Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1532507
MD5:0d02cf0f47e5e00b974005486688bff3
SHA1:28f40eab6e86751e122a3356629b035395d873ee
SHA256:7d675e8c4d85715d3fb67443be91e55956ab88549140a2e66675fdc3bfdeabd8
Tags:exeuser-Bitsight
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0D02CF0F47E5E00B974005486688BFF3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: file.exeAvira: detected
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAA48E CryptVerifySignatureA,0_2_00CAA48E
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2164528840.0000000005280000.00000004.00001000.00020000.00000000.sdmp

System Summary

barindex
PE file contains section with special chars
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD00B10_2_00BD00B1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C040CE0_2_00C040CE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C240D20_2_00C240D2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B960A80_2_00B960A8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2E0D50_2_00C2E0D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B320AE0_2_00B320AE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4A09F0_2_00B4A09F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAA0910_2_00BAA091
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF0_2_00C480EF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B920950_2_00B92095
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B280840_2_00B28084
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1E08B0_2_00B1E08B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA80860_2_00BA8086
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE0_2_00C3E0FE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00FC0_2_00BC00FC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8E0F00_2_00B8E0F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C200880_2_00C20088
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B640D20_2_00B640D2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC80D00_2_00BC80D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B380220_2_00B38022
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C100560_2_00C10056
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA20220_2_00BA2022
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEE00D0_2_00AEE00D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B120190_2_00B12019
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8C0640_2_00B8C064
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAC0530_2_00BAC053
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA604F0_2_00BA604F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6A0400_2_00B6A040
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2C1A20_2_00B2C1A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD61BC0_2_00AD61BC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB61AA0_2_00BB61AA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0E19F0_2_00B0E19F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC418C0_2_00BC418C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFE1840_2_00BFE184
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0C1FB0_2_00C0C1FB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C221830_2_00C22183
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3E1F10_2_00B3E1F1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF01FC0_2_00BF01FC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B061C10_2_00B061C1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFA1C80_2_00BFA1C8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDE1C50_2_00BDE1C5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B601C80_2_00B601C8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEE1290_2_00BEE129
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B161160_2_00B16116
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B041010_2_00B04101
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE011C0_2_00AE011C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9E1050_2_00B9E105
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9C1040_2_00B9C104
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3017C0_2_00C3017C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B681720_2_00B68172
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC21770_2_00BC2177
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE81600_2_00AE8160
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B221520_2_00B22152
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE214F0_2_00BE214F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B581410_2_00B58141
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB014E0_2_00BB014E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB62B60_2_00BB62B6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B442A90_2_00B442A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C282E60_2_00C282E6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2A2FA0_2_00C2A2FA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7E28E0_2_00B7E28E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8A2870_2_00B8A287
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B082F10_2_00B082F1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B982F50_2_00B982F5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B002E30_2_00B002E3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4E2AD0_2_00C4E2AD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B402340_2_00B40234
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEA23F0_2_00BEA23F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD62340_2_00BD6234
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB82230_2_00BB8223
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFE2350_2_00AFE235
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B262290_2_00B26229
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4E2140_2_00B4E214
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADE2060_2_00ADE206
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBA2140_2_00BBA214
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0C2710_2_00B0C271
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDC27E0_2_00BDC27E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C082190_2_00C08219
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0021E0_2_00C0021E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0A26E0_2_00B0A26E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5E25F0_2_00B5E25F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2A2470_2_00B2A247
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C022390_2_00C02239
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4A3B20_2_00B4A3B2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBA3BD0_2_00BBA3BD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B103960_2_00B10396
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C183F60_2_00C183F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEE3FD0_2_00BEE3FD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF83EC0_2_00BF83EC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDA3E40_2_00BDA3E4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B963D90_2_00B963D9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B303DB0_2_00B303DB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B623DC0_2_00B623DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBE3D50_2_00BBE3D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C063B70_2_00C063B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC63210_2_00BC6321
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFA31E0_2_00BFA31E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2C3660_2_00C2C366
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAE3120_2_00BAE312
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5031F0_2_00B5031F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B143700_2_00B14370
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1A3700_2_00B1A370
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2630C0_2_00C2630C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE036E0_2_00BE036E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEC36E0_2_00BEC36E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1631E0_2_00C1631E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4C3570_2_00B4C357
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF434A0_2_00AF434A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF43420_2_00BF4342
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1C4BF0_2_00B1C4BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4249A0_2_00B4249A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B564850_2_00B56485
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6C4840_2_00B6C484
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B024830_2_00B02483
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEC4970_2_00AEC497
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD24FC0_2_00BD24FC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1C4800_2_00C1C480
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B664F80_2_00B664F8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD64EA0_2_00BD64EA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4C4D00_2_00B4C4D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA64D30_2_00BA64D3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFA4C40_2_00AFA4C4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B204CB0_2_00B204CB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADA4D60_2_00ADA4D6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA24C50_2_00BA24C5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2E4410_2_00C2E441
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE442C0_2_00BE442C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF84320_2_00AF8432
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9A41D0_2_00B9A41D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC04160_2_00BC0416
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5441B0_2_00B5441B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B124070_2_00B12407
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2A40B0_2_00B2A40B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE24670_2_00AE2467
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0E4090_2_00C0E409
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C364160_2_00C36416
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9445F0_2_00B9445F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCA4550_2_00BCA455
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4845B0_2_00B4845B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE644E0_2_00BE644E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE445A0_2_00AE445A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEE4510_2_00AEE451
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE85A40_2_00AE85A4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDE5B20_2_00BDE5B2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8E5A90_2_00B8E5A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF65BA0_2_00AF65BA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C085D70_2_00C085D7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B165AA0_2_00B165AA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2E5950_2_00B2E595
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9C58C0_2_00B9C58C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA858D0_2_00BA858D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B865F70_2_00B865F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C225910_2_00C22591
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE25E50_2_00BE25E5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5C5DE0_2_00B5C5DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEA5290_2_00AEA529
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B325380_2_00B32538
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B645230_2_00B64523
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD05240_2_00BD0524
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3851A0_2_00B3851A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA45160_2_00BA4516
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCE5780_2_00BCE578
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B585780_2_00B58578
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C145110_2_00C14511
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B045670_2_00B04567
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFC5640_2_00BFC564
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2655D0_2_00B2655D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C005350_2_00C00535
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDA5430_2_00BDA543
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C306C60_2_00C306C6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1E6D70_2_00C1E6D7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF46A30_2_00BF46A3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B466A90_2_00B466A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBE6A60_2_00BBE6A6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B926A70_2_00B926A7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3E6900_2_00B3E690
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1C6E50_2_00C1C6E5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C286EA0_2_00C286EA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADA6840_2_00ADA684
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B806910_2_00B80691
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C466860_2_00C46686
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3C6870_2_00C3C687
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B646F80_2_00B646F8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE46F00_2_00BE46F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B346E40_2_00B346E4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD86E20_2_00BD86E2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3C6D80_2_00B3C6D8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDC6D10_2_00BDC6D1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8A6C60_2_00B8A6C6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF663C0_2_00BF663C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAE63C0_2_00BAE63C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1A6470_2_00C1A647
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0A64D0_2_00C0A64D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B606390_2_00B60639
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B066230_2_00B06623
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD66340_2_00AD6634
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB06240_2_00BB0624
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFE60E0_2_00AFE60E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1E6140_2_00B1E614
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C026700_2_00C02670
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEA6560_2_00BEA656
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF065B0_2_00AF065B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C187C10_2_00C187C1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B987BD0_2_00B987BD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B027A20_2_00B027A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE67B30_2_00AE67B3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCA78A0_2_00BCA78A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2C7870_2_00C2C787
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF27E70_2_00AF27E7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBC7800_2_00CBC780
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC67F70_2_00BC67F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B947F40_2_00B947F4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9A7E80_2_00B9A7E8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6A7E10_2_00B6A7E1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE67DB0_2_00BE67DB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEC7C30_2_00BEC7C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B367260_2_00B36726
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFC7040_2_00AFC704
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5070D0_2_00B5070D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA67620_2_00BA6762
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0C71D0_2_00C0C71D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5C7540_2_00B5C754
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C228C40_2_00C228C4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD28BA0_2_00BD28BA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C008C80_2_00C008C8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C068E90_2_00C068E9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B128890_2_00B12889
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B568F70_2_00B568F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD68E80_2_00AD68E8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE28E90_2_00AE28E9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFA8F40_2_00BFA8F4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFC8F00_2_00BFC8F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE48FB0_2_00AE48FB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C268A60_2_00C268A6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDE8C10_2_00BDE8C1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAE83C0_2_00BAE83C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC083A0_2_00BC083A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF48260_2_00AF4826
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8C8340_2_00B8C834
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2485B0_2_00C2485B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B148170_2_00B14817
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1A81C0_2_00B1A81C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA28090_2_00BA2809
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE887C0_2_00BE887C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5487F0_2_00B5487F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEA8610_2_00AEA861
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7086C0_2_00B7086C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B308570_2_00B30857
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1085C0_2_00B1085C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0482D0_2_00C0482D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB68430_2_00BB6843
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEE8450_2_00BEE845
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7284B0_2_00B7284B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2A84F0_2_00B2A84F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B189BA0_2_00B189BA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFE9AF0_2_00BFE9AF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCE9A90_2_00BCE9A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD699C0_2_00BD699C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9499F0_2_00B9499F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C209F50_2_00C209F5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF69920_2_00AF6992
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2A9FD0_2_00C2A9FD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1C9F00_2_00B1C9F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3A9FD0_2_00B3A9FD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFE9F10_2_00AFE9F1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B169DC0_2_00B169DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAC9D40_2_00BAC9D4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB09C50_2_00BB09C5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B669360_2_00B66936
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD89340_2_00BD8934
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD893C0_2_00AD893C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAA92E0_2_00BAA92E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2492F0_2_00B2492F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B489150_2_00B48915
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B349090_2_00B34909
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7A9090_2_00B7A909
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE297B0_2_00BE297B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC29760_2_00BC2976
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B269610_2_00B26961
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDC96E0_2_00BDC96E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0896A0_2_00B0896A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADC9490_2_00ADC949
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEC94B0_2_00AEC94B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B769480_2_00B76948
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5EAB40_2_00B5EAB4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4EAB30_2_00B4EAB3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2CAB80_2_00B2CAB8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD8A8F0_2_00AD8A8F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBAA9C0_2_00BBAA9C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B88A890_2_00B88A89
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9CA8D0_2_00B9CA8D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3CAF10_2_00B3CAF1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B50AE60_2_00B50AE6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF0AF80_2_00AF0AF8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE6AD40_2_00BE6AD4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1EAB90_2_00C1EAB9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD4AC10_2_00BD4AC1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFCAC30_2_00BFCAC3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9EA310_2_00B9EA31
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6EA3F0_2_00B6EA3F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C00A490_2_00C00A49
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF2A2F0_2_00BF2A2F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA8A200_2_00BA8A20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B24A040_2_00B24A04
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B64A010_2_00B64A01
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0EA090_2_00B0EA09
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5AA0A0_2_00B5AA0A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B06A700_2_00B06A70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1EA520_2_00B1EA52
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B36A590_2_00B36A59
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B52A5E0_2_00B52A5E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF4A530_2_00BF4A53
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF6A440_2_00BF6A44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0EBC10_2_00C0EBC1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0CBC80_2_00C0CBC8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BECBB10_2_00BECBB1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB0B8D0_2_00BB0B8D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE0B860_2_00BE0B86
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B58B8C0_2_00B58B8C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C08BFB0_2_00C08BFB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE2BF80_2_00BE2BF8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1ABFC0_2_00B1ABFC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C14B930_2_00C14B93
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE6BF10_2_00AE6BF1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B98BCC0_2_00B98BCC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7ABCF0_2_00B7ABCF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B14BCD0_2_00B14BCD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4ABC90_2_00B4ABC9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BACB2B0_2_00BACB2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0AB550_2_00C0AB55
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B66B150_2_00B66B15
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1AB620_2_00C1AB62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE0B080_2_00AE0B08
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B00B1A0_2_00B00B1A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C44B6A0_2_00C44B6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B60B0C0_2_00B60B0C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAEB730_2_00BAEB73
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B80B760_2_00B80B76
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFCB700_2_00AFCB70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA0B550_2_00BA0B55
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3ACCB0_2_00C3ACCB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD2CB60_2_00BD2CB6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B32CA20_2_00B32CA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C24CD00_2_00C24CD0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFACBB0_2_00AFACBB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB8CAC0_2_00BB8CAC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1ACDC0_2_00C1ACDC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF8C9F0_2_00BF8C9F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C00CE00_2_00C00CE0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAAC980_2_00BAAC98
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCCC990_2_00BCCC99
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C18CFB0_2_00C18CFB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B04C8D0_2_00B04C8D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B42CF00_2_00B42CF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B02CD70_2_00B02CD7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDCCD00_2_00BDCCD0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B30CDD0_2_00B30CDD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDACCE0_2_00BDACCE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE8CD40_2_00AE8CD4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE2C3C0_2_00AE2C3C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B70C290_2_00B70C29
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEEC170_2_00BEEC17
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B54C180_2_00B54C18
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6AC040_2_00B6AC04
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B72C050_2_00B72C05
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC4C7E0_2_00BC4C7E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDEC690_2_00BDEC69
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF2C7A0_2_00AF2C7A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC2C5D0_2_00BC2C5D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB2C520_2_00BB2C52
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B12C410_2_00B12C41
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE4C4F0_2_00BE4C4F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B22C4C0_2_00B22C4C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2EDC50_2_00C2EDC5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AECDBE0_2_00AECDBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C04DD60_2_00C04DD6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C30DDB0_2_00C30DDB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEED8F0_2_00AEED8F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B84D890_2_00B84D89
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B18DF10_2_00B18DF1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB8DFE0_2_00BB8DFE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADEDE70_2_00ADEDE7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8CDF30_2_00B8CDF3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C10D8D0_2_00C10D8D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5CDE50_2_00B5CDE5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C22DAF0_2_00C22DAF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B16DC10_2_00B16DC1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C12DB70_2_00C12DB7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B94D360_2_00B94D36
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B46D240_2_00B46D24
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9AD2B0_2_00B9AD2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFED290_2_00BFED29
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE6D330_2_00AE6D33
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B62D160_2_00B62D16
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B38D170_2_00B38D17
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0ED650_2_00C0ED65
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFAD6E0_2_00BFAD6E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF8D490_2_00AF8D49
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B76D500_2_00B76D50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C06D290_2_00C06D29
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B78D4F0_2_00B78D4F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B92EA90_2_00B92EA9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3CEA50_2_00B3CEA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2EE920_2_00B2EE92
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B90E940_2_00B90E94
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B62E840_2_00B62E84
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B68EF60_2_00B68EF6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3EEF70_2_00B3EEF7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B52EF00_2_00B52EF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9CEF50_2_00B9CEF5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF6EF30_2_00AF6EF3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B38EEC0_2_00B38EEC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE6ED60_2_00BE6ED6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD8ED40_2_00BD8ED4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF2EC90_2_00BF2EC9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC0E1F0_2_00BC0E1F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8AE0C0_2_00B8AE0C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B48E010_2_00B48E01
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDCE6B0_2_00BDCE6B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1CE680_2_00B1CE68
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCAE670_2_00BCAE67
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B64E6A0_2_00B64E6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B86E500_2_00B86E50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6EE440_2_00B6EE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1AE340_2_00C1AE34
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B44FB50_2_00B44FB5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6EFB70_2_00B6EFB7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA0FA80_2_00BA0FA8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD6FBB0_2_00AD6FBB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBEFA00_2_00BBEFA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB0F9C0_2_00BB0F9C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C24FEA0_2_00C24FEA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC2F880_2_00BC2F88
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCCF880_2_00BCCF88
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B34FF90_2_00B34FF9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE2FEE0_2_00BE2FEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE8FE90_2_00BE8FE9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B50FD70_2_00B50FD7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2AFD60_2_00B2AFD6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE0FD20_2_00BE0FD2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B26FDD0_2_00B26FDD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C20FAD0_2_00C20FAD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B02F360_2_00B02F36
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF4F340_2_00BF4F34
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0CF120_2_00B0CF12
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B00F140_2_00B00F14
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C06F6F0_2_00C06F6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5EF0C0_2_00B5EF0C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B72F7D0_2_00B72F7D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B98F6D0_2_00B98F6D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE8F700_2_00AE8F70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF0F4B0_2_00AF0F4B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFCF5B0_2_00BFCF5B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B14F540_2_00B14F54
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1AF4E0_2_00B1AF4E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B970B90_2_00B970B9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B250B30_2_00B250B3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA30B60_2_00BA30B6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B890A80_2_00B890A8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C390D50_2_00C390D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1109E0_2_00B1109E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAF08C0_2_00BAF08C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD308A0_2_00BD308A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB90830_2_00BB9083
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF90860_2_00BF9086
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE50FC0_2_00BE50FC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9F0FC0_2_00B9F0FC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFB0F30_2_00BFB0F3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B670FB0_2_00B670FB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B190FE0_2_00B190FE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7F0D40_2_00B7F0D4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C430AD0_2_00C430AD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA70D50_2_00BA70D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADB0290_2_00ADB029
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1F0220_2_00B1F022
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEF00E0_2_00AEF00E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2D0040_2_00B2D004
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF10080_2_00BF1008
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2D0000_2_00C2D000
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE506D0_2_00AE506D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3D0740_2_00B3D074
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9D0590_2_00B9D059
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B550520_2_00B55052
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AEB05E0_2_00AEB05E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2F0360_2_00C2F036
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBD0460_2_00BBD046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0F1CD0_2_00C0F1CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C111D30_2_00C111D3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCF1AB0_2_00BCF1AB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B131AE0_2_00B131AE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C311EB0_2_00C311EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B471990_2_00B47199
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1F18B0_2_00B1F18B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2F1F80_2_00C2F1F8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7D1890_2_00B7D189
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF71FF0_2_00BF71FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C251820_2_00C25182
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9B1FA0_2_00B9B1FA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0F1FD0_2_00B0F1FD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8B1F50_2_00B8B1F5
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00CA5483 appears 35 times
Source: file.exe, 00000000.00000002.2298082624.000000000162E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exeBinary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exeStatic PE information: Section: xibttluw ZLIB complexity 0.9948459998530709
Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engineClassification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
Source: C:\Users\user\Desktop\file.exeMutant created: NULL
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exeString found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: file.exeStatic file information: File size 1767424 > 1048576
Source: file.exeStatic PE information: Raw size of xibttluw is bigger than: 0x100000 < 0x1a9600
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2164528840.0000000005280000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.ac0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xibttluw:EW;xlogqjmd:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: file.exeStatic PE information: real checksum: 0x1b8362 should be: 0x1b5636
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: .idata
Source: file.exeStatic PE information: section name:
Source: file.exeStatic PE information: section name: xibttluw
Source: file.exeStatic PE information: section name: xlogqjmd
Source: file.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD0777 push 020B4918h; mov dword ptr [esp], edi0_2_00AD078E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD0777 push ebx; mov dword ptr [esp], eax0_2_00AD3ACC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ACEAB1 push ecx; mov dword ptr [esp], eax0_2_00ACF09D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD00A8 push ebx; mov dword ptr [esp], 5B7DA93Dh0_2_00AD3240
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push 1BE83FCEh; mov dword ptr [esp], eax0_2_00C4810F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push ebp; mov dword ptr [esp], esp0_2_00C4812A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push ebx; mov dword ptr [esp], ebp0_2_00C48138
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push 0A97A678h; mov dword ptr [esp], eax0_2_00C4816F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push edi; mov dword ptr [esp], ebp0_2_00C481B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push 3673D800h; mov dword ptr [esp], eax0_2_00C481E1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push 1E41298Eh; mov dword ptr [esp], ebx0_2_00C48204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push 35815A9Ch; mov dword ptr [esp], esp0_2_00C482BA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push edi; mov dword ptr [esp], ebx0_2_00C4836A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push 789FB055h; mov dword ptr [esp], ecx0_2_00C483C1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push edi; mov dword ptr [esp], 7EFA9B9Fh0_2_00C48499
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push 5C97D2E1h; mov dword ptr [esp], esi0_2_00C484D7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C480EF push ebx; mov dword ptr [esp], 6AF67B10h0_2_00C4855E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B92095 push eax; mov dword ptr [esp], edx0_2_00B92382
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B92095 push ecx; mov dword ptr [esp], 5BAA6DC1h0_2_00B92392
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B92095 push 081584D5h; mov dword ptr [esp], ecx0_2_00B923C9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B92095 push 14122FEBh; mov dword ptr [esp], edx0_2_00B92513
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B92095 push ecx; mov dword ptr [esp], edi0_2_00B92615
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B92095 push ecx; mov dword ptr [esp], edi0_2_00B9262B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE push esi; mov dword ptr [esp], ebp0_2_00C3E234
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE push 13CED951h; mov dword ptr [esp], ebx0_2_00C3E292
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE push ecx; mov dword ptr [esp], eax0_2_00C3E2DF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE push esi; mov dword ptr [esp], ebp0_2_00C3E316
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE push ebp; mov dword ptr [esp], eax0_2_00C3E409
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE push ecx; mov dword ptr [esp], edx0_2_00C3E442
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE push 50A0AF9Eh; mov dword ptr [esp], ebx0_2_00C3E452
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0FE push ebx; mov dword ptr [esp], ecx0_2_00C3E4BE
Source: file.exeStatic PE information: section name: entropy: 7.79705416381067
Source: file.exeStatic PE information: section name: xibttluw entropy: 7.952446029560402

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C513B9 second address: C513BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C513BF second address: C513C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C51518 second address: C5151C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5151C second address: C51520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C51520 second address: C5155E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB6C5460346h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e js 00007FB6C546034Ah 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB6C5460351h 0x0000001f jmp 00007FB6C5460353h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C55057 second address: C550EE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB6C54671F5h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007FB6C54671E8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 movsx esi, si 0x0000002c clc 0x0000002d jc 00007FB6C54671ECh 0x00000033 adc esi, 2F997D80h 0x00000039 push 00000000h 0x0000003b mov edi, dword ptr [ebp+122D36EFh] 0x00000041 call 00007FB6C54671E9h 0x00000046 push ebx 0x00000047 pushad 0x00000048 pushad 0x00000049 popad 0x0000004a jmp 00007FB6C54671EBh 0x0000004f popad 0x00000050 pop ebx 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 je 00007FB6C54671FEh 0x0000005a jmp 00007FB6C54671F8h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C550EE second address: C55119 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FB6C5460358h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C55119 second address: C55141 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jl 00007FB6C54671F2h 0x0000000f jne 00007FB6C54671ECh 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 jl 00007FB6C54671EEh 0x0000001f push edi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C55141 second address: C551C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push 00000000h 0x00000008 push ecx 0x00000009 call 00007FB6C5460348h 0x0000000e pop ecx 0x0000000f mov dword ptr [esp+04h], ecx 0x00000013 add dword ptr [esp+04h], 00000017h 0x0000001b inc ecx 0x0000001c push ecx 0x0000001d ret 0x0000001e pop ecx 0x0000001f ret 0x00000020 push 00000003h 0x00000022 jmp 00007FB6C546034Eh 0x00000027 jmp 00007FB6C5460358h 0x0000002c push 00000000h 0x0000002e jl 00007FB6C546034Bh 0x00000034 mov esi, 69690313h 0x00000039 push 00000003h 0x0000003b call 00007FB6C5460354h 0x00000040 mov dword ptr [ebp+122D3169h], ebx 0x00000046 pop esi 0x00000047 push 7304E4AFh 0x0000004c jc 00007FB6C5460358h 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C551C7 second address: C55204 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 4CFB1B51h 0x00000010 mov ecx, 17DCC818h 0x00000015 lea ebx, dword ptr [ebp+1245AF32h] 0x0000001b mov dword ptr [ebp+122D3303h], edx 0x00000021 xchg eax, ebx 0x00000022 jp 00007FB6C54671F0h 0x00000028 push eax 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C55204 second address: C55208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C676B8 second address: C676BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4B231 second address: C4B24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C546034Eh 0x00000009 jo 00007FB6C5460346h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C4B24A second address: C4B265 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB6C54671F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7405E second address: C74065 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C74065 second address: C7407C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jng 00007FB6C54671FEh 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007FB6C54671E6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7407C second address: C74080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C74355 second address: C7435A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C747A9 second address: C747B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C74918 second address: C74928 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007FB6C54671E8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C74ED5 second address: C74EE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 push esi 0x00000007 pushad 0x00000008 jp 00007FB6C5460346h 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7517C second address: C75180 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C75180 second address: C75186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C75D0F second address: C75D23 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e ja 00007FB6C54671E6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C75D23 second address: C75D2D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB6C5460346h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C75D2D second address: C75D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C75D33 second address: C75D38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C79FBF second address: C79FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C79FC3 second address: C79FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7A600 second address: C7A606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7A606 second address: C7A61A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FB6C5460346h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7A61A second address: C7A61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7A61F second address: C7A64C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C546034Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edx 0x0000000e jmp 00007FB6C546034Dh 0x00000013 pop edx 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7A64C second address: C7A650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7A650 second address: C7A656 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7A656 second address: C7A65C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7A65C second address: C7A671 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB6C5460346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7B860 second address: C7B866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7B866 second address: C7B87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB6C5460346h 0x0000000a popad 0x0000000b jbe 00007FB6C546034Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C7B87D second address: C7B88D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FB6C54671EAh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C81B08 second address: C81B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C81B0E second address: C81B21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671EDh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C80FB5 second address: C80FBF instructions: 0x00000000 rdtsc 0x00000002 js 00007FB6C546034Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8111A second address: C81120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C81120 second address: C81124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8268F second address: C8269D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8273E second address: C8274F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C546034Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8274F second address: C82755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C82755 second address: C82775 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FB6C5460353h 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8283C second address: C82842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C82842 second address: C8284C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FB6C5460346h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C828FB second address: C82908 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C82D4B second address: C82D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB6C5460354h 0x0000000a popad 0x0000000b push eax 0x0000000c jp 00007FB6C5460354h 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007FB6C5460346h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C83043 second address: C83047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8336A second address: C8336F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85317 second address: C85345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jmp 00007FB6C54671F7h 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C85345 second address: C8534B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8682E second address: C86847 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FB6C54671ECh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C865E4 second address: C865EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C87363 second address: C8737C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C54671F0h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8737C second address: C87380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C87F4E second address: C87F53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C88A92 second address: C88A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8CB28 second address: C8CB55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FB6C54671F9h 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FB6C54671E8h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8CB55 second address: C8CB5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8D070 second address: C8D101 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a js 00007FB6C54671E6h 0x00000010 pop ecx 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007FB6C54671E8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007FB6C54671E8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 0000001Ch 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b mov edi, esi 0x0000004d push 00000000h 0x0000004f mov dword ptr [ebp+122D1E25h], edi 0x00000055 push edx 0x00000056 jmp 00007FB6C54671F6h 0x0000005b pop edi 0x0000005c xchg eax, esi 0x0000005d push eax 0x0000005e push edx 0x0000005f push ecx 0x00000060 pushad 0x00000061 popad 0x00000062 pop ecx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8E077 second address: C8E0B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jp 00007FB6C5460350h 0x00000011 nop 0x00000012 add di, 571Bh 0x00000017 mov dword ptr [ebp+1245B0B2h], ebx 0x0000001d push 00000000h 0x0000001f mov edi, 06E8BAC2h 0x00000024 push 00000000h 0x00000026 movsx edi, cx 0x00000029 xchg eax, esi 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d jo 00007FB6C5460346h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C90175 second address: C90197 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB6C54671F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C90197 second address: C901EB instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB6C5460346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FB6C5460348h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 and bx, BFF2h 0x0000002b push 00000000h 0x0000002d stc 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+122D1BCFh], ebx 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FB6C5460352h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9118D second address: C91191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8D28D second address: C8D297 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FB6C5460346h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8E212 second address: C8E21D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FB6C54671E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C91191 second address: C91195 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8F1B7 second address: C8F1BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8D297 second address: C8D29B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C91195 second address: C911AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FB6C54671ECh 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8F1BB second address: C8F1C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8D29B second address: C8D2A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8E2EE second address: C8E2F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C911AD second address: C9122F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FB6C54671F8h 0x0000000a popad 0x0000000b nop 0x0000000c mov edi, dword ptr [ebp+122D36CBh] 0x00000012 mov di, 3732h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007FB6C54671E8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 mov edi, dword ptr [ebp+122D34F3h] 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007FB6C54671E8h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 00000018h 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 mov ebx, dword ptr [ebp+122D2E4Bh] 0x0000005a mov edi, dword ptr [ebp+122D3637h] 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8F1C5 second address: C8F1EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FB6C5460359h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8D2A9 second address: C8D2AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8F1EB second address: C8F1EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8D2AD second address: C8D346 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FB6C54671E8h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov bx, 17ABh 0x0000002a push dword ptr fs:[00000000h] 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007FB6C54671E8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b mov ebx, dword ptr [ebp+122D2710h] 0x00000051 mov dword ptr fs:[00000000h], esp 0x00000058 mov eax, dword ptr [ebp+122D1355h] 0x0000005e xor dword ptr [ebp+122D1BB2h], esi 0x00000064 push FFFFFFFFh 0x00000066 mov dword ptr [ebp+1245AF47h], eax 0x0000006c nop 0x0000006d jmp 00007FB6C54671F1h 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 jnl 00007FB6C54671E8h 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8F1EF second address: C8F2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 movsx edi, si 0x0000000b push dword ptr fs:[00000000h] 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007FB6C5460348h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c mov dword ptr fs:[00000000h], esp 0x00000033 js 00007FB6C546034Ch 0x00000039 add edi, 7880AD2Fh 0x0000003f mov eax, dword ptr [ebp+122D07F1h] 0x00000045 push 00000000h 0x00000047 push esi 0x00000048 call 00007FB6C5460348h 0x0000004d pop esi 0x0000004e mov dword ptr [esp+04h], esi 0x00000052 add dword ptr [esp+04h], 0000001Dh 0x0000005a inc esi 0x0000005b push esi 0x0000005c ret 0x0000005d pop esi 0x0000005e ret 0x0000005f ja 00007FB6C546034Ah 0x00000065 mov bx, ax 0x00000068 push FFFFFFFFh 0x0000006a call 00007FB6C5460350h 0x0000006f mov edi, dword ptr [ebp+122D374Bh] 0x00000075 pop ebx 0x00000076 nop 0x00000077 jnc 00007FB6C5460370h 0x0000007d push eax 0x0000007e push eax 0x0000007f push edx 0x00000080 push eax 0x00000081 push edx 0x00000082 jmp 00007FB6C5460351h 0x00000087 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C92319 second address: C92323 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9143B second address: C9143F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8F2C8 second address: C8F2D2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C92323 second address: C92329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C92329 second address: C9232D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C942E6 second address: C942EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C93577 second address: C9357E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9232D second address: C92345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jnl 00007FB6C5460346h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95292 second address: C952BF instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB6C54671FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jnp 00007FB6C54671E6h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C952BF second address: C95308 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB6C5460359h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FB6C546034Bh 0x00000010 push 00000000h 0x00000012 mov ebx, 280C2CF7h 0x00000017 push 00000000h 0x00000019 clc 0x0000001a xchg eax, esi 0x0000001b jmp 00007FB6C546034Eh 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push esi 0x00000024 push edi 0x00000025 pop edi 0x00000026 pop esi 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C95308 second address: C9530E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9530E second address: C95312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C962D4 second address: C9633A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, dword ptr [ebp+122D35DFh] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FB6C54671E8h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d mov ebx, dword ptr [ebp+12462B63h] 0x00000033 push 00000000h 0x00000035 jng 00007FB6C54671EBh 0x0000003b add di, 92D9h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 pushad 0x00000045 popad 0x00000046 jmp 00007FB6C54671F7h 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9633A second address: C96344 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FB6C5460346h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C97383 second address: C9739B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6C54671F4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9739B second address: C973B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jbe 00007FB6C5460348h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9659B second address: C9659F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9D30A second address: C9D30F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9D30F second address: C9D322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9D322 second address: C9D326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9D326 second address: C9D396 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FB6C54671E8h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 movsx edi, di 0x00000029 sbb bh, 0000000Bh 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007FB6C54671E8h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 mov edi, dword ptr [ebp+122D36C7h] 0x0000004e push 00000000h 0x00000050 mov edi, 627F6056h 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007FB6C54671EBh 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9754C second address: C97551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C97551 second address: C97571 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB6C54671F7h 0x00000008 jmp 00007FB6C54671F1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C97571 second address: C975FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 jmp 00007FB6C5460352h 0x0000000b pop ebx 0x0000000c popad 0x0000000d nop 0x0000000e mov di, 103Dh 0x00000012 push dword ptr fs:[00000000h] 0x00000019 jnp 00007FB6C5460349h 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 mov eax, dword ptr [ebp+122D10E5h] 0x0000002c jmp 00007FB6C546034Ch 0x00000031 push FFFFFFFFh 0x00000033 call 00007FB6C5460350h 0x00000038 jmp 00007FB6C546034Bh 0x0000003d pop edi 0x0000003e nop 0x0000003f push ebx 0x00000040 push edi 0x00000041 jns 00007FB6C5460346h 0x00000047 pop edi 0x00000048 pop ebx 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007FB6C5460358h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E241 second address: C9E247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E247 second address: C9E24B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E24B second address: C9E2B1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007FB6C54671E8h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D22B7h], esi 0x00000029 push 00000000h 0x0000002b mov bx, cx 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007FB6C54671E8h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 00000019h 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jbe 00007FB6C54671ECh 0x00000053 jg 00007FB6C54671E6h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E2B1 second address: C9E2B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9E2B7 second address: C9E2BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9D60B second address: C9D611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9D611 second address: C9D615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9F2BF second address: C9F2C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9F2C3 second address: C9F2C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9F555 second address: C9F561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007FB6C5460346h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C9F561 second address: C9F57E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAFA77 second address: CAFA7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAFA7B second address: CAFA85 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB6C54671E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF045 second address: CAF053 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF053 second address: CAF05F instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB6C54671E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF05F second address: CAF075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FB6C5460346h 0x0000000a jmp 00007FB6C546034Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF075 second address: CAF079 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF1C4 second address: CAF1D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a jc 00007FB6C5460346h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF356 second address: CAF35C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF35C second address: CAF3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C546034Bh 0x00000009 jmp 00007FB6C5460350h 0x0000000e popad 0x0000000f js 00007FB6C5460348h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a ja 00007FB6C5460346h 0x00000020 pushad 0x00000021 popad 0x00000022 jmp 00007FB6C5460350h 0x00000027 popad 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b jl 00007FB6C546035Eh 0x00000031 jmp 00007FB6C5460358h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF506 second address: CAF523 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671F9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF523 second address: CAF540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB6C5460355h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CAF540 second address: CAF554 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CB57F3 second address: CB5811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C5460359h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CB5811 second address: CB5839 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB6C54671E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007FB6C54671ECh 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 ja 00007FB6C54671E6h 0x0000001e pop eax 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CB5985 second address: CB598A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CB5AB7 second address: CB5ABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CB5ABB second address: CB5ABF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBC4EC second address: CBC538 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671EDh 0x00000007 je 00007FB6C54671E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ecx 0x0000001a pushad 0x0000001b jmp 00007FB6C54671ECh 0x00000020 pushad 0x00000021 popad 0x00000022 push edi 0x00000023 pop edi 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FB6C54671F4h 0x0000002c push edi 0x0000002d pop edi 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBB02D second address: CBB046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C5460355h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBB046 second address: CBB04B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBB62E second address: CBB63E instructions: 0x00000000 rdtsc 0x00000002 js 00007FB6C5460352h 0x00000008 jno 00007FB6C5460346h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBB63E second address: CBB64C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jno 00007FB6C54671E6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBB64C second address: CBB650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBB92F second address: CBB945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6C54671F2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBBA95 second address: CBBAA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C546034Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBBAA9 second address: CBBAB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB6C54671E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBBAB3 second address: CBBAB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBBAB7 second address: CBBAD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C54671ECh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBBAD1 second address: CBBAF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FB6C546034Dh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB6C5460352h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBBC62 second address: CBBC68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBBC68 second address: CBBC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBC139 second address: CBC175 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jc 00007FB6C54671E6h 0x00000010 jl 00007FB6C54671E6h 0x00000016 jng 00007FB6C54671E6h 0x0000001c jo 00007FB6C54671E6h 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FB6C54671F5h 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBC2B8 second address: CBC2CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C546034Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBC2CA second address: CBC301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C54671F6h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB6C54671F8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBC301 second address: CBC331 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FB6C546034Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FB6C5460359h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBC331 second address: CBC337 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBC337 second address: CBC356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FB6C5460352h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CBC356 second address: CBC36F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB6C54671F0h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC0D59 second address: CC0D70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 jne 00007FB6C5460346h 0x0000000f jns 00007FB6C5460346h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC0FE9 second address: CC0FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC0FEF second address: CC1047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007FB6C546034Ch 0x0000000a jns 00007FB6C5460346h 0x00000010 pop esi 0x00000011 push edi 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop edi 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 jmp 00007FB6C5460357h 0x0000001e jmp 00007FB6C5460350h 0x00000023 pop esi 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007FB6C546034Ch 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC1047 second address: CC104D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC1572 second address: CC1579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC1C99 second address: CC1CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB6C54671F9h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC1CB7 second address: CC1CC3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB6C546034Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC05F6 second address: CC05FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC05FA second address: CC0629 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C5460353h 0x00000007 jmp 00007FB6C5460358h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC0629 second address: CC062E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC6603 second address: CC6617 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC6617 second address: CC661B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC661B second address: CC661F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC661F second address: CC662A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC662A second address: CC662F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC67BD second address: CC67C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC6DA8 second address: CC6DB4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC6DB4 second address: CC6DB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC633E second address: CC634A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jl 00007FB6C5460346h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC70F4 second address: CC70FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC7687 second address: CC76A2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB6C5460346h 0x00000008 jmp 00007FB6C5460351h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC76A2 second address: CC76E8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FB6C54671F3h 0x00000008 pop ebx 0x00000009 jbe 00007FB6C54671EEh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007FB6C54671F9h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC76E8 second address: CC76F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CC76F0 second address: CC76F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCBB3F second address: CCBB4D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FB6C5460346h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCBB4D second address: CCBB81 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FB6C54671EFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ja 00007FB6C54671FCh 0x00000011 jmp 00007FB6C54671F0h 0x00000016 jc 00007FB6C54671E6h 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8A254 second address: C8A272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C5460359h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8A272 second address: C8A2AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FB6C54671F8h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB6C54671F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8A39A second address: ACD8EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FB6C5460346h 0x00000009 jmp 00007FB6C5460354h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007FB6C5460356h 0x00000017 nop 0x00000018 jp 00007FB6C5460357h 0x0000001e push dword ptr [ebp+122D0215h] 0x00000024 mov edi, ecx 0x00000026 xor dword ptr [ebp+122D2341h], edx 0x0000002c call dword ptr [ebp+122D1BD5h] 0x00000032 pushad 0x00000033 pushad 0x00000034 mov cx, bx 0x00000037 add dword ptr [ebp+122D1BDCh], ecx 0x0000003d popad 0x0000003e xor eax, eax 0x00000040 mov dword ptr [ebp+122D1BDCh], eax 0x00000046 mov edx, dword ptr [esp+28h] 0x0000004a cmc 0x0000004b jmp 00007FB6C5460357h 0x00000050 mov dword ptr [ebp+122D36CBh], eax 0x00000056 jnp 00007FB6C5460350h 0x0000005c pushad 0x0000005d xor dword ptr [ebp+122D1BDCh], edx 0x00000063 mov edi, edx 0x00000065 popad 0x00000066 mov esi, 0000003Ch 0x0000006b mov dword ptr [ebp+122D1BDCh], ecx 0x00000071 add esi, dword ptr [esp+24h] 0x00000075 jmp 00007FB6C546034Fh 0x0000007a lodsw 0x0000007c or dword ptr [ebp+122D1BDCh], ecx 0x00000082 add eax, dword ptr [esp+24h] 0x00000086 stc 0x00000087 mov ebx, dword ptr [esp+24h] 0x0000008b mov dword ptr [ebp+122D1BE8h], edx 0x00000091 sub dword ptr [ebp+122D1BDCh], edi 0x00000097 push eax 0x00000098 pushad 0x00000099 push eax 0x0000009a push edx 0x0000009b jmp 00007FB6C5460357h 0x000000a0 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8A48D second address: C8A494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8A5AF second address: C8A5B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8A880 second address: C8A8BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FB6C54671F1h 0x0000000c nop 0x0000000d jmp 00007FB6C54671F5h 0x00000012 push 00000004h 0x00000014 cld 0x00000015 push eax 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jnc 00007FB6C54671E6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8A8BB second address: C8A8BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8B00C second address: C8B01B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6C54671EBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCBFD6 second address: CCBFE1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007FB6C5460346h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCC10C second address: CCC111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCC25A second address: CCC263 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCC568 second address: CCC56C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCC56C second address: CCC575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCC575 second address: CCC582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CCC582 second address: CCC586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3A78B second address: C3A7B5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB6C5467200h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD50EA second address: CD50EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD50EF second address: CD50F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD50F5 second address: CD50F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD8089 second address: CD80A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007FB6C54671EFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CD7D9D second address: CD7DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDA002 second address: CDA028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jne 00007FB6C54671E6h 0x0000000c popad 0x0000000d pushad 0x0000000e jbe 00007FB6C54671E8h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FB6C54671ECh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDA028 second address: CDA041 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C5460350h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDD8D5 second address: CDD8F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e jl 00007FB6C54671EEh 0x00000014 jns 00007FB6C54671E6h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDDA3E second address: CDDA80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 ja 00007FB6C5460346h 0x0000000c ja 00007FB6C5460346h 0x00000012 popad 0x00000013 jo 00007FB6C5460361h 0x00000019 push eax 0x0000001a push edx 0x0000001b jnc 00007FB6C5460346h 0x00000021 jnp 00007FB6C5460346h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDDC09 second address: CDDC12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDDC12 second address: CDDC16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDDC16 second address: CDDC5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671F6h 0x00000007 jmp 00007FB6C54671EFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FB6C54671F7h 0x00000013 popad 0x00000014 pushad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDDC5B second address: CDDC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop eax 0x0000000b jc 00007FB6C5460352h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE3D20 second address: CE3D68 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB6C54671E6h 0x00000008 jmp 00007FB6C54671F4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 jg 00007FB6C5467200h 0x00000016 pushad 0x00000017 je 00007FB6C54671E6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE3D68 second address: CE3D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE27E3 second address: CE27F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 je 00007FB6C54671E6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE27F1 second address: CE27FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE27FA second address: CE27FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE27FE second address: CE2827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C5460355h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FB6C5460352h 0x00000011 je 00007FB6C5460346h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE2AB5 second address: CE2ABF instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB6C54671ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE2D76 second address: CE2D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE2D7C second address: CE2D96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C54671F2h 0x00000009 popad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8AAF0 second address: C8AB36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jno 00007FB6C5460348h 0x0000000f jmp 00007FB6C5460355h 0x00000014 popad 0x00000015 nop 0x00000016 jne 00007FB6C5460350h 0x0000001c push 00000004h 0x0000001e mov ecx, dword ptr [ebp+122D26A9h] 0x00000024 nop 0x00000025 push esi 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 pop eax 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8AB36 second address: C8AB3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C8AB3A second address: C8AB4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 je 00007FB6C546034Eh 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9357 second address: CE935B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE935B second address: CE9361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9361 second address: CE9393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FB6C54671E6h 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007FB6C54671EFh 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 jo 00007FB6C54671ECh 0x0000001f jl 00007FB6C54671E6h 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9513 second address: CE9517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9517 second address: CE952F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB6C54671EBh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE96A8 second address: CE96B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB6C546034Ch 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE985D second address: CE9861 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9CC8 second address: CE9CD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9CD2 second address: CE9CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB6C54671E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9CDC second address: CE9CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007FB6C5460346h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 jns 00007FB6C5460346h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE9CF2 second address: CE9CF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEF777 second address: CEF7AB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB6C5460346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB6C5460354h 0x00000012 jmp 00007FB6C5460353h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEF7AB second address: CEF7DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FB6C54671F2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007FB6C54671EFh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEFDDC second address: CEFDE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEFDE0 second address: CEFE33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C54671F8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnp 00007FB6C54671E6h 0x00000012 jmp 00007FB6C54671F5h 0x00000017 popad 0x00000018 jno 00007FB6C54671F2h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 push edi 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEFE33 second address: CEFE40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF0387 second address: CF038B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF038B second address: CF03A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C5460353h 0x00000007 jno 00007FB6C5460346h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF03A8 second address: CF03C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB6C54671ECh 0x00000008 jp 00007FB6C54671E6h 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF0685 second address: CF068B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF068B second address: CF069E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB6C54671E6h 0x0000000a popad 0x0000000b jc 00007FB6C54671ECh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF069E second address: CF06A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF06A2 second address: CF06A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF06A8 second address: CF06B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB6C5460346h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF06B2 second address: CF06C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671F1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF09C0 second address: CF09C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF09C6 second address: CF09CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF09CB second address: CF09D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jng 00007FB6C5460346h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF09D8 second address: CF09DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF0CA0 second address: CF0CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C546034Dh 0x00000009 popad 0x0000000a jg 00007FB6C5460352h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF12B7 second address: CF12BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF12BB second address: CF12BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF15B2 second address: CF15CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB6C54671F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF6E51 second address: CF6E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C5460359h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007FB6C5460352h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9E5F second address: CF9E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF9E63 second address: CF9E6D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB6C5460346h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA158 second address: CFA15C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA15C second address: CFA160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA160 second address: CFA17B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007FB6C54671E6h 0x0000000d jl 00007FB6C54671E6h 0x00000013 jbe 00007FB6C54671E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA17B second address: CFA180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA180 second address: CFA186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA186 second address: CFA18A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA44B second address: CFA46F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FB6C54671F6h 0x00000008 jo 00007FB6C54671E6h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFA7BB second address: CFA7D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6C5460353h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D03864 second address: D03883 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6C54671F9h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D03883 second address: D0388E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D01AB5 second address: D01AD1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB6C54671E6h 0x00000008 jmp 00007FB6C54671F2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D01AD1 second address: D01AE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB6C546034Ch 0x00000008 je 00007FB6C5460346h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D01F6A second address: D01F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D01F70 second address: D01F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D020FA second address: D020FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D020FE second address: D02112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C546034Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0229D second address: D022E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FB6C54671F8h 0x0000000b popad 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jo 00007FB6C54671E6h 0x00000015 jnp 00007FB6C54671E6h 0x0000001b jmp 00007FB6C54671F7h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D024B8 second address: D024C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D02667 second address: D0267A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FB6C54671E6h 0x0000000d jl 00007FB6C54671E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D0267A second address: D026A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB6C5460352h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push edi 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 jo 00007FB6C546034Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D02921 second address: D0293C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b jl 00007FB6C54671E8h 0x00000011 pushad 0x00000012 popad 0x00000013 jng 00007FB6C54671ECh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D036EE second address: D036F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D036F2 second address: D036F8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D09BB7 second address: D09BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB6C5460346h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16E9E second address: D16EAD instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB6C54671E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push ebx 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16FCF second address: D16FE0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB6C5460346h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D16FE0 second address: D16FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1D497 second address: D1D4A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1D4A2 second address: D1D4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C54671F6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1D61E second address: D1D622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D236A4 second address: D236AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D236AA second address: D236AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D23526 second address: D2353A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 pop esi 0x00000007 jl 00007FB6C54671E6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2353A second address: D23553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C5460355h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D332EA second address: D332EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D332EE second address: D332F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D33744 second address: D33748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D33748 second address: D33751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D371B7 second address: D371CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C54671ECh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D371CE second address: D371D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D36D7C second address: D36D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A3B1 second address: D3A3E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB6C5460354h 0x00000009 jmp 00007FB6C5460357h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A24E second address: D3A269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jns 00007FB6C54671F1h 0x0000000b pop edx 0x0000000c push edi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3A269 second address: D3A26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D512EA second address: D512F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5C443 second address: D5C447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5C447 second address: D5C45A instructions: 0x00000000 rdtsc 0x00000002 je 00007FB6C54671E6h 0x00000008 jne 00007FB6C54671E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5C45A second address: D5C460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5C460 second address: D5C47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB6C54671F2h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5C47D second address: D5C481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5C481 second address: D5C487 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3DC0C second address: C3DC1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB6C5460346h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3DC1A second address: C3DC22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5B778 second address: D5B79F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FB6C546034Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FB6C546037Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB6C546034Bh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5B79F second address: D5B7BE instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB6C54671E6h 0x00000008 jmp 00007FB6C54671F2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5B7BE second address: D5B7C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5B929 second address: D5B92F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5BD40 second address: D5BD55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C5460351h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5BD55 second address: D5BD59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5BD59 second address: D5BD5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5BEB0 second address: D5BEB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5BEB6 second address: D5BEBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5DBCE second address: D5DBE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB6C54671F6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D60BB3 second address: D60BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D60BBA second address: D60BCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jnp 00007FB6C54671E6h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D60BCC second address: D60BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64EA0 second address: D64EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64EA6 second address: D64EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D69200 second address: D69204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D69204 second address: D6920A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3A769 second address: C3A78B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB6C54671FEh 0x0000000a jmp 00007FB6C54671F2h 0x0000000f jc 00007FB6C54671E6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D60EA7 second address: D60EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push ebx 0x00000008 jo 00007FB6C5460346h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: ACD954 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: C7A0FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: C78A86 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: ACB506 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: ACD886 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: D0B6A2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exeMemory allocated: 5580000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: 57F0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: 5610000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD01AB rdtsc 0_2_00AD01AB
Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7480Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB152F GetSystemInfo,VirtualAlloc,0_2_00CB152F
Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
Source: C:\Users\user\Desktop\file.exeFile opened: SICE
Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD01AB rdtsc 0_2_00AD01AB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ACB935 LdrInitializeThunk,0_2_00ACB935
Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior
Source: file.exe, file.exe, 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: )k{Program Manager
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA95D0 GetSystemTime,GetFileTime,0_2_00CA95D0

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exeRegistry value created: TamperProtection 0Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptionsJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdatesJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocationsJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		41
Disable or Modify Tools		LSASS Memory641
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
Bypass User Account Control		261
Virtualization/Sandbox Evasion		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS261
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets24
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
Obfuscated Files or Information		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Software Packing		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Bypass User Account Control		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe100%AviraTR/Crypt.XPACK.Gen
file.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1532507
Start date and time:2024-10-13 14:48:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 11s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:3
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal100.evad.winEXE@1/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, ctldl.windowsupdate.com
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Download File
Process:C:\Users\user\Desktop\file.exe
File Type:CSV text
Category:dropped
Size (bytes):226
Entropy (8bit):5.360398796477698
Encrypted:false
SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:3A8957C6382192B71471BD14359D0B12
SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:true
Reputation:high, very likely benign file
Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.932136087763677
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:file.exe
File size:1'767'424 bytes
MD5:0d02cf0f47e5e00b974005486688bff3
SHA1:28f40eab6e86751e122a3356629b035395d873ee
SHA256:7d675e8c4d85715d3fb67443be91e55956ab88549140a2e66675fdc3bfdeabd8
SHA512:944da3b34414ae2071a96b1e1bcc45d0064903ea34d3707866f4b5319c46307da983665115cecc30c1c2c6ba61f3ec3e44c6ceb73f837c33744b8e009e013971
SSDEEP:49152:LPOx8wIa8nFKWJc0kXGDJU+szX28kHLv:LPa8BagQTyUnT28
TLSH:CB85330CCB2E367AC81CDD7FA15E22BFA5F49B8B4251479800AA9D7B057FD6C32A1750
File Content Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... F.. ...`....@.. .......................`F.....b.....`................................

File Icon

Icon Hash:00928e8e8686b000

Static PE Info

General

Entrypoint:0x862000
Entrypoint Section:.taggant
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB6C5496E5Ah

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x80550x69.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x59c.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x81f80x8.idata
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x00x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
0x20000x40000x12000c2010897aee2b04237dfb40fa4d76c8False0.9327256944444444OpenPGP Public Key7.79705416381067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x60000x59c0x600aae15e30898a02f09cc86ed48aa06b09False0.4140625data4.036947054771808IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata 0x80000x20000x200ec9cb51e8cb4ea49a56ee3cf434fb69eFalse0.1484375data0.9342685949460681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0xa0000x2ac0000x20093835adca26685ce493a320bf19298b6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xibttluw0x2b60000x1aa0000x1a96000c11383ffedb8f1cd6152cd69bc7e603False0.9948459998530709OpenPGP Secret Key7.952446029560402IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xlogqjmd0x4600000x20000x4003b62f9c64501f52dfcde6995efb202eeFalse0.84765625data6.438896662114034IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant0x4620000x40000x220076a00aaacf9fdde566c53cd3fd60e931False0.06698069852941177DOS executable (COM)0.7200544767260495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_VERSION0x60900x30cdata0.42948717948717946
RT_MANIFEST0x63ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

Imports

DLLImport
kernel32.dlllstrcpy

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:08:49:07
Start date:13/10/2024
Path:C:\Users\user\Desktop\file.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\file.exe"
Imagebase:0xac0000
File size:1'767'424 bytes
MD5 hash:0D02CF0F47E5E00B974005486688BFF3
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:0.7%
    Dynamic/Decrypted Code Coverage:3.3%
    Signature Coverage:4.6%
    Total number of Nodes:369
    Total number of Limit Nodes:20
    execution_graph 13177 caa70a 13182 ca5483 GetCurrentThreadId 13177->13182 13179 caa716 13180 caa77e MapViewOfFileEx 13179->13180 13181 caa72f 13179->13181 13180->13181 13183 ca549b 13182->13183 13183->13179 13184 cb24c9 13186 cb24d5 13184->13186 13187 cb24e7 13186->13187 13190 cb20f0 13187->13190 13191 cb2101 13190->13191 13193 cb2184 13190->13193 13191->13193 13194 cb1f5b VirtualProtect 13191->13194 13195 cb1d9a 13191->13195 13194->13191 13198 cb1da1 13195->13198 13197 cb1deb 13197->13191 13198->13197 13200 cb1ca8 13198->13200 13204 cb1f5b 13198->13204 13203 cb1cbd 13200->13203 13201 cb1d7d 13201->13198 13202 cb1d47 GetModuleFileNameA 13202->13203 13203->13201 13203->13202 13206 cb1f6f 13204->13206 13205 cb1f87 13205->13198 13206->13205 13207 cb20aa VirtualProtect 13206->13207 13207->13206 13459 cb152f GetSystemInfo 13460 cb158d VirtualAlloc 13459->13460 13463 cb154f 13459->13463 13474 cb187b 13460->13474 13462 cb15d4 13464 cb187b VirtualAlloc GetModuleFileNameA VirtualProtect 13462->13464 13472 cb16a9 13462->13472 13463->13460 13466 cb15fe 13464->13466 13465 cb16c5 GetModuleFileNameA VirtualProtect 13473 cb166d 13465->13473 13467 cb187b VirtualAlloc GetModuleFileNameA VirtualProtect 13466->13467 13466->13472 13468 cb1628 13467->13468 13469 cb187b VirtualAlloc GetModuleFileNameA VirtualProtect 13468->13469 13468->13472 13470 cb1652 13469->13470 13471 cb187b VirtualAlloc GetModuleFileNameA VirtualProtect 13470->13471 13470->13472 13470->13473 13471->13472 13472->13465 13472->13473 13476 cb1883 13474->13476 13477 cb18af 13476->13477 13478 cb1897 13476->13478 13480 cb1747 2 API calls 13477->13480 13484 cb1747 13478->13484 13481 cb18c0 13480->13481 13486 cb18d2 13481->13486 13489 cb174f 13484->13489 13487 cb18e3 VirtualAlloc 13486->13487 13488 cb18ce 13486->13488 13487->13488 13490 cb1762 13489->13490 13491 cb1d9a 2 API calls 13490->13491 13492 cb17a5 13490->13492 13491->13492 13493 caa5ac 13495 caa5b8 13493->13495 13497 caa5d0 13495->13497 13498 caa5fa 13497->13498 13499 caa4e6 13497->13499 13501 caa4f2 13499->13501 13502 ca5483 GetCurrentThreadId 13501->13502 13503 caa505 13502->13503 13504 caa57e 13503->13504 13505 caa543 13503->13505 13507 caa51f 13503->13507 13506 caa583 CreateFileMappingA 13504->13506 13505->13507 13509 ca7bbd 13505->13509 13506->13507 13511 ca7bd4 13509->13511 13510 ca7c3d CreateFileA 13513 ca7c82 13510->13513 13511->13510 13512 ca7cd1 13511->13512 13512->13507 13513->13512 13515 ca729c CloseHandle 13513->13515 13516 ca72b0 13515->13516 13516->13512 13208 ca9dcd 13210 ca9dd6 13208->13210 13211 ca5483 GetCurrentThreadId 13210->13211 13212 ca9de2 13211->13212 13213 ca9e32 ReadFile 13212->13213 13214 ca9dfb 13212->13214 13213->13214 13215 55c1510 13216 55c1558 ControlService 13215->13216 13217 55c158f 13216->13217 13517 55c10f0 13518 55c1131 13517->13518 13521 ca81d7 13518->13521 13519 55c1151 13522 ca5483 GetCurrentThreadId 13521->13522 13523 ca81e3 13522->13523 13524 ca820c 13523->13524 13525 ca81fc 13523->13525 13527 ca8211 CloseHandle 13524->13527 13529 ca72c3 13525->13529 13528 ca8202 13527->13528 13528->13519 13532 ca532e 13529->13532 13533 ca5344 13532->13533 13534 ca535e 13533->13534 13536 ca5312 13533->13536 13534->13528 13537 ca729c CloseHandle 13536->13537 13538 ca5322 13537->13538 13538->13534 13539 ace3c2 13540 ace6e6 VirtualAlloc 13539->13540 13541 ace6fb 13540->13541 13218 ca7145 13219 ca5483 GetCurrentThreadId 13218->13219 13220 ca7151 13219->13220 13222 ca716f 13220->13222 13225 ca5b95 13220->13225 13223 ca71a0 GetModuleHandleExA 13222->13223 13224 ca7177 13222->13224 13223->13224 13226 ca5be3 13225->13226 13228 ca5ba6 13225->13228 13226->13222 13228->13226 13229 ca5a36 13228->13229 13230 ca5a63 13229->13230 13231 ca5aac 13230->13231 13232 ca5a91 PathAddExtensionA 13230->13232 13238 ca5b69 13230->13238 13234 ca5ace 13231->13234 13241 ca56d7 13231->13241 13232->13231 13235 ca56d7 lstrcmpiA 13234->13235 13234->13238 13239 ca5b17 13234->13239 13235->13239 13236 ca56d7 lstrcmpiA 13240 ca5b40 13236->13240 13237 ca56d7 lstrcmpiA 13237->13238 13238->13228 13239->13236 13239->13238 13239->13240 13240->13237 13240->13238 13242 ca56f5 13241->13242 13243 ca570c 13242->13243 13245 ca5654 13242->13245 13243->13234 13246 ca567f 13245->13246 13247 ca56b1 lstrcmpiA 13246->13247 13248 ca56c7 13246->13248 13247->13248 13248->13243 13249 ca6c9a 13252 ca6ae2 13249->13252 13255 ca6b49 13252->13255 13254 ca6af7 13257 ca6b56 13255->13257 13259 ca6b6c 13257->13259 13258 ca6b74 13261 ca6c41 13258->13261 13262 ca6c54 13258->13262 13259->13258 13260 ca6b91 13259->13260 13274 cb27a2 13259->13274 13264 ca5483 GetCurrentThreadId 13260->13264 13296 ca6981 13261->13296 13266 ca6c5e LoadLibraryExW 13262->13266 13267 ca6c72 LoadLibraryExA 13262->13267 13268 ca6b96 13264->13268 13270 ca6c18 13266->13270 13267->13270 13269 ca5b95 2 API calls 13268->13269 13271 ca6ba7 13269->13271 13271->13258 13272 ca6bd5 13271->13272 13276 ca64c1 13272->13276 13300 cb27b1 13274->13300 13277 ca64dd 13276->13277 13278 ca64e7 13276->13278 13277->13270 13308 ca5d14 13278->13308 13283 ca65e1 13283->13277 13335 ca6cd3 13283->13335 13286 ca6537 13286->13283 13287 ca6564 13286->13287 13318 ca5ef2 13286->13318 13322 ca618d 13287->13322 13290 ca656f 13290->13283 13327 ca6104 13290->13327 13293 ca65c4 13293->13283 13295 cb20f0 2 API calls 13293->13295 13295->13283 13297 ca698c 13296->13297 13298 ca69ad LoadLibraryExA 13297->13298 13299 ca699c 13297->13299 13298->13299 13299->13270 13301 cb27c1 13300->13301 13302 ca5483 GetCurrentThreadId 13301->13302 13307 cb2813 13301->13307 13303 cb2829 13302->13303 13304 ca5b95 2 API calls 13303->13304 13305 cb283b 13304->13305 13306 ca5b95 2 API calls 13305->13306 13305->13307 13306->13307 13309 ca5d89 13308->13309 13310 ca5d30 13308->13310 13309->13277 13312 ca5dba VirtualAlloc 13309->13312 13310->13309 13311 ca5d60 VirtualAlloc 13310->13311 13311->13309 13313 ca5dff 13312->13313 13313->13283 13314 ca5e37 13313->13314 13317 ca5e5f 13314->13317 13315 ca5ed6 13315->13286 13316 ca5e78 VirtualAlloc 13316->13315 13316->13317 13317->13315 13317->13316 13319 ca5f0d 13318->13319 13321 ca5f12 13318->13321 13319->13287 13320 ca5f45 lstrcmpiA 13320->13319 13320->13321 13321->13319 13321->13320 13323 ca6299 13322->13323 13325 ca61ba 13322->13325 13323->13290 13325->13323 13337 ca5c9f 13325->13337 13345 ca6db0 13325->13345 13330 ca612d 13327->13330 13328 ca6145 VirtualProtect 13329 ca616e 13328->13329 13328->13330 13329->13283 13329->13293 13331 cb23f7 13329->13331 13330->13328 13330->13329 13332 cb24c4 13331->13332 13333 cb2413 13331->13333 13332->13293 13333->13332 13334 cb1f5b VirtualProtect 13333->13334 13334->13333 13370 ca6cdf 13335->13370 13338 ca6ae2 17 API calls 13337->13338 13339 ca5cb2 13338->13339 13340 ca5d04 13339->13340 13342 ca5cdb 13339->13342 13344 ca5cf8 13339->13344 13341 ca6cd3 2 API calls 13340->13341 13341->13344 13343 ca6cd3 2 API calls 13342->13343 13342->13344 13343->13344 13344->13325 13347 ca6db9 13345->13347 13348 ca6dc8 13347->13348 13349 ca6dd0 13348->13349 13351 ca5483 GetCurrentThreadId 13348->13351 13350 ca6dfd GetProcAddress 13349->13350 13353 ca6df3 13350->13353 13352 ca6dda 13351->13352 13352->13349 13354 ca6dea 13352->13354 13356 ca6811 13354->13356 13357 ca68fd 13356->13357 13358 ca6830 13356->13358 13357->13353 13358->13357 13359 ca686d lstrcmpiA 13358->13359 13360 ca6897 13358->13360 13359->13358 13359->13360 13360->13357 13362 ca675a 13360->13362 13363 ca676b 13362->13363 13364 ca679b lstrcpyn 13363->13364 13369 ca67f6 13363->13369 13367 ca67b7 13364->13367 13364->13369 13365 ca5c9f 16 API calls 13366 ca67e5 13365->13366 13368 ca6db0 16 API calls 13366->13368 13366->13369 13367->13365 13367->13369 13368->13369 13369->13357 13371 ca6cee 13370->13371 13373 ca5483 GetCurrentThreadId 13371->13373 13375 ca6cf6 13371->13375 13372 ca6d44 FreeLibrary 13378 ca6d2b 13372->13378 13374 ca6d00 13373->13374 13374->13375 13376 ca6d10 13374->13376 13375->13372 13379 ca66c1 13376->13379 13380 ca6724 13379->13380 13381 ca66e4 13379->13381 13380->13378 13381->13380 13383 ca527d 13381->13383 13384 ca5286 13383->13384 13385 ca529e 13384->13385 13387 ca5264 13384->13387 13385->13380 13388 ca6cd3 2 API calls 13387->13388 13389 ca5271 13388->13389 13389->13384 13542 ca9cba 13544 ca9cc6 13542->13544 13545 ca5483 GetCurrentThreadId 13544->13545 13546 ca9cd2 13545->13546 13548 ca9cf2 13546->13548 13549 ca9bc6 13546->13549 13551 ca9bd2 13549->13551 13552 ca9be6 13551->13552 13553 ca5483 GetCurrentThreadId 13552->13553 13554 ca9bfe 13553->13554 13555 ca9c13 13554->13555 13575 ca9adf 13554->13575 13559 ca9c1b 13555->13559 13567 ca9b84 IsBadWritePtr 13555->13567 13562 ca9c8f CreateFileA 13559->13562 13563 ca9c6c CreateFileW 13559->13563 13560 ca5b95 2 API calls 13561 ca9c4e 13560->13561 13561->13559 13564 ca9c56 13561->13564 13566 ca9c5c 13562->13566 13563->13566 13569 ca73d9 13564->13569 13568 ca9ba6 13567->13568 13568->13559 13568->13560 13571 ca73e6 13569->13571 13570 ca741f CreateFileA 13573 ca746b 13570->13573 13571->13570 13572 ca74e1 13571->13572 13572->13566 13573->13572 13574 ca729c CloseHandle 13573->13574 13574->13572 13577 ca9aee GetWindowsDirectoryA 13575->13577 13578 ca9b18 13577->13578 13390 55c0d48 13391 55c0d93 OpenSCManagerW 13390->13391 13393 55c0ddc 13391->13393 13394 55c1308 13395 55c1349 ImpersonateLoggedOnUser 13394->13395 13396 55c1376 13395->13396 13579 cb257f 13581 cb258b 13579->13581 13582 cb259d 13581->13582 13587 ca6afb 13582->13587 13584 cb25ac 13585 cb25c5 13584->13585 13586 cb20f0 GetModuleFileNameA VirtualProtect 13584->13586 13586->13585 13589 ca6b07 13587->13589 13590 ca6b1c 13589->13590 13591 ca6b49 17 API calls 13590->13591 13592 ca6b3a 13590->13592 13591->13592 13593 ca953e 13594 ca5483 GetCurrentThreadId 13593->13594 13595 ca954a GetCurrentProcess 13594->13595 13596 ca9596 13595->13596 13598 ca955a 13595->13598 13597 ca959b DuplicateHandle 13596->13597 13601 ca9591 13597->13601 13598->13596 13599 ca9585 13598->13599 13602 ca72db 13599->13602 13604 ca7305 13602->13604 13603 ca7398 13603->13601 13604->13603 13605 ca72c3 CloseHandle 13604->13605 13605->13603 13606 ca6ff2 13608 ca6ffe 13606->13608 13609 ca7012 13608->13609 13611 ca703a 13609->13611 13612 ca7053 13609->13612 13614 ca705c 13612->13614 13615 ca706b 13614->13615 13616 ca7073 13615->13616 13617 ca5483 GetCurrentThreadId 13615->13617 13618 ca7116 GetModuleHandleW 13616->13618 13619 ca7124 GetModuleHandleA 13616->13619 13620 ca707d 13617->13620 13623 ca70ab 13618->13623 13619->13623 13621 ca7098 13620->13621 13622 ca5b95 2 API calls 13620->13622 13621->13616 13621->13623 13622->13621 13624 cb2533 13626 cb253f 13624->13626 13627 cb2551 13626->13627 13628 ca6ae2 17 API calls 13627->13628 13629 cb2560 13628->13629 13630 cb2579 13629->13630 13631 cb20f0 2 API calls 13629->13631 13631->13630 13397 acb935 13398 acb940 13397->13398 13398->13398 13399 acb946 LdrInitializeThunk 13398->13399 13400 ca9a53 13402 ca9a5f 13400->13402 13403 ca5483 GetCurrentThreadId 13402->13403 13404 ca9a6b 13403->13404 13406 ca9a8b 13404->13406 13407 ca99aa 13404->13407 13409 ca99b6 13407->13409 13410 ca99ca 13409->13410 13411 ca5483 GetCurrentThreadId 13410->13411 13412 ca99e2 13411->13412 13420 ca5be7 13412->13420 13415 ca5b95 2 API calls 13416 ca9a05 13415->13416 13417 ca9a0d 13416->13417 13418 ca9a3a GetFileAttributesA 13416->13418 13419 ca9a29 GetFileAttributesW 13416->13419 13418->13417 13419->13417 13421 ca5c9b 13420->13421 13422 ca5bfb 13420->13422 13421->13415 13421->13417 13422->13421 13423 ca5a36 2 API calls 13422->13423 13423->13422 13424 ad0777 13426 ad0ca6 13424->13426 13425 ad0ce6 13426->13425 13428 cb16d0 13426->13428 13429 cb16de 13428->13429 13430 cb16fe 13429->13430 13432 cb19a0 13429->13432 13430->13425 13433 cb19d3 13432->13433 13434 cb19b0 13432->13434 13433->13429 13434->13433 13435 cb1d9a 2 API calls 13434->13435 13435->13433 13436 aceab1 VirtualAlloc 13437 aceac5 13436->13437 13438 ca6f57 13440 ca6f63 13438->13440 13441 ca6f7c 13440->13441 13442 ca6fcf 13441->13442 13447 ca6e1a 13441->13447 13449 ca6e29 13447->13449 13450 ca5483 GetCurrentThreadId 13449->13450 13451 ca6e35 13450->13451 13452 ca6f24 13451->13452 13453 ca6e45 13451->13453 13456 ca6f29 GetModuleFileNameA 13452->13456 13454 ca6e59 GetModuleFileNameA 13453->13454 13455 ca6ea7 GetFullPathNameA 13453->13455 13457 ca6e78 13454->13457 13458 ca6ec8 13455->13458 13456->13458 13457->13458

    Executed Functions

    Function 00CB152F Relevance: 3.1, APIs: 2, Instructions: 107memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 160 cb152f-cb1549 GetSystemInfo 161 cb154f-cb1587 160->161 162 cb158d-cb15d6 VirtualAlloc call cb187b 160->162 161->162 166 cb16bc-cb16c1 call cb16c5 162->166 167 cb15dc-cb1600 call cb187b 162->167 174 cb16c3-cb16c4 166->174 167->166 173 cb1606-cb162a call cb187b 167->173 173->166 177 cb1630-cb1654 call cb187b 173->177 177->166 180 cb165a-cb1667 177->180 181 cb168d-cb16a4 call cb187b 180->181 182 cb166d-cb1688 180->182 185 cb16a9-cb16ab 181->185 186 cb16b7 182->186 185->166 187 cb16b1 185->187 186->174 187->186
    APIs
    • GetSystemInfo.KERNELBASE(?,-11805FEC), ref: 00CB153B
    • VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 00CB159C
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: AllocInfoSystemVirtual
    • String ID:
    • API String ID: 3440192736-0
    • Opcode ID: 5bed50378bbc1b2d128991505c830b30b750950f02be75351e04c4242264fd40
    • Instruction ID: bd7f93e45a2c648e2fa5df36195c782fb269ab3b0d5021e4e27d139423bfd78d
    • Opcode Fuzzy Hash: 5bed50378bbc1b2d128991505c830b30b750950f02be75351e04c4242264fd40
    • Instruction Fuzzy Hash: F54133B1900206AFE729DF61CC15FD6B7ACFF04700F4440A6B603DA882E6B1D6D48BE4
    Function 00ACB935 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: !!iH
    • API String ID: 0-3430752988
    • Opcode ID: edd871aee6185cfba20b178261c4776b6f08e813475687c3248054c7519d4bc2
    • Instruction ID: 707dc60c2abe320724cb2974c52b715b847f44d4819ceb63fc410b526ac6a854
    • Opcode Fuzzy Hash: edd871aee6185cfba20b178261c4776b6f08e813475687c3248054c7519d4bc2
    • Instruction Fuzzy Hash: 12D0A77211488ECEDF27CF20CA01BDA771EEB40700F604118EA419AD49CB3E5D11CBE4
    Function 00CA6B56 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83libraryCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    • LoadLibraryExW.KERNEL32(?,?,?), ref: 00CA6C67
    • LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 00CA6C7B
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: LibraryLoad
    • String ID: .dll$.exe$1002
    • API String ID: 1029625771-847511843
    • Opcode ID: 2fcd70730ce6440876e3e1cfafbf762d45be3953854fcb8f9fbfbc30ca01f864
    • Instruction ID: 87ccdfc3444aa6e11f3e21bce77a2a4f4608048b1424ae40725c99aa13eb356f
    • Opcode Fuzzy Hash: 2fcd70730ce6440876e3e1cfafbf762d45be3953854fcb8f9fbfbc30ca01f864
    • Instruction Fuzzy Hash: 8C31A071404117EFCF21AF64E904AAD7B75FF0A328F188155F95296161CB319AA0EBA1
    Function 00CA705C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 40 ca705c-ca706d call ca69c0 43 ca7078-ca7081 call ca5483 40->43 44 ca7073 40->44 51 ca7087-ca7093 call ca5b95 43->51 52 ca70b5-ca70bc 43->52 45 ca710c-ca7110 44->45 47 ca7116-ca711f GetModuleHandleW 45->47 48 ca7124-ca7127 GetModuleHandleA 45->48 50 ca712d 47->50 48->50 54 ca7137-ca7139 50->54 57 ca7098-ca709a 51->57 55 ca70c2-ca70c9 52->55 56 ca7107 call ca552e 52->56 55->56 58 ca70cf-ca70d6 55->58 56->45 57->56 60 ca70a0-ca70a5 57->60 58->56 61 ca70dc-ca70e3 58->61 60->56 62 ca70ab-ca7132 call ca552e 60->62 61->56 63 ca70e9-ca70fd 61->63 62->54 63->56
    APIs
    • GetModuleHandleW.KERNEL32(?,?,?,?,00CA6FEE,?,00000000,00000000), ref: 00CA7119
    • GetModuleHandleA.KERNEL32(00000000,?,?,?,00CA6FEE,?,00000000,00000000), ref: 00CA7127
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: HandleModule
    • String ID: .dll
    • API String ID: 4139908857-2738580789
    • Opcode ID: 534b4583218884ddeda34a0dfe69bc863fdb0c5441a83139661d15213bbf1418
    • Instruction ID: b27221881776901ac7d0b23298b136dd3bcf122fba504288f18c290edd14ac2d
    • Opcode Fuzzy Hash: 534b4583218884ddeda34a0dfe69bc863fdb0c5441a83139661d15213bbf1418
    • Instruction Fuzzy Hash: 02112E74108A07EBDB31AF24CC0D7AD7BF5FF0234EF144326A51A44491C7759AE5EA91
    Function 00CA99B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 67 ca99b6-ca99c4 68 ca99ca-ca99d1 67->68 69 ca99d6 67->69 70 ca99dd-ca99f3 call ca5483 call ca5be7 68->70 69->70 75 ca99f9-ca9a07 call ca5b95 70->75 76 ca9a12 70->76 81 ca9a1e-ca9a23 75->81 82 ca9a0d 75->82 78 ca9a16-ca9a19 76->78 80 ca9a49-ca9a50 call ca552e 78->80 84 ca9a3a-ca9a3d GetFileAttributesA 81->84 85 ca9a29-ca9a35 GetFileAttributesW 81->85 82->78 87 ca9a43-ca9a44 84->87 85->87 87->80
    APIs
    • GetFileAttributesW.KERNELBASE(0165A294,-11805FEC), ref: 00CA9A2F
    • GetFileAttributesA.KERNEL32(00000000,-11805FEC), ref: 00CA9A3D
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: AttributesFile
    • String ID: @
    • API String ID: 3188754299-2726393805
    • Opcode ID: 78654e7366f0eb3eb927a08d72e81b4c1617d372affae2264a6b95910b911e8e
    • Instruction ID: 13ecb5cc76f35c6cfe6b4544d989351a7c96621f617b4657d6054422824a24a0
    • Opcode Fuzzy Hash: 78654e7366f0eb3eb927a08d72e81b4c1617d372affae2264a6b95910b911e8e
    • Instruction Fuzzy Hash: BE014670604506FBEB219FA5DA0A79DBE70EF92309F208026E606650A0C7B09F91FB90
    Function 00CA6E29 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 88 ca6e29-ca6e3f call ca5483 call ca6908 93 ca6f24-ca6f3f call ca552e GetModuleFileNameA 88->93 94 ca6e45-ca6e53 88->94 104 ca6f49-ca6f54 93->104 95 ca6e59-ca6e76 GetModuleFileNameA 94->95 96 ca6ea7-ca6ec2 GetFullPathNameA 94->96 100 ca6e78-ca6e7b 95->100 98 ca6ec8-ca6ee0 96->98 99 ca6f44 call ca552e 96->99 108 ca6ee6-ca6f02 98->108 109 ca6f07-ca6f1f 98->109 99->104 102 ca6e81-ca6e82 100->102 103 ca6e87-ca6e89 100->103 102->100 107 ca6e8b-ca6e8e 103->107 110 ca6e9f-ca6ea2 107->110 111 ca6e94-ca6e9a 107->111 108->99 109->99 110->98 111->107
    APIs
      • Part of subcall function 00CA5483: GetCurrentThreadId.KERNEL32 ref: 00CA5492
    • GetModuleFileNameA.KERNEL32(00000000,?,0000028B,-11805FEC,00000000,?), ref: 00CA6E69
    • GetFullPathNameA.KERNEL32(?,0000028B,?,00000000,-11805FEC,?), ref: 00CA6EB9
    • GetModuleFileNameA.KERNELBASE(?,?,?,?), ref: 00CA6F32
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: Name$FileModule$CurrentFullPathThread
    • String ID:
    • API String ID: 2082183393-0
    • Opcode ID: 0a9185f6c0273485a624d228be28cd5ba91c4908cf51e5345689a280b3df4ac7
    • Instruction ID: 0297dcaefe54fdccb650f8dae6199d8f7aa499577fdadb917bfcc056137cb661
    • Opcode Fuzzy Hash: 0a9185f6c0273485a624d228be28cd5ba91c4908cf51e5345689a280b3df4ac7
    • Instruction Fuzzy Hash: D4319C7560025AEFEB21DFA9DC8CF9EBBB5FF06348F084294F40696150C7705A95DB20
    Function 00CA5A36 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 114 ca5a36-ca5a66 116 ca5a6c-ca5a81 114->116 117 ca5b91-ca5b92 114->117 116->117 119 ca5a87-ca5a8b 116->119 120 ca5aad-ca5ab4 119->120 121 ca5a91-ca5aa3 PathAddExtensionA 119->121 122 ca5aba-ca5ac9 call ca56d7 120->122 123 ca5ad6-ca5add 120->123 124 ca5aac 121->124 128 ca5ace-ca5ad0 122->128 126 ca5b1f-ca5b26 123->126 127 ca5ae3-ca5aea 123->127 124->120 131 ca5b48-ca5b4f 126->131 132 ca5b2c-ca5b42 call ca56d7 126->132 129 ca5b03-ca5b12 call ca56d7 127->129 130 ca5af0-ca5af9 127->130 128->117 128->123 140 ca5b17-ca5b19 129->140 130->129 135 ca5aff 130->135 133 ca5b71-ca5b78 131->133 134 ca5b55-ca5b6b call ca56d7 131->134 132->117 132->131 133->117 139 ca5b7e-ca5b8b call ca5710 133->139 134->117 134->133 135->129 139->117 140->117 140->126
    APIs
    • PathAddExtensionA.KERNELBASE(?,00000000), ref: 00CA5A98
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: ExtensionPath
    • String ID: \\?\
    • API String ID: 158807944-4282027825
    • Opcode ID: 2e8692767012d4e600576ca6d0d4a2dfd19a93c2bdc2344f7e0f0e9ea38e5760
    • Instruction ID: bdbb1c9317d4d93feac82eacb072b16fc0bc91db16b66e3173fb8031f7af2cd9
    • Opcode Fuzzy Hash: 2e8692767012d4e600576ca6d0d4a2dfd19a93c2bdc2344f7e0f0e9ea38e5760
    • Instruction Fuzzy Hash: D9316B76600A0AFFDF21DF94D80AF9EB7B5BF05309F008064FA11A5060E7729A61EB61
    Function 00CA7145 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 145 ca7145-ca7158 call ca5483 148 ca719b-ca71af call ca552e GetModuleHandleExA 145->148 149 ca715e-ca716a call ca5b95 145->149 155 ca71b9-ca71bb 148->155 152 ca716f-ca7171 149->152 152->148 154 ca7177-ca717e 152->154 156 ca7187-ca71b4 call ca552e 154->156 157 ca7184 154->157 156->155 157->156
    APIs
      • Part of subcall function 00CA5483: GetCurrentThreadId.KERNEL32 ref: 00CA5492
    • GetModuleHandleExA.KERNELBASE(?,?,?), ref: 00CA71A9
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CurrentHandleModuleThread
    • String ID: .dll
    • API String ID: 2752942033-2738580789
    • Opcode ID: 3a989c0a7628bd89879570d6465f05003985eea34c885800df41a16192141ff9
    • Instruction ID: 8a6e78277dbc1c0a4441e1c60c8fc1f659e25aaeb93093d23b9b35f565a47baa
    • Opcode Fuzzy Hash: 3a989c0a7628bd89879570d6465f05003985eea34c885800df41a16192141ff9
    • Instruction Fuzzy Hash: 4BF06D75204606EFCB109F94DC49AAD3BE5FF59348F108510FE198A151C731C991AA21
    Function 00CA9BD2 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 188 ca9bd2-ca9be0 189 ca9bf2 188->189 190 ca9be6-ca9bed 188->190 191 ca9bf9-ca9c05 call ca5483 189->191 190->191 194 ca9c0b-ca9c15 call ca9adf 191->194 195 ca9c20-ca9c30 call ca9b84 191->195 194->195 202 ca9c1b 194->202 200 ca9c42-ca9c50 call ca5b95 195->200 201 ca9c36-ca9c3d 195->201 203 ca9c61-ca9c66 200->203 208 ca9c56-ca9c57 call ca73d9 200->208 201->203 202->203 206 ca9c8f-ca9ca4 CreateFileA 203->206 207 ca9c6c-ca9c8a CreateFileW 203->207 209 ca9caa-ca9cab 206->209 207->209 212 ca9c5c 208->212 211 ca9cb0-ca9cb7 call ca552e 209->211 212->211
    APIs
    • CreateFileW.KERNELBASE(0165A294,?,?,-11805FEC,?,?,?,-11805FEC,?), ref: 00CA9C84
      • Part of subcall function 00CA9B84: IsBadWritePtr.KERNEL32(?,00000004), ref: 00CA9B92
    • CreateFileA.KERNEL32(?,?,?,-11805FEC,?,?,?,-11805FEC,?), ref: 00CA9CA4
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CreateFile$Write
    • String ID:
    • API String ID: 1125675974-0
    • Opcode ID: c9a74ffa7213eb3e30bc6f28d59e0bb344236a18f4fadd9148520317a30676a2
    • Instruction ID: e18ee572e120e0da5f0f76d76da2baf6c4a667978c8f71c8d448cd45ef9ea526
    • Opcode Fuzzy Hash: c9a74ffa7213eb3e30bc6f28d59e0bb344236a18f4fadd9148520317a30676a2
    • Instruction Fuzzy Hash: 1A11063110490BFBDF229F94DE0AB9D7AB2FF0635CF008115BA02550A0C736CAA1FB91
    Function 00CA953E Relevance: 3.0, APIs: 2, Instructions: 41COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 215 ca953e-ca9554 call ca5483 GetCurrentProcess 218 ca955a-ca955d 215->218 219 ca9596-ca95b8 call ca552e DuplicateHandle 215->219 218->219 220 ca9563-ca9566 218->220 225 ca95c2-ca95c4 219->225 220->219 222 ca956c-ca957f call ca52dd 220->222 222->219 227 ca9585-ca95bd call ca72db call ca552e 222->227 227->225
    APIs
      • Part of subcall function 00CA5483: GetCurrentThreadId.KERNEL32 ref: 00CA5492
    • GetCurrentProcess.KERNEL32(-11805FEC), ref: 00CA954B
    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CA95B1
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: Current$DuplicateHandleProcessThread
    • String ID:
    • API String ID: 3748180921-0
    • Opcode ID: d7fb4e022936c9a715ecc84a29379f7e5d50e229def0e26b654948fddb488681
    • Instruction ID: 021e9ba5eb0473cfad9bf631b21aaf666b3823970ecbe97d023008f6c539964b
    • Opcode Fuzzy Hash: d7fb4e022936c9a715ecc84a29379f7e5d50e229def0e26b654948fddb488681
    • Instruction Fuzzy Hash: D2011D7290054BFBCF22AF95DC0AC9E3B7AFF5A3587008215F92595011D732C661EB61
    Function 00CA6F63 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 232 ca6f63-ca6f81 call ca5561 235 ca6fd7-ca6fdc 232->235 236 ca6f87-ca6f8e call ca6e1a 232->236 238 ca6f93-ca6f99 236->238 239 ca6fb8-ca6fce MultiByteToWideChar 238->239 240 ca6f9f-ca6fb3 GetModuleFileNameW 238->240 241 ca6fcf-ca6fd2 call ca5586 239->241 240->241 241->235
    APIs
    • GetModuleFileNameW.KERNEL32(?,?,?,-11805FEC,?,00000000,?,?), ref: 00CA6FA9
    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,-11805FEC,?,00000000,?,?), ref: 00CA6FC8
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: ByteCharFileModuleMultiNameWide
    • String ID:
    • API String ID: 1532159127-0
    • Opcode ID: 8c9cbf50d4f4d284aee82aeba4da38177f3b50ee449bc6f84395744f7685a1a9
    • Instruction ID: 014aa29311986292c2dc951e76c905d6053c571bd93d5ffcf03d0a650c1108e2
    • Opcode Fuzzy Hash: 8c9cbf50d4f4d284aee82aeba4da38177f3b50ee449bc6f84395744f7685a1a9
    • Instruction Fuzzy Hash: C001D63190424AFFCF129FA4CC08BAE7F72FF55318F148168F9219A1A0C7318661EB00
    Function 00CB1F5B Relevance: 1.6, APIs: 1, Instructions: 112COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 251 cb1f5b-cb1f69 252 cb1f6f-cb1f81 251->252 253 cb1f8c-cb1f96 call cb1df0 251->253 252->253 257 cb1f87 252->257 258 cb1f9c 253->258 259 cb1fa1-cb1faa 253->259 260 cb20eb-cb20ed 257->260 258->260 261 cb1fc2-cb1fc9 259->261 262 cb1fb0-cb1fb7 259->262 264 cb1fcf 261->264 265 cb1fd4-cb1fe4 261->265 262->261 263 cb1fbd 262->263 263->260 264->260 265->260 266 cb1fea-cb1ff6 call cb1ec5 265->266 269 cb1ff9-cb1ffd 266->269 269->260 270 cb2003-cb200d 269->270 271 cb2013-cb2026 270->271 272 cb2034-cb2037 270->272 271->272 277 cb202c-cb202e 271->277 273 cb203a-cb203d 272->273 275 cb20e3-cb20e6 273->275 276 cb2043-cb204a 273->276 275->269 278 cb2078-cb2091 276->278 279 cb2050-cb2056 276->279 277->272 277->275 285 cb20aa-cb20b2 VirtualProtect 278->285 286 cb2097-cb20a5 278->286 280 cb205c-cb2061 279->280 281 cb2073 279->281 280->281 283 cb2067-cb206d 280->283 284 cb20db-cb20de 281->284 283->278 283->281 284->273 287 cb20b8-cb20bb 285->287 286->287 287->284 289 cb20c1-cb20da 287->289 289->284
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2ef7c4341aab551ef50d488e2093614c711c2f76399a9b701e023a31b0db61e2
    • Instruction ID: becb25f02d365a4d13ab5e85e72a357c8a7a415ade83d705fdf0c2d158eb3afd
    • Opcode Fuzzy Hash: 2ef7c4341aab551ef50d488e2093614c711c2f76399a9b701e023a31b0db61e2
    • Instruction Fuzzy Hash: CD416C71D0420AEFDB25EF54E944BEA7BB1FF04314F288455E922AB191C371AED0DB51
    Function 00CA7BBD Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 291 ca7bbd-ca7bce 292 ca7bfd-ca7c06 call ca5561 291->292 293 ca7bd4-ca7be8 call ca5561 291->293 297 ca7c0c-ca7c1d call ca739f 292->297 298 ca7ce3-ca7ce6 call ca5586 292->298 304 ca7ceb 293->304 305 ca7bee-ca7bfc 293->305 306 ca7c3d-ca7c7c CreateFileA 297->306 307 ca7c23-ca7c27 297->307 298->304 308 ca7cf2-ca7cf6 304->308 305->292 312 ca7c82-ca7c9f 306->312 313 ca7ca0-ca7ca3 306->313 310 ca7c3a 307->310 311 ca7c2d-ca7c39 call cac427 307->311 310->306 311->310 312->313 314 ca7ca9-ca7cc0 call ca52a3 313->314 315 ca7cd6-ca7cde call ca722e 313->315 314->308 323 ca7cc6-ca7cd1 call ca729c 314->323 315->304 323->304
    APIs
    • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 00CA7C72
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CreateFile
    • String ID:
    • API String ID: 823142352-0
    • Opcode ID: 55af5c7383fa2a85e74230763d9ecea23be10224797811563aa13c3fcb83c244
    • Instruction ID: 8100260a34ec84bd0ee5d14ca45ade3269f7c45fcb71386d3b5956cdea909a82
    • Opcode Fuzzy Hash: 55af5c7383fa2a85e74230763d9ecea23be10224797811563aa13c3fcb83c244
    • Instruction Fuzzy Hash: E631BC7190420AFFDB208F64DC45FAEB7B8FF0672CF208229F915AA191C7719A51DB50
    Function 00CA73D9 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 326 ca73d9-ca73e8 call ca5561 329 ca74ee 326->329 330 ca73ee-ca73ff call ca739f 326->330 332 ca74f5-ca74f9 329->332 334 ca741f-ca7465 CreateFileA 330->334 335 ca7405-ca7409 330->335 338 ca746b-ca748c 334->338 339 ca74b0-ca74b3 334->339 336 ca740f-ca741b call cac427 335->336 337 ca741c 335->337 336->337 337->334 338->339 348 ca7492-ca74af 338->348 340 ca74b9-ca74d0 call ca52a3 339->340 341 ca74e6-ca74e9 call ca722e 339->341 340->332 349 ca74d6-ca74e1 call ca729c 340->349 341->329 348->339 349->329
    APIs
    • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 00CA745B
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CreateFile
    • String ID:
    • API String ID: 823142352-0
    • Opcode ID: 5ce11b118a10db828a6a8ebd0b6140725e1be39bbdb5deefd2988627dacc847a
    • Instruction ID: 17292cb98ae90ec23dcd3543a698d50b21d8e9f2f824e818694e2ea77ae111bf
    • Opcode Fuzzy Hash: 5ce11b118a10db828a6a8ebd0b6140725e1be39bbdb5deefd2988627dacc847a
    • Instruction Fuzzy Hash: 6E31E571600206BEEB309F64DC45F9A7BB8FB0A728F208325F620AA1D1C371EA41DF54
    Function 00CB1CA8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 353 cb1ca8-cb1cb7 354 cb1cbd 353->354 355 cb1cc3-cb1cd7 353->355 354->355 357 cb1cdd-cb1ce7 355->357 358 cb1d95-cb1d97 355->358 359 cb1ced-cb1cf7 357->359 360 cb1d84-cb1d90 357->360 359->360 361 cb1cfd-cb1d07 359->361 360->355 361->360 362 cb1d0d-cb1d1c 361->362 364 cb1d22 362->364 365 cb1d27-cb1d2c 362->365 364->360 365->360 366 cb1d32-cb1d41 365->366 366->360 367 cb1d47-cb1d5e GetModuleFileNameA 366->367 367->360 368 cb1d64-cb1d72 call cb1c04 367->368 371 cb1d78 368->371 372 cb1d7d-cb1d7f 368->372 371->360 372->358
    APIs
    • GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,?), ref: 00CB1D55
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: FileModuleName
    • String ID:
    • API String ID: 514040917-0
    • Opcode ID: bcd64d7d9aba01b1b5dcb54ec5190622d03b967353cf49718f6d3ad78b461f20
    • Instruction ID: d5239b243beca4606e125d32ed9af0aa57a6508d482a0e434ee02c0d278771bb
    • Opcode Fuzzy Hash: bcd64d7d9aba01b1b5dcb54ec5190622d03b967353cf49718f6d3ad78b461f20
    • Instruction Fuzzy Hash: B611E671A016249FEF329A24CC68BEBB77CEF04756F5840A1EC15A6041D7709E808AE0
    Function 055C0D42 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
    Download Yara Rule
    APIs
    • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 055C0DCD
    Memory Dump Source
    • Source File: 00000000.00000002.2303128628.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_55c0000_file.jbxd
    Similarity
    • API ID: ManagerOpen
    • String ID:
    • API String ID: 1889721586-0
    • Opcode ID: b79f5ff68b9fb224d2e0b53db47d4e2e0faf0c945468d5964be48029c8b05b7f
    • Instruction ID: 8d8572bef7e69cc9244c8b3418f5cdd6c0e29c9689494bf836570e0b533d16d2
    • Opcode Fuzzy Hash: b79f5ff68b9fb224d2e0b53db47d4e2e0faf0c945468d5964be48029c8b05b7f
    • Instruction Fuzzy Hash: D42134B6800219DFCB50CFA9D888ADEFFF4FB88320F14855AD909AB244C734A540CBA4
    Function 055C0D48 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
    Download Yara Rule
    APIs
    • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 055C0DCD
    Memory Dump Source
    • Source File: 00000000.00000002.2303128628.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_55c0000_file.jbxd
    Similarity
    • API ID: ManagerOpen
    • String ID:
    • API String ID: 1889721586-0
    • Opcode ID: 8493ed8c9d706c1823abafcdd295ef0e0b77570853e9c120e4f237a6c021fa7e
    • Instruction ID: ffb2396584be75bc8c65a80de0fe8413cf3114ac3913e84d2db5a86eabc52db4
    • Opcode Fuzzy Hash: 8493ed8c9d706c1823abafcdd295ef0e0b77570853e9c120e4f237a6c021fa7e
    • Instruction Fuzzy Hash: AD2102B6801219DFCB50CFA9D888ADEFBF4FB88320F14855AD909AB254D734A544CBA5
    Function 055C1510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON
    Download Yara Rule
    APIs
    • ControlService.ADVAPI32(?,?,?), ref: 055C1580
    Memory Dump Source
    • Source File: 00000000.00000002.2303128628.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_55c0000_file.jbxd
    Similarity
    • API ID: ControlService
    • String ID:
    • API String ID: 253159669-0
    • Opcode ID: cbed92f5f22910621f86596c9e51586f2f9a008c336faf07143f535d3204b0c4
    • Instruction ID: ee957c309fc3a6692814240c94f8c93352f21a839d2f84abfe8ab11402076fb3
    • Opcode Fuzzy Hash: cbed92f5f22910621f86596c9e51586f2f9a008c336faf07143f535d3204b0c4
    • Instruction Fuzzy Hash: B511E4B19006499FDB10CF9AC584BDEFBF4FB48320F108429E559A3251D778A644CFA5
    Function 055C1509 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON
    Download Yara Rule
    APIs
    • ControlService.ADVAPI32(?,?,?), ref: 055C1580
    Memory Dump Source
    • Source File: 00000000.00000002.2303128628.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_55c0000_file.jbxd
    Similarity
    • API ID: ControlService
    • String ID:
    • API String ID: 253159669-0
    • Opcode ID: ec37460320c42e427420b4cba75ec2110c0e01d8df4c99cde029cd6f53a33307
    • Instruction ID: 730ce882bba525bffe2d91e1fd5278279e0a556a6d293574856099ae24e090c4
    • Opcode Fuzzy Hash: ec37460320c42e427420b4cba75ec2110c0e01d8df4c99cde029cd6f53a33307
    • Instruction Fuzzy Hash: AC1100B5D00609CFDB10CFAAC584BEEBBF4BB48320F10842AE519A3241D738A644CFA5
    Function 00CAA70A Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00CA5483: GetCurrentThreadId.KERNEL32 ref: 00CA5492
    • MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-11805FEC), ref: 00CAA791
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CurrentFileThreadView
    • String ID:
    • API String ID: 1949693742-0
    • Opcode ID: 1d2e0cd767845609ecd010946e08146da8ef226a9b2966f059bcda4947113c25
    • Instruction ID: 8efa5ee8bdbf1016323366910b34d11f25754a0df331c77ba94b5689d17759d3
    • Opcode Fuzzy Hash: 1d2e0cd767845609ecd010946e08146da8ef226a9b2966f059bcda4947113c25
    • Instruction Fuzzy Hash: 0011A27250050BEFCF12AFA5DD09DAF3B76AF5A348B048511FA1295021C736C9B2EB62
    Function 00CAA4F2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CurrentThread
    • String ID:
    • API String ID: 2882836952-0
    • Opcode ID: cc971f46ee44b76c150a803c88097fca92c04ab190b71a8f2599f7b066f49326
    • Instruction ID: 3f6bdab97dce0516fdbffc248f9ea4f1f02e53b1b804fd12957e327648f0eee4
    • Opcode Fuzzy Hash: cc971f46ee44b76c150a803c88097fca92c04ab190b71a8f2599f7b066f49326
    • Instruction Fuzzy Hash: 78110972900A0BEFCF12AFA6CD09E9E3B75BF46348F108110F91696061D735CA65FB62
    Function 055C1301 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
    Download Yara Rule
    APIs
    • ImpersonateLoggedOnUser.KERNELBASE ref: 055C1367
    Memory Dump Source
    • Source File: 00000000.00000002.2303128628.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_55c0000_file.jbxd
    Similarity
    • API ID: ImpersonateLoggedUser
    • String ID:
    • API String ID: 2216092060-0
    • Opcode ID: 8291a2c91c5bb672ee640017054778b02272d6b09e72a6b5223f77d693eac60e
    • Instruction ID: 27b18f73433c988856e7f1956008f8aa2a2f993ffbe41aaa4ca512864a832563
    • Opcode Fuzzy Hash: 8291a2c91c5bb672ee640017054778b02272d6b09e72a6b5223f77d693eac60e
    • Instruction Fuzzy Hash: AA1113B1800249CFDB10CF9AC945BEEBBF8FF48324F24845AD518A3240D778A544CFA5
    Function 055C1308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
    Download Yara Rule
    APIs
    • ImpersonateLoggedOnUser.KERNELBASE ref: 055C1367
    Memory Dump Source
    • Source File: 00000000.00000002.2303128628.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_55c0000_file.jbxd
    Similarity
    • API ID: ImpersonateLoggedUser
    • String ID:
    • API String ID: 2216092060-0
    • Opcode ID: fbef516c21b99ba5fc89a79589ba5d3471b75fffaa1a7cb6ba6979d68b97b9f7
    • Instruction ID: 80001e32e056d1e2856f20e01c2a2728d2a542dfffa8dac856d4ccae9fbdc216
    • Opcode Fuzzy Hash: fbef516c21b99ba5fc89a79589ba5d3471b75fffaa1a7cb6ba6979d68b97b9f7
    • Instruction Fuzzy Hash: 6C1125B1800249CFDB10CF9AC544BEEBBF8FB48324F10845AD518A3240C778A544CBA5
    Function 00CA9DD6 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00CA5483: GetCurrentThreadId.KERNEL32 ref: 00CA5492
    • ReadFile.KERNELBASE(?,00000000,?,00000400,?,-11805FEC,?,?,00CA7B05,?,?,00000400,?,00000000,?,00000000), ref: 00CA9E42
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CurrentFileReadThread
    • String ID:
    • API String ID: 2348311434-0
    • Opcode ID: c854a8e6a48d419d68fa542930dd2b77486d70e21e041fb5d0db53b80ae396c9
    • Instruction ID: e0a02ce937388a1cbaa994cc087b68e7880715d0038c4d58e1904fc8a487b604
    • Opcode Fuzzy Hash: c854a8e6a48d419d68fa542930dd2b77486d70e21e041fb5d0db53b80ae396c9
    • Instruction Fuzzy Hash: E8F0C93610450BABCF129FA5DD0AD9E3B76EF5A348B108115FA115A061D732C5A1EB61
    Function 00CA5654 Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: lstrcmpi
    • String ID:
    • API String ID: 1586166983-0
    • Opcode ID: 54ed76cffa1c9ae42dd4924943444c3b68a773a0cb15654774fec8711094e60a
    • Instruction ID: 9478cfcbe8b27d0b7ded4d75a4a2a2f77efda3bd0575bcc52df9df5cca2ad6ee
    • Opcode Fuzzy Hash: 54ed76cffa1c9ae42dd4924943444c3b68a773a0cb15654774fec8711094e60a
    • Instruction Fuzzy Hash: 1A01FB36A00A0EBFCF119FA5DC05DDEBBB6EF49744F504165B401A5160E7328A62DB64
    Function 00CB18D2 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,00CB18CE,?,?,00CB15D4,?,?,00CB15D4,?,?,00CB15D4), ref: 00CB18F2
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 85921d27aad641f7627456e14c708a0134e1e6de74317b9050b7e41b1c7e5748
    • Instruction ID: f47f765232f50469b49b12a41db9c9e0a4e4384ae79018827272ab1f57f29608
    • Opcode Fuzzy Hash: 85921d27aad641f7627456e14c708a0134e1e6de74317b9050b7e41b1c7e5748
    • Instruction Fuzzy Hash: 9FF08CB1900245EFD7258F1ACD18B9DBBA4FF44762F148069E94A9B691D3B199C08B90
    Function 00CA81D7 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00CA5483: GetCurrentThreadId.KERNEL32 ref: 00CA5492
    • CloseHandle.KERNELBASE(00CA7B9A,-11805FEC,?,?,00CA7B9A,?), ref: 00CA8215
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CloseCurrentHandleThread
    • String ID:
    • API String ID: 3305057742-0
    • Opcode ID: 2f077d1962cdcf4159736a7a91974d901d2477e7d1e8c2529d28457167479ab9
    • Instruction ID: fc6439cafa5aff93a4e34a9e268ebbec2c4ec61876ffa66003aed872a56b96d3
    • Opcode Fuzzy Hash: 2f077d1962cdcf4159736a7a91974d901d2477e7d1e8c2529d28457167479ab9
    • Instruction Fuzzy Hash: CDE04F72A04D07B7CA207BBAE809E6F2A29AFD774C7108331B00295042DE25C596EAA1
    Function 00ACE3C2 Relevance: 1.3, APIs: 1, Instructions: 25memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000), ref: 00ACE6EE
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: b58d2176d9f2246afe7afa7f0d110cf1d2c4f5f494065108fcfc1c4d515ce601
    • Instruction ID: 33c515de9d2377fda684fbedd44b1a93df59eb49ce95c01dfc8db054605a1133
    • Opcode Fuzzy Hash: b58d2176d9f2246afe7afa7f0d110cf1d2c4f5f494065108fcfc1c4d515ce601
    • Instruction Fuzzy Hash: 43F0A5B141C70D8BE794BF249C49BBEB7F4EF00311F46042DEAD646680EA356954DA8B
    Function 00ACEAB1 Relevance: 1.3, APIs: 1, Instructions: 11memoryCOMMON
    Download Yara Rule
    APIs
    • VirtualAlloc.KERNELBASE(00000000), ref: 00ACEAB3
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: AllocVirtual
    • String ID:
    • API String ID: 4275171209-0
    • Opcode ID: 64d035754c9ba3bf4918814a51024007c47ee550b3dc3570ea35ffc9c187d3dc
    • Instruction ID: 6ebbf8b63c8e864723adda1dbb4632daf460de6ca0f7d8b30dc7865e2106f184
    • Opcode Fuzzy Hash: 64d035754c9ba3bf4918814a51024007c47ee550b3dc3570ea35ffc9c187d3dc
    • Instruction Fuzzy Hash: 93D0C97054825E9BCB145F74880CBDF3BB4EF04322F510618B96AC2AC0D7760D10DE69
    Function 00CA729C Relevance: 1.3, APIs: 1, Instructions: 8COMMON
    Download Yara Rule
    APIs
    • CloseHandle.KERNELBASE(?,?,00CA5322,?,?), ref: 00CA72A2
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CloseHandle
    • String ID:
    • API String ID: 2962429428-0
    • Opcode ID: d3eaf5db2c3b3cee02fe64390d8dac2e98ac918dba4340dfff7630a23f42c389
    • Instruction ID: 6a00febedb611d008580aba4ba7e7e146ac62a089b990fc2002140d32cd354f2
    • Opcode Fuzzy Hash: d3eaf5db2c3b3cee02fe64390d8dac2e98ac918dba4340dfff7630a23f42c389
    • Instruction Fuzzy Hash: B9B0923140411ABBCB01BF65EC0A84EBF79BF16798B108220B946482618B72E9A0AFD1

    Non-executed Functions

    Function 00C46686 Relevance: 11.6, Strings: 8, Instructions: 1596COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: <|T$BRos$[s?}$bpgk$fsz>$rHw$zo.$hG
    • API String ID: 0-601896906
    • Opcode ID: aa7cb8532bc4cf1d33dc92cb8e511ec19e9a2439e6bf47ab4f7dbba0c5e3f40b
    • Instruction ID: 8b2b8d74b188a01213122ae7ea4bd606aa829305b47d54c45233128b07e165dd
    • Opcode Fuzzy Hash: aa7cb8532bc4cf1d33dc92cb8e511ec19e9a2439e6bf47ab4f7dbba0c5e3f40b
    • Instruction Fuzzy Hash: 64B22AF3A082009FD7046E2DDC4567ABBEAEFD4320F16893DEAC4C7744EA3598158697
    Function 00C430AD Relevance: 9.1, Strings: 6, Instructions: 1600COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 'p{9$2o<$LrP}$f_#>$eoW$xpn
    • API String ID: 0-1821352451
    • Opcode ID: 41d31b8eac28db075a734fe787885d5629386834fef59b095c4a09c8432ac264
    • Instruction ID: f38a9afe55d7fa7a877e3dfdaeb0961ec53b5cedd9e343aba5a7ca895bb44022
    • Opcode Fuzzy Hash: 41d31b8eac28db075a734fe787885d5629386834fef59b095c4a09c8432ac264
    • Instruction Fuzzy Hash: 02B2F6F360C204AFE304AE29EC8567ABBE5EFD4720F1A893DE6C4C3744E63558458796
    Function 00C390D5 Relevance: 5.4, Strings: 3, Instructions: 1628COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: vc|.$0s$(
    • API String ID: 0-1327773846
    • Opcode ID: 5d5cac00d874feeb2a0c5261c0851e2784bb8f182489e5b2e3047604a6696ee0
    • Instruction ID: 7448450d243da400b31ecfa9945ebeba1afc12c010ad80cfec8cfb5987e23822
    • Opcode Fuzzy Hash: 5d5cac00d874feeb2a0c5261c0851e2784bb8f182489e5b2e3047604a6696ee0
    • Instruction Fuzzy Hash: 60B206F3A0C2009FE308AE2DEC8567ABBE5EF94720F16493DE6C4C7744EA3558458697
    Function 00C36416 Relevance: 4.6, Strings: 3, Instructions: 895COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: GrHj$h-y$$w}
    • API String ID: 0-3811509545
    • Opcode ID: f859f80a12d47eedadca09eb58970ef79eef431e44087b1d15ff9787950536bc
    • Instruction ID: e3d0dfaf1054c25f23157e132d879b659fdd3060f7235c64ce3cf3d7f45207f6
    • Opcode Fuzzy Hash: f859f80a12d47eedadca09eb58970ef79eef431e44087b1d15ff9787950536bc
    • Instruction Fuzzy Hash: C2523AF3A086049FD304AE2DDC8567ABBE6EFD4720F1A853DE6C4C7744EA3598058693
    Function 00CA95D0 Relevance: 3.0, APIs: 2, Instructions: 43timeCOMMON
    Download Yara Rule
    APIs
      • Part of subcall function 00CA5483: GetCurrentThreadId.KERNEL32 ref: 00CA5492
    • GetSystemTime.KERNEL32(?,-11805FEC), ref: 00CA9605
    • GetFileTime.KERNEL32(?,?,?,?,-11805FEC), ref: 00CA9648
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: Time$CurrentFileSystemThread
    • String ID:
    • API String ID: 2191017843-0
    • Opcode ID: 75bb2c853271ac6ce18606facbc7113239853ee3d444e2b58a01d842a883e72d
    • Instruction ID: 63bbb0696cc6ac0bd82758c79bca2256a7645ccaf14fb56c965b2c72858cce87
    • Opcode Fuzzy Hash: 75bb2c853271ac6ce18606facbc7113239853ee3d444e2b58a01d842a883e72d
    • Instruction Fuzzy Hash: 2001E832100447EBCF22AF5AED0DD9E7F76EF86714B408121F51585061D73289A1EB61
    Function 00B466A9 Relevance: 2.9, Strings: 2, Instructions: 440COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: '[?}$ <w
    • API String ID: 0-1740225439
    • Opcode ID: ad4d593341d831314381ede180443994e34772cbce32651c81835eb82803ad90
    • Instruction ID: 24060c3a692948b299d8eee7db022303f0227886f61e59f0eef025cb77417301
    • Opcode Fuzzy Hash: ad4d593341d831314381ede180443994e34772cbce32651c81835eb82803ad90
    • Instruction Fuzzy Hash: 1EE1B0F3F142248BF3584E38DC583667692EBD4320F2F823D9A99A77C4D97E5D099284
    Function 00C3C687 Relevance: 2.8, Strings: 1, Instructions: 1572COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: Je
    • API String ID: 0-2031893865
    • Opcode ID: 529a0448860c9284e36ce2d735a50151cc45e9f570349686fa9f7295e91f1b78
    • Instruction ID: 804e987c4648873c492ede6d52bccb4791911479538dfb3cbb670d5313823f81
    • Opcode Fuzzy Hash: 529a0448860c9284e36ce2d735a50151cc45e9f570349686fa9f7295e91f1b78
    • Instruction Fuzzy Hash: 17B2E5F3A0C2009FE7046E2DEC8567AFBE9EF94720F1A492DE6C5C3744E63598018697
    Function 00BD64EA Relevance: 2.8, Strings: 2, Instructions: 291COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: L$Hl
    • API String ID: 0-2944029333
    • Opcode ID: 59051c4bcb8bd2b10d4c40bc23a4004a5ad34ebbaa9da829d5be576056717f34
    • Instruction ID: 75c968d1532322245d5483e6a2b03e55670cdb391a093553725f0a252cd1cd28
    • Opcode Fuzzy Hash: 59051c4bcb8bd2b10d4c40bc23a4004a5ad34ebbaa9da829d5be576056717f34
    • Instruction Fuzzy Hash: DAA159B3F5162147F3584879DDA836265839BE0324F2F82798F5D6BBCADC7E4C0A1284
    Function 00B04567 Relevance: 2.7, Strings: 2, Instructions: 217COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: \l?u$\l?u
    • API String ID: 0-2081029860
    • Opcode ID: 16af02726746ce13ee036958f91955b69787b8cdf7b48581dc1e1ae99d27e055
    • Instruction ID: c1467e90db29d2125f4490096011ed2c04cebc6adf2bcdc1e0ee2f128132fad9
    • Opcode Fuzzy Hash: 16af02726746ce13ee036958f91955b69787b8cdf7b48581dc1e1ae99d27e055
    • Instruction Fuzzy Hash: 497139B3F1121547F3544969CC5836666839BD5320F3F82388B9C6B7C5EE7E9D0A5384
    Function 00C10056 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: -r:^
    • API String ID: 0-2366879307
    • Opcode ID: e4f432416435a79bb625b5b38477026d23d677b5631840131e0b45f8bf2ef924
    • Instruction ID: 1e6a8eec2bd570f8a3a4e54768b01684c231bf2ca6ebbd2edd1f9663c17e16b4
    • Opcode Fuzzy Hash: e4f432416435a79bb625b5b38477026d23d677b5631840131e0b45f8bf2ef924
    • Instruction Fuzzy Hash: E5E1EFB3F142148BF3585E29DC94366B7D2EB94320F2B453DDA88973C4EA7DAC458389
    Function 00C3E0FE Relevance: 1.7, Strings: 1, Instructions: 437COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: C.mV
    • API String ID: 0-3362628110
    • Opcode ID: f709422b784caa4783d213927f223b0f5985d19ac98c52d0d3af688bb8e80d2e
    • Instruction ID: d34bd84ed4fb2b20fc8e7a5a8043c79ff9635da84942d450aa060a7c2cfae0f7
    • Opcode Fuzzy Hash: f709422b784caa4783d213927f223b0f5985d19ac98c52d0d3af688bb8e80d2e
    • Instruction Fuzzy Hash: 80D16CF3A1C2145FE308AE2DEC8577ABBD9DFD4220F1A863DEAC4C7744E93559018296
    Function 00B22152 Relevance: 1.6, Strings: 1, Instructions: 375COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 2~y
    • API String ID: 0-1107753316
    • Opcode ID: 936d79e3fee79e298546da31f3e1f646d963e3b5d77b088e49ca711cef0d336b
    • Instruction ID: b8c62579d4977908074567e88fe8ce9a782a0ecad912fc0f49ef24977a78d8c5
    • Opcode Fuzzy Hash: 936d79e3fee79e298546da31f3e1f646d963e3b5d77b088e49ca711cef0d336b
    • Instruction Fuzzy Hash: 89C1F5F3F142144BF3089E39CC8977AB7D2EB94310F1B823C9A89977C4DA3E59058285
    Function 00B7E28E Relevance: 1.6, Strings: 1, Instructions: 336COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: k0bc
    • API String ID: 0-1786278729
    • Opcode ID: 6c86f2bfeb4e820b7ba308340e0dbd072534b4c1a0785ee73ef0f134c6c99b16
    • Instruction ID: fc58b16e0c041f6fa85f1e70ce216f9d37c375c7c53212c78dfdd6fea4ee2b32
    • Opcode Fuzzy Hash: 6c86f2bfeb4e820b7ba308340e0dbd072534b4c1a0785ee73ef0f134c6c99b16
    • Instruction Fuzzy Hash: D0B19EF7F2162647F3544838CC983A26683DBE5310F2F82798F599B7C6D97E9C0A5284
    Function 00B0A26E Relevance: 1.6, Strings: 1, Instructions: 321COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: %`N
    • API String ID: 0-3779101261
    • Opcode ID: 0021ba31aa11349ea3120dabc20b42b65fa862d0bc5a89358cc8a7fa8383ab0b
    • Instruction ID: 3abdb1651b5a8e483177defe8568550f2ef23c6572ac42ba703d349a0036931c
    • Opcode Fuzzy Hash: 0021ba31aa11349ea3120dabc20b42b65fa862d0bc5a89358cc8a7fa8383ab0b
    • Instruction Fuzzy Hash: EAB17BB3F122254BF3404938CD983A26683DBD5320F2F82788A5C5BBC5DD7E9D0A5384
    Function 00BBE6A6 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: k
    • API String ID: 0-140662621
    • Opcode ID: e9f3a2be3e978f29e2d7b1d5e6d8445baa3662ca6681900886731fa51314579b
    • Instruction ID: 57934c9384d7307af0baa5efea1365125c745ea6119e143e8f6ddbb45914a409
    • Opcode Fuzzy Hash: e9f3a2be3e978f29e2d7b1d5e6d8445baa3662ca6681900886731fa51314579b
    • Instruction Fuzzy Hash: 62B168F7F516214BF3448929CC983A26683D7D4325F2F81788B5CAB3C6D9BE9C0A5284
    Function 00B670FB Relevance: 1.5, Strings: 1, Instructions: 291COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 5
    • API String ID: 0-2226203566
    • Opcode ID: 9d46598c8ff32577b245dc0f8286f301fca87eb9414c14224c3da197d8ab304d
    • Instruction ID: 3066b2763727dcdd46280eafe2c1e44f738b6748b1c9c4961f977c1fbf32bf75
    • Opcode Fuzzy Hash: 9d46598c8ff32577b245dc0f8286f301fca87eb9414c14224c3da197d8ab304d
    • Instruction Fuzzy Hash: 1FA16BB3E512358BF3544D28DC983A17692EBA5320F2F42788E8C6B7C5D97E6D0953C8
    Function 00BC6321 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: h
    • API String ID: 0-2439710439
    • Opcode ID: 56cc17b02ff482bc67003977968ec47c47f496f15f06cfb6b18b8f72ba809712
    • Instruction ID: 0e68b7c5818228d89554b13a6a26ee74d40c14b85354b7928c28e1c232026740
    • Opcode Fuzzy Hash: 56cc17b02ff482bc67003977968ec47c47f496f15f06cfb6b18b8f72ba809712
    • Instruction Fuzzy Hash: 62A17AF7F516254BF3844978DC983A2658397E5324F2F82388E5C6B7C6E87E9C0A4384
    Function 00AD61BC Relevance: 1.5, Strings: 1, Instructions: 284COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 3
    • API String ID: 0-1842515611
    • Opcode ID: 1e5878b6d9b7722e0948590d5476c2cbf3893b5eb3d41fd84bed1635d961bbc8
    • Instruction ID: ed9655d7ec6438a39ce810466eb65493fde7a06786ece921ce8c80fe309b9232
    • Opcode Fuzzy Hash: 1e5878b6d9b7722e0948590d5476c2cbf3893b5eb3d41fd84bed1635d961bbc8
    • Instruction Fuzzy Hash: F1A178F7F2162547F3584C78CD983A26582D7A5314F2F82788F49AB7C9E87E9C0A1384
    Function 00AF434A Relevance: 1.5, Strings: 1, Instructions: 281COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: KvL>
    • API String ID: 0-2692745568
    • Opcode ID: 65a974475075583eb341c7da29e7832776db1cae00544284626068b56671a3ac
    • Instruction ID: cc7e4ae1d2dfc199b432c318a81779a90c93f28f7ab3aa39ad04143ded5665c4
    • Opcode Fuzzy Hash: 65a974475075583eb341c7da29e7832776db1cae00544284626068b56671a3ac
    • Instruction Fuzzy Hash: BAA18CF3E1062547F3544D29CC983A2B282EBA5324F2F42798E5DAB7C5ED7E5C065388
    Function 00AEE00D Relevance: 1.5, Strings: 1, Instructions: 278COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: aW:T
    • API String ID: 0-2189573339
    • Opcode ID: d4b31ca77366fa59bea0dec6febf0476309983d38da8a41d7aa4632403ecd855
    • Instruction ID: 24e884ddf1a36734af25e3865ba5e41038599d1554bcb0fd52fe565fa6683bcf
    • Opcode Fuzzy Hash: d4b31ca77366fa59bea0dec6febf0476309983d38da8a41d7aa4632403ecd855
    • Instruction Fuzzy Hash: CD919FB3F506244BF3144D79DC883A276839B95324F2F82B88E5CAB7C6D97E5C0A5384
    Function 00CAA48E Relevance: 1.5, APIs: 1, Instructions: 24encryptionCOMMON
    Download Yara Rule
    APIs
    • CryptVerifySignatureA.ADVAPI32(?,?,?,?,?,?), ref: 00CAA4D5
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: CryptSignatureVerify
    • String ID:
    • API String ID: 1015439381-0
    • Opcode ID: 888d2bbe73a346a221436860a2ab7995dc48dbdb57ae94a6a8d85392afdb307e
    • Instruction ID: b00f156a556128dcf8955123cd6ed3d8d2f18853c5f9d6830e2dcf2592473b6f
    • Opcode Fuzzy Hash: 888d2bbe73a346a221436860a2ab7995dc48dbdb57ae94a6a8d85392afdb307e
    • Instruction Fuzzy Hash: E9F0F87260120AFFCF01CF94C90898E7B72FF49348B108125F91996510C3B59AA1EF81
    Function 00C20088 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: ,2
    • API String ID: 0-2622394089
    • Opcode ID: 15651b0019c0c5d82da71c05f173ce61779dac841c3e2ee88652c990cf63b461
    • Instruction ID: f617b75c7c2a176b5d3686bc73889e48954989830b0574e60f6004392d84f300
    • Opcode Fuzzy Hash: 15651b0019c0c5d82da71c05f173ce61779dac841c3e2ee88652c990cf63b461
    • Instruction Fuzzy Hash: D59179F3F2162147F3544C78CD983A6658297A4324F2F82788FACAB7CAD97E5D095384
    Function 00ADE206 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: ~
    • API String ID: 0-1707062198
    • Opcode ID: 42ba5c9caa893d0af25557d030f12a750904417623a997b03a28dc008d2329e5
    • Instruction ID: 426fe821cfe1185767525dccfc3ee14440e12e82b6e133a52047e9469841b6cb
    • Opcode Fuzzy Hash: 42ba5c9caa893d0af25557d030f12a750904417623a997b03a28dc008d2329e5
    • Instruction Fuzzy Hash: 8C91AFF7F1162547F3544928DC583A27682DB95324F2F82788E8CAB7C5D97EAC0A53C4
    Function 00AF65BA Relevance: 1.5, Strings: 1, Instructions: 247COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: R
    • API String ID: 0-1466425173
    • Opcode ID: 1f729aeb0476fd858052afd5c0e2da11057b95d44a51e39cbd9b05a808539238
    • Instruction ID: 6752c202874d5a417fa1e1f7edf0da2ac3d060156660b9c58f8aeeeb7fe2fc26
    • Opcode Fuzzy Hash: 1f729aeb0476fd858052afd5c0e2da11057b95d44a51e39cbd9b05a808539238
    • Instruction Fuzzy Hash: A08189B3F1162587F3444D68CC983A27293EBD5310F2F81788E49AB7C9E97E9D4A5384
    Function 00B9A41D Relevance: 1.5, Strings: 1, Instructions: 229COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: $
    • API String ID: 0-3993045852
    • Opcode ID: 1ae1028642af4a12cc642dd2ec700fb918349d8018d28b2919854f310449b20d
    • Instruction ID: 33331c18555b530d586ee0f840cf093b6d1cb8da00fa6d2ca8ee0d9e4a4d81fc
    • Opcode Fuzzy Hash: 1ae1028642af4a12cc642dd2ec700fb918349d8018d28b2919854f310449b20d
    • Instruction Fuzzy Hash: 848177F7F215214BF3144939CD483A126839BE5324F2F82788B9C2BBC9E97E5D0A5284
    Function 00BC418C Relevance: 1.5, Strings: 1, Instructions: 212COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: \
    • API String ID: 0-2967466578
    • Opcode ID: 8a78d418ed11f62867d2d979aa8b3484907311a4a15dd1f9867690c32b109d4f
    • Instruction ID: 071ebcb988c9f05718b408052743e67de69d068922b90322a3e6948ab03d346a
    • Opcode Fuzzy Hash: 8a78d418ed11f62867d2d979aa8b3484907311a4a15dd1f9867690c32b109d4f
    • Instruction Fuzzy Hash: EC7139F3E1162587F3544938CC583A67683EBA4324F2F42788E8DAB7C5E93E9D465384
    Function 00BBE3D5 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID: 5
    • API String ID: 0-2226203566
    • Opcode ID: 2eb621b812563ab2647cde721fe78d4ae199576bd121a9e86fded05aa4fd6e98
    • Instruction ID: ad2227d0068daba398efb3e2cf0c6bd7eb2f86acfa220d87bc0a93820c45244f
    • Opcode Fuzzy Hash: 2eb621b812563ab2647cde721fe78d4ae199576bd121a9e86fded05aa4fd6e98
    • Instruction Fuzzy Hash: 405171B3F5122547F3544D29CC983A17693EBD5320F2F82788E989B7C5D97E9C0A9384
    Function 00B6A040 Relevance: .5, Instructions: 516COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6bac973e4a89335082ddef9518232d4cd9b5bf45d8345d154dbec956d236a268
    • Instruction ID: 9fc704699e53db12696d12463f2fcb01972f06057060698974480f0d6b059991
    • Opcode Fuzzy Hash: 6bac973e4a89335082ddef9518232d4cd9b5bf45d8345d154dbec956d236a268
    • Instruction Fuzzy Hash: DA02A0F3E146204BF3585D28CC9937ABA92EB94310F1B863D8F8AA77C4D97E5C058785
    Function 00AE85A4 Relevance: .5, Instructions: 478COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7ef522e8adfd6f0c917a98f090891a8d5be8ba6845cfc48f1a7e445f97439daa
    • Instruction ID: 6d80c795da58aad5bf00b1184beb0f03d69718a553f3076cf7a2914531218642
    • Opcode Fuzzy Hash: 7ef522e8adfd6f0c917a98f090891a8d5be8ba6845cfc48f1a7e445f97439daa
    • Instruction Fuzzy Hash: 36F1BFF3F512244BF3144939DD983A276839B94324F2F82389F99AB7C5E87E4D0A52C5
    Function 00C306C6 Relevance: .5, Instructions: 471COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9fabbb1f3f28287d54f4d6d9697c71255432b0bb35f1a9d8c823e37df95f1040
    • Instruction ID: af48c1c8e1a43f67397f56a8d1821f4940a5db301db41ff18fd6a1be79dc332a
    • Opcode Fuzzy Hash: 9fabbb1f3f28287d54f4d6d9697c71255432b0bb35f1a9d8c823e37df95f1040
    • Instruction Fuzzy Hash: 40F1CFB3F256244BF3084939DC593A67693DBE4320F2F823C9A989B7C5D97D9C0A4284
    Function 00B92095 Relevance: .4, Instructions: 436COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9d7f9cc99f881d4f8d8a0764c4d3ae7b537f95e10baf04f479fbcf6a9ec44252
    • Instruction ID: 8d2b88be53a8577cb7b9b0319ad942e5ef6d442fc8a655d519199219b92afdb4
    • Opcode Fuzzy Hash: 9d7f9cc99f881d4f8d8a0764c4d3ae7b537f95e10baf04f479fbcf6a9ec44252
    • Instruction Fuzzy Hash: 71E1E2F3F142144BF3085E29DC95376B6D6EB94320F2B853CDA8A977C4E93EAC058285
    Function 00B664F8 Relevance: .4, Instructions: 385COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: df9679f0d2573d9fb3b9a148415b454cd63b1cddf23d743ecc68c697e1295113
    • Instruction ID: 04923d6edaa89969c6a5d21a7152efc600dbcc621e1c6770e76fa7577455069c
    • Opcode Fuzzy Hash: df9679f0d2573d9fb3b9a148415b454cd63b1cddf23d743ecc68c697e1295113
    • Instruction Fuzzy Hash: A8D17BB3F112258BF3544839CCA83A266839BE5324F2F82788F5D6B7C5DD7E5D0A5284
    Function 00B640D2 Relevance: .4, Instructions: 384COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2f11e7450fd5305b12f0d4f483a927412743b9efe5948abf9a1de84a2b6449b4
    • Instruction ID: a0fd817006360556af10ed5baffa8dc5b16440a8bd491b049abd3b738c776d86
    • Opcode Fuzzy Hash: 2f11e7450fd5305b12f0d4f483a927412743b9efe5948abf9a1de84a2b6449b4
    • Instruction Fuzzy Hash: D6D15CB3F1112547F3884939CD683666583DBD1320F2F823D8A5AAB7C9DD7E9D0A5384
    Function 00C480EF Relevance: .4, Instructions: 383COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b0e94fd09a8ded50e816948e3c9d98987d538b9346a82ce9e085616fed98c941
    • Instruction ID: 0d0ba16a65bafad2d933b78cce64318fcdf712c019d55b1e86d083205e28249a
    • Opcode Fuzzy Hash: b0e94fd09a8ded50e816948e3c9d98987d538b9346a82ce9e085616fed98c941
    • Instruction Fuzzy Hash: E5C1E0F260C7049FE314BE29DC8567EFBE5EF98320F16492EE6C583744EA3558408A87
    Function 00C14511 Relevance: .4, Instructions: 376COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2962c1e34144454b2117c467f910009127200695b08af2721a3a8f5fd52dbc65
    • Instruction ID: ef195cac49eea2d184d4aa217695dc93954a804e84bef5981fa724346c9bec4d
    • Opcode Fuzzy Hash: 2962c1e34144454b2117c467f910009127200695b08af2721a3a8f5fd52dbc65
    • Instruction Fuzzy Hash: 74D19DB3F105254BF3584939CC683A27583DB91324F2F82788EA96B7D9DD7E5C0A5384
    Function 00B58578 Relevance: .4, Instructions: 375COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 86f247cc9e7458d90c99d2c4734e45bd1af8e6aa3ab8bc73222e97cb112f739b
    • Instruction ID: 7b2f60c38b1b3d933b2456f40f5b991b4ffb946c890729b75d8ae07daaa9ccc6
    • Opcode Fuzzy Hash: 86f247cc9e7458d90c99d2c4734e45bd1af8e6aa3ab8bc73222e97cb112f739b
    • Instruction Fuzzy Hash: EDD16AF3F1122547F3544939DC983A225839BE5324F2F82788B5CAB7C5E87E9C4A5384
    Function 00B204CB Relevance: .4, Instructions: 371COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 424fcb3b2a2c2e271fe15b2c22ec0d2b83f37a0cc96e0efd901dc5b4bd3acf65
    • Instruction ID: ebfe62d75c445d8e93bc5d60576b20aeb57c9c5b705d49f28a607cd85f480fc1
    • Opcode Fuzzy Hash: 424fcb3b2a2c2e271fe15b2c22ec0d2b83f37a0cc96e0efd901dc5b4bd3acf65
    • Instruction Fuzzy Hash: 9CD1DDF3F512254BF3544878DD983626683D7E5320F2F82788F19ABBCAD87E5D0A5284
    Function 00BFA31E Relevance: .4, Instructions: 364COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b7e363d609971f2582ce9156de6cab3edcb06fbff471d386fe9945e4a018a7d5
    • Instruction ID: bed42e855c8b26d9ab26a8c0e5fac3e812136b0b6b3a04df92d0164f20aef971
    • Opcode Fuzzy Hash: b7e363d609971f2582ce9156de6cab3edcb06fbff471d386fe9945e4a018a7d5
    • Instruction Fuzzy Hash: E0C18BF3F1122147F3584928DC983A26583DBE5325F2F82798F5D6B7C9E87E5C0A5288
    Function 00B9E105 Relevance: .4, Instructions: 353COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 344e6f667246e471b0c6fbdadb26762241e4b8616700e2c0b2c1f318b435bcaf
    • Instruction ID: a20181d914c36a3286c8553f712bf052d53df97373ff82823f1a2a8f3446752a
    • Opcode Fuzzy Hash: 344e6f667246e471b0c6fbdadb26762241e4b8616700e2c0b2c1f318b435bcaf
    • Instruction Fuzzy Hash: 79C178F3F115254BF3544839CC983A26683ABE5324F2F82788E9C6B7C5D97E5D0A5284
    Function 00C2630C Relevance: .4, Instructions: 351COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0ec401fc6e86e817c8c973bc361ea51f06d79299b7b9818069b21dd675edeb75
    • Instruction ID: cad759859ed00cc377484dfdfb8c5b050edf03861542e88e3fc930d5788cc99d
    • Opcode Fuzzy Hash: 0ec401fc6e86e817c8c973bc361ea51f06d79299b7b9818069b21dd675edeb75
    • Instruction Fuzzy Hash: 8AC19CF7F1112547F3584839DC583A2A6839BD4324F2F82788F5D6BBC9D97E5C0A5288
    Function 00B1F18B Relevance: .3, Instructions: 347COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 03f86765257b100144f9ea1a4d84fa74315cd249555411e2ec38356e5cbb495f
    • Instruction ID: 103a21a2cd3f5558f72d2cdfe1b51fea6f727b0c16363599ca59bc07d2358e37
    • Opcode Fuzzy Hash: 03f86765257b100144f9ea1a4d84fa74315cd249555411e2ec38356e5cbb495f
    • Instruction Fuzzy Hash: 6EC179F3F1162147F3544829DCA83A266839BE4324F2F82788E5D6B7C6DDBE5C4A5384
    Function 00B6C484 Relevance: .3, Instructions: 345COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5ca5adc08175e802f3a97fc7e125ecfad386586a0e9d4be07195839e0d33023b
    • Instruction ID: cce062f652213b458d7bf65cc750b83e5590f30b0e9cf1fbaaa344ddee156f90
    • Opcode Fuzzy Hash: 5ca5adc08175e802f3a97fc7e125ecfad386586a0e9d4be07195839e0d33023b
    • Instruction Fuzzy Hash: 2FC16BB3F1162587F3544978CC983A26683DBD5320F2F82788F58AB7C9D97E9C0A5384
    Function 00BAC053 Relevance: .3, Instructions: 343COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c18adc2d59a1aea6ff44c67c6f22beb83a661d1445f45029373f318329d63be1
    • Instruction ID: 33d55bbdb3040e4e2c581ddcef2cf3779e3c4ff4a46f00f461a34e6b9a73b0af
    • Opcode Fuzzy Hash: c18adc2d59a1aea6ff44c67c6f22beb83a661d1445f45029373f318329d63be1
    • Instruction Fuzzy Hash: 6FC18AF3F6153547F3544869CC883A26682A7A5320F2F82788E9CAB7C5ED7E5D0A52C4
    Function 00C0C1FB Relevance: .3, Instructions: 336COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1070497cf0b20e52709e54091b99aca1194f124eb8c66386332920793478661a
    • Instruction ID: 9fe66a81836f5abe8fb75c2206f9fa5b149e213e432cb7f95e142384cffe63f5
    • Opcode Fuzzy Hash: 1070497cf0b20e52709e54091b99aca1194f124eb8c66386332920793478661a
    • Instruction Fuzzy Hash: 00B17BB7F1122587F3444968DC983A27643EBD5310F2F81788E98AB7C5D97E9D0A9388
    Function 00C063B7 Relevance: .3, Instructions: 332COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ab6fdec212cda6aa2d990083aee4ed4cbcfc849e59dffad07bf04f0d653b353d
    • Instruction ID: b5f6a256b5d9d030a6ff37586d9772f229b64db8f891f4e73a4f49af8fae46ee
    • Opcode Fuzzy Hash: ab6fdec212cda6aa2d990083aee4ed4cbcfc849e59dffad07bf04f0d653b353d
    • Instruction Fuzzy Hash: 28B179B3F1122587F3544969CC983A27693EBD5314F2F82788F48AB7C5E97E5C0A5284
    Function 00C3017C Relevance: .3, Instructions: 331COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c7fdbbe11a1d6f167f0bd88900d1102d7a6dcb447229d59adc3a9710b343dd2b
    • Instruction ID: 72bcc2afbb2d01d88ed29521744dc4ef8e6ff74004dd6e8a4b80d946d8eee52e
    • Opcode Fuzzy Hash: c7fdbbe11a1d6f167f0bd88900d1102d7a6dcb447229d59adc3a9710b343dd2b
    • Instruction Fuzzy Hash: 20B17AB3E1153547F3584978CCA83A2A5829BA4324F2F827C8E5DBBBC5D97E5D0A13C4
    Function 00BB8223 Relevance: .3, Instructions: 330COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 183efdf2acefa52e0700cde4781dfe907b8bd96dd63ab1f07ee43acb77296bce
    • Instruction ID: d3e906a86631467a092b751b2e5e73a1c03898d5ad3730bd0ac6be136b09b62f
    • Opcode Fuzzy Hash: 183efdf2acefa52e0700cde4781dfe907b8bd96dd63ab1f07ee43acb77296bce
    • Instruction Fuzzy Hash: 3EB15CB3F1112547F3984939CC583A66683DBD5324F2F82788A5DAB7C8DD7E9C0A5388
    Function 00BA8086 Relevance: .3, Instructions: 328COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6fd888cf650c9f27cb682c6271abf9dab54b3e1e0efb01d377d1b8db97c2150f
    • Instruction ID: 2104efc9ecd799eb964b01d199f2c61cfca9db874e1e50904db54cc95e84de46
    • Opcode Fuzzy Hash: 6fd888cf650c9f27cb682c6271abf9dab54b3e1e0efb01d377d1b8db97c2150f
    • Instruction Fuzzy Hash: 33B18FB3F1022547F3544D79CD983A266839B95324F2F82788F9CAB7C5D97E9C0A5388
    Function 00BFC564 Relevance: .3, Instructions: 328COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 043dce6bee4f868db9c8fcfa04630d4ff7398c357dea2a95f610452ab3f2ec89
    • Instruction ID: f8d287b03ca5040d44b03f97bf25a7761882dba10d39e222ec9d52e99330a342
    • Opcode Fuzzy Hash: 043dce6bee4f868db9c8fcfa04630d4ff7398c357dea2a95f610452ab3f2ec89
    • Instruction Fuzzy Hash: 4AB18DB3F1062547F3584928DC683B27682DBA5310F2F827D8F4AAB7C5D97E5C4A5384
    Function 00B4E214 Relevance: .3, Instructions: 325COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d14e194de88101599129433a12576f37f9013f9d3f5aa5cbd6ceeb447b41e019
    • Instruction ID: 26e2b790ac7a0e77128f9ff14748c5162d1f09c09bbe6ddfbc4c61bab0be7017
    • Opcode Fuzzy Hash: d14e194de88101599129433a12576f37f9013f9d3f5aa5cbd6ceeb447b41e019
    • Instruction Fuzzy Hash: 43B18BB3F502258BF3544D68CC983A27693EBD5310F2F42788B985B7C5E97E9D096384
    Function 00C0F1CD Relevance: .3, Instructions: 324COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 314adbed9654cfa60411afb58bbea7584c23da6de97b2efbeb2eefd59cced4e8
    • Instruction ID: aa404d9456781d13ce4b7d0239316f7553058f93b513eed5b973521b05a22d6f
    • Opcode Fuzzy Hash: 314adbed9654cfa60411afb58bbea7584c23da6de97b2efbeb2eefd59cced4e8
    • Instruction Fuzzy Hash: D1B145F3F112254BF3984939CD983A26583ABE1324F2F42788F9D6B7C5D87E5D0A5284
    Function 00B8B1F5 Relevance: .3, Instructions: 323COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a1d0526547b45baf8d1d0ec412dc2a76a9074accce462f8c9e29f64d063376dd
    • Instruction ID: 210d12121545c722fe7c44c8efbd280754981ed8e19bceff4209535af05c634d
    • Opcode Fuzzy Hash: a1d0526547b45baf8d1d0ec412dc2a76a9074accce462f8c9e29f64d063376dd
    • Instruction Fuzzy Hash: ADB166F7F5162147F3584879DCA83A2658397A1324F2F82788F9D6BBC6D87E4D0A4384
    Function 00BAE312 Relevance: .3, Instructions: 323COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ab2a101b5b3264953f01b536022a8667a2a46ed76604af70e9a73d6d5f62c9bd
    • Instruction ID: 7dd98f1b281716b89350ef91e35fbfb8f5a8f4ae01b6c73341657e7df8d3a448
    • Opcode Fuzzy Hash: ab2a101b5b3264953f01b536022a8667a2a46ed76604af70e9a73d6d5f62c9bd
    • Instruction Fuzzy Hash: ACB18CB3E1062547F3584D39CCA83627682EBA4324F2F427D8F9A6B7C5D93E5C0A5384
    Function 00B1C4BF Relevance: .3, Instructions: 323COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 69c3017c0675f613670a054c12890347425f53844cf09c8bc5c02ece58f2777b
    • Instruction ID: ea62f6be872d8bb13a3ceadfba5ac25f88eed93766a02f5d438174d9be98c09c
    • Opcode Fuzzy Hash: 69c3017c0675f613670a054c12890347425f53844cf09c8bc5c02ece58f2777b
    • Instruction Fuzzy Hash: A5B17CB3F5062447F3544978CC983A26683DBD5325F2F82788F9CAB7C9E97E9C095284
    Function 00B190FE Relevance: .3, Instructions: 322COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a029b3395886f9d0eefee1f21905ed4837e27e45026d72d181546284c3a67037
    • Instruction ID: d2ce49a1aef1078dce3c456b785d3d5170202d7e22d0dd7dcd2c94df91cedd50
    • Opcode Fuzzy Hash: a029b3395886f9d0eefee1f21905ed4837e27e45026d72d181546284c3a67037
    • Instruction Fuzzy Hash: E2B138E3F5122547F3544869CD983A26583ABE5324F2F82388F4D6BBCAD87E5C4A5384
    Function 00B9445F Relevance: .3, Instructions: 318COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8cf9864a6b49f094b3e36004c34df00f81824ba674dec6c4080219c53efbb9e1
    • Instruction ID: 624b7ce2f7ba44a9662d4287792148bcf009cbcb05faad3b63d50ec348b40dc0
    • Opcode Fuzzy Hash: 8cf9864a6b49f094b3e36004c34df00f81824ba674dec6c4080219c53efbb9e1
    • Instruction Fuzzy Hash: 0FB189B7F106254BF3444879CC983A26583EBE5324F2F82788E5C6B7C6D9BE5C0A1384
    Function 00C00535 Relevance: .3, Instructions: 317COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: adb5861e8239d8a4521fd28d5bc85da63bd849046db0660d77299d6401251443
    • Instruction ID: 354035e9b0942f47a77c7289df186eee032cb35122b63ce741518446d4200af2
    • Opcode Fuzzy Hash: adb5861e8239d8a4521fd28d5bc85da63bd849046db0660d77299d6401251443
    • Instruction Fuzzy Hash: 4CB17AB3F1152447F3984939CCA83A661839BD5324F2F827D8E5DABBC5DC7E5C0A9284
    Function 00B2D004 Relevance: .3, Instructions: 314COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6bfef425c925d4ed8fe93a14f4f5b61b2c9c9435c0a77e2dd23388471f2139b2
    • Instruction ID: ec6be3ce43027eccb3bc6facbec2d23662a65be8291074ccc8355459ce513f35
    • Opcode Fuzzy Hash: 6bfef425c925d4ed8fe93a14f4f5b61b2c9c9435c0a77e2dd23388471f2139b2
    • Instruction Fuzzy Hash: F9B18FB3F1162147F3548979CC98352A683DBD5324F3F82388E5CAB7C9E97D9C0A4284
    Function 00AEF00E Relevance: .3, Instructions: 309COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bc6ab4b88ef9e6fcfd096509b355f3a45857715dd359572c7c823e308ca8861d
    • Instruction ID: ced5b03176b794c21c093e7c33217a954bd45fd1c66e15c074918e33ca591633
    • Opcode Fuzzy Hash: bc6ab4b88ef9e6fcfd096509b355f3a45857715dd359572c7c823e308ca8861d
    • Instruction Fuzzy Hash: 62B16CB3F1122547F3544D79CC983627693ABD5320F2F82788E5CAB7C9D97E6C0A5284
    Function 00B38022 Relevance: .3, Instructions: 308COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2004ae4711c6f0a0c49514a88288b10147ecd3771165942a30b37258f57945c3
    • Instruction ID: f9abd8d3fbebbd2ffc8e121084dc73d30014d495fba931c57bef1277c3295a28
    • Opcode Fuzzy Hash: 2004ae4711c6f0a0c49514a88288b10147ecd3771165942a30b37258f57945c3
    • Instruction Fuzzy Hash: 4FB149B3F1162587F3544969CC983A27283EBD4324F2F82788F996B7C5D97E5C0A5284
    Function 00BBD046 Relevance: .3, Instructions: 308COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b35c701c914403b942d29f06484c9aee2d689bdb592ea8f24584a1c15be63e84
    • Instruction ID: b4986e9779d737fae1bdc595bc4d26d1865701077eeec32d8dc45eb2af3f595d
    • Opcode Fuzzy Hash: b35c701c914403b942d29f06484c9aee2d689bdb592ea8f24584a1c15be63e84
    • Instruction Fuzzy Hash: 51B17CB3F102258BF3544E28CC983A27692EB95314F2F42788E5C6B7C5D97F6D0A9384
    Function 00C2A2FA Relevance: .3, Instructions: 308COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: dcdd5401d266845d64adc476b1e7634c548d20f6cc3d5410efd3d1e718ba7e46
    • Instruction ID: c37c7ad559b98c352d7db4bd9d0a616b43df99faf978ac4f94ff45a566011ec7
    • Opcode Fuzzy Hash: dcdd5401d266845d64adc476b1e7634c548d20f6cc3d5410efd3d1e718ba7e46
    • Instruction Fuzzy Hash: 11A179B3E1022587F3584978CCA83627682AB95324F2F42788F9D6B7C6D97E5D0A53C4
    Function 00B55052 Relevance: .3, Instructions: 307COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f836065c135c2f3d75bb5ef7a54b19d355a8208c7902c3e814d825c89ec5bbac
    • Instruction ID: fc1154631679d4b3f7b4b387315828fe686775e1d33c6cb151743c6c86acfc5d
    • Opcode Fuzzy Hash: f836065c135c2f3d75bb5ef7a54b19d355a8208c7902c3e814d825c89ec5bbac
    • Instruction Fuzzy Hash: DFB19CB3F6062547F3584928CCA83A27683DBD5314F2F42788F49AB7C5E97E5C0A5388
    Function 00B80691 Relevance: .3, Instructions: 306COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4d8417c93e80a0589eb3a1ca0c9751905061cab527db611c5531122f4d64b068
    • Instruction ID: a7dd45e5b39c405a92c6c78fd5ddb65dc29300a615b9105fc637432508b9a7c4
    • Opcode Fuzzy Hash: 4d8417c93e80a0589eb3a1ca0c9751905061cab527db611c5531122f4d64b068
    • Instruction Fuzzy Hash: 2FA19FF3F506254BF3544878CC983A26682DB95324F2F82788F5CAB7C9D97D9D0A5288
    Function 00BB014E Relevance: .3, Instructions: 305COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f7e109351e3eaa7113df6aee1fe70c406ed2896454f8e47f3b776528d241404b
    • Instruction ID: 60aa9574c64fcb12da48a378a639b495f08f8444320e3b8d7308887490116ff5
    • Opcode Fuzzy Hash: f7e109351e3eaa7113df6aee1fe70c406ed2896454f8e47f3b776528d241404b
    • Instruction Fuzzy Hash: BFA18FB3F106258BF3544D39CC583A27692DB95320F2F82788E5DAB7C5D97E9C0A5384
    Function 00B982F5 Relevance: .3, Instructions: 303COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8c0955879feeb47d5c293f2d64a51dfa0f6c9211e5802c72528062c386ac3001
    • Instruction ID: 8d6612e56eb029c4f569ddf61bb9347f718dba04f27da5f56b506503857d2e41
    • Opcode Fuzzy Hash: 8c0955879feeb47d5c293f2d64a51dfa0f6c9211e5802c72528062c386ac3001
    • Instruction Fuzzy Hash: 08A18DB3F1122587F3444939CC983A27683E7D5324F2F82788A586BBC9DD7E9D065388
    Function 00B4249A Relevance: .3, Instructions: 302COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a0f84e623359fa16e3a3e71bc1c360c79f54ba0a0f45815cf30e6c1cf55576e7
    • Instruction ID: 5bad8c0ee2f9e2ce5115447d672d8ac028e95d7362ac3623927027a317a9915a
    • Opcode Fuzzy Hash: a0f84e623359fa16e3a3e71bc1c360c79f54ba0a0f45815cf30e6c1cf55576e7
    • Instruction Fuzzy Hash: F1A18BB3F5022587F3544E69CC94362B693EB95314F2F827C8E49AB7C8D97E5C0A5384
    Function 00BD0524 Relevance: .3, Instructions: 299COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2af6a21f0547d02ee02b9d17e5d5fb30c6d02d92c5e70e0bd016d0bfcec30106
    • Instruction ID: 09ceb1fc6c18227cc7830d523ac8125f4ea87401d7bc9eea8be947f41640aa72
    • Opcode Fuzzy Hash: 2af6a21f0547d02ee02b9d17e