllocString.OLEAUT32(F6A0F0A8), ref: 0043CEBB
SysAllocString.OLEAUT32(79B57F8D), ref: 0043CF97
VariantInit.OLEAUT32(?), ref: 0043D006
VariantClear.OLEAUT32(?), ref: 0043D1CF
SysFreeString.OLEAUT32(01000713), ref: 0043D1F4
SysFreeString.OLEAUT32(?), ref: 0043D1FD
SysFreeString.OLEAUT32(00000000), ref: 0043D211

Strings

wt, xrefs: 0043D047
BcFm, xrefs: 0043CEDD
|b, xrefs: 0043CB40
C, xrefs: 0043CBC5

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: String$AllocFree$Variant$BlanketClearCreateEnvironmentExpandInitInstanceProxyStrings
String ID: BcFm$C$wt$|b
API String ID: 4200829299-2811107050
Opcode ID: 483253653d9baf85f436417cd3db0a05a61b8b379cd2214603ed4b9ee60e04f3
Instruction ID: 86b8cefc19e59173072ec1dd18931247ff2033f0e69c859f45f372976441cf8a
Opcode Fuzzy Hash: 483253653d9baf85f436417cd3db0a05a61b8b379cd2214603ed4b9ee60e04f3
Instruction Fuzzy Hash: 5632FC75A083409BD320CF25D885B5BBBE5EFC9314F24892DE5C89B391DB78D849CB86

Function 00425300 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 425COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 004253C3
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 00425449

Strings

l1b3, xrefs: 00425500
gTB, xrefs: 00425894, 004258AF

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: gTB$l1b3
API String ID: 237503144-2718250723
Opcode ID: f18ff0dcd30664e8b3c4cc4737b5d35a292ec3a3582670faeedac237ed021705
Instruction ID: 0c9a3cdaa351b7b98131a3946d6fc83aeb30af66e42851fad8fed71d8b870ad0
Opcode Fuzzy Hash: f18ff0dcd30664e8b3c4cc4737b5d35a292ec3a3582670faeedac237ed021705
Instruction Fuzzy Hash: 22E1DEB0618310DBD710DF24D89176FBBE1EFC6318F84892DE5859B385E6788949CB8B

Function 00437CF0 Relevance: 9.1, APIs: 6, Instructions: 139clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00437D12
GetClipboardData.USER32 ref: 00437D33
GlobalLock.KERNEL32 ref: 00437D50
GlobalUnlock.KERNEL32 ref: 00437E93
CloseClipboard.USER32 ref: 00437E99

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockOpenUnlock
String ID:
API String ID: 1006321803-0
Opcode ID: a20b187f5a7ba98fe033f9f36d7eb6359854073bb31392707e8d32daba2c879e
Instruction ID: 98487bf5d144393916ea509d4b2787e2ad67d9bb579648b216c7d87e61d1e08d
Opcode Fuzzy Hash: a20b187f5a7ba98fe033f9f36d7eb6359854073bb31392707e8d32daba2c879e
Instruction Fuzzy Hash: 1951F7B1808B929FC710AB7C884A35ABFA06B46320F05877DE8E5973D2D3389855C7D7

Function 00437EB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00437EF9
GetSystemMetrics.USER32 ref: 00437F09

Strings

, xrefs: 00437FF6

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-3916222277
Opcode ID: 2b569762b1330518102bd0eb772f27bb36532f1745e76df81bdb44f0644b9a09
Instruction ID: ffa53959be30d3351436602febd73e6a978458ce104fbc7e8353f00bbd07aa8f
Opcode Fuzzy Hash: 2b569762b1330518102bd0eb772f27bb36532f1745e76df81bdb44f0644b9a09
Instruction Fuzzy Hash: E6A14EB44097848BE364DF65C5497CBBBE1EBC5308F10891EE6984B350DBB99848CF8A

Function 0043616E Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 103COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00436178
VariantInit.OLEAUT32 ref: 0043618B

Strings

j, xrefs: 0043620E
n, xrefs: 0043622E
v, xrefs: 004361F4
h, xrefs: 0043621E
z, xrefs: 004361B8
~, xrefs: 004361CC
o, xrefs: 00436236
|, xrefs: 004361D6
p, xrefs: 004361EA
r, xrefs: 004361E0
t, xrefs: 004361FE
x, xrefs: 004361C2
l, xrefs: 0043623E

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: Variant$ClearInit
String ID: h$j$l$n$o$p$r$t$v$x$z$|$~
API String ID: 2610073882-2576983898
Opcode ID: cf6df839cb1e8d0301ab0144631c6097a3cc3986c80ea9ffca59974eb6f36356
Instruction ID: 7f261021c981efbe01075aa75b5ac45d48e2eaafde371da524c28131b46bbdd7
Opcode Fuzzy Hash: cf6df839cb1e8d0301ab0144631c6097a3cc3986c80ea9ffca59974eb6f36356
Instruction Fuzzy Hash: 3551293150CBC18AE3359A38845479FBFD1ABD6314F188A5CE1E98B3E2D779940ACB53

Function 0043633B Relevance: 26.3, APIs: 2, Strings: 13, Instructions: 99COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00436345
VariantInit.OLEAUT32 ref: 00436358

Strings

z, xrefs: 0043638C
j, xrefs: 004363E2
v, xrefs: 004363C8
|, xrefs: 004363AA
l, xrefs: 00436412
o, xrefs: 0043640A
p, xrefs: 004363BE
r, xrefs: 004363B4
h, xrefs: 004363F2
x, xrefs: 00436396
t, xrefs: 004363D2
n, xrefs: 00436402
~, xrefs: 004363A0

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: Variant$ClearInit
String ID: h$j$l$n$o$p$r$t$v$x$z$|$~
API String ID: 2610073882-2576983898
Opcode ID: 0afbd9bed82e46df7b0bef734fd71c4f97ae820c71dd09e7d34792bf6cf0bddd
Instruction ID: 6fb98c9b0a3e78e78a0dbd3419e26212b6c9807e3baf4df4b12acf862fe79c94
Opcode Fuzzy Hash: 0afbd9bed82e46df7b0bef734fd71c4f97ae820c71dd09e7d34792bf6cf0bddd
Instruction Fuzzy Hash: 2D412A3150DBC18AD3359A3C845879FBFD16BA6324F188A5CE1E58B3E2D679840ACB17

Function 0042B4C1 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 197COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 0042B6E5
RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 0042B712

Strings

Xy, xrefs: 0042B5AD
=:, xrefs: 0042B638
|, xrefs: 0042B5B5
m>A<, xrefs: 0042B62C

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: =:$Xy$m>A<$|
API String ID: 237503144-3538694660
Opcode ID: ff77e5a0ebdaa4619762c614696fd84d85ba583b409db31cdb780b29c4cf0814
Instruction ID: 4cb481b86ec3135dd68c179207368cab3e8833ecae180e6b2bb594d28b474fd3
Opcode Fuzzy Hash: ff77e5a0ebdaa4619762c614696fd84d85ba583b409db31cdb780b29c4cf0814
Instruction Fuzzy Hash: D9619E7560C3519FE320CF28A844B5FB7E5FBC5708F40893DE5988B281DB74990A8B97

Function 00436A9C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 90COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 00436ADB

Strings

T, xrefs: 00436B29
I, xrefs: 00436B19
R, xrefs: 00436B39
[, xrefs: 00436B59
], xrefs: 00436B89

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: InitVariant
String ID: I$R$T$[$]
API String ID: 1927566239-2808819260
Opcode ID: 61398e369aaa9139b5b499856572766c0c63493208d3651185643f0506d967ce
Instruction ID: c5226a8da38c67c8e671ef54065903bd08d3cc01746ddac04637c3510dcd47af
Opcode Fuzzy Hash: 61398e369aaa9139b5b499856572766c0c63493208d3651185643f0506d967ce
Instruction Fuzzy Hash: 7041E37110CBC2CAD3368B2898587DBBFD1ABD6325F084AADD4E94B3D2C6754106CB53

Function 0040D04E Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 336COMMON

Download Yara Rule

APIs

CoUninitialize.OLE32 ref: 0040D055

Strings

W_, xrefs: 0040D2A3
+, xrefs: 0040D064
WM(, xrefs: 0040D175
iD, xrefs: 0040D106
/*)$, xrefs: 0040D131

Memory Dump Source

Source File: 00000001.00000002.1686237213.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_x.jbxd

Similarity

API ID: Uninitialize
String ID: +$/*)$$W_$WM($iD
API String ID: 3861434553-933249698
Opcode ID: 36404018694d877f004064023d005b1f8c47d1d106d6532d98401d4272ce8f4d
Instruction ID: feb0bf2645a92ed5db07937c492501470ced89515c3a29b1bb4abeabd4546485
Opcode Fuzzy Hash: 36404018694d877f004064023d005b1f8c47d1d106d6532d98401d4272ce8f4d
Instruction Fuzzy Hash: 54A1E3B55057818FD329CF29C590622BFE1FF66314B2881ADC8D58F796C739D80ACBA4

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report x.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
x.exe

Function 04EA73A0 Relevance: 6.0, Strings: 4, Instructions: 956
COMMON

Function 04EA98CA Relevance: 3.8, Strings: 2, Instructions: 1340
COMMON

Function 059F4558 Relevance: 3.1, Strings: 2, Instructions: 607
COMMON

Function 0562D6B8 Relevance: 3.1, Strings: 2, Instructions: 565
COMMON

Function 00F711E8 Relevance: 5.3, Strings: 4, Instructions: 267
COMMON

Function 05730040 Relevance: 4.2, Strings: 3, Instructions: 481
COMMON

Function 05731D08 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 057362E0 Relevance: 4.1, Strings: 3, Instructions: 359
COMMON

Function 00F77469 Relevance: 3.9, Strings: 3, Instructions: 196
COMMON

Function 00F71357 Relevance: 3.9, Strings: 3, Instructions: 177
COMMON

Function 00F739D0 Relevance: 3.8, Strings: 3, Instructions: 80
COMMON

Function 00F739E0 Relevance: 3.8, Strings: 3, Instructions: 74
COMMON

Function 0562C2A8 Relevance: 3.0, Strings: 2, Instructions: 520
COMMON

Function 05532D60 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON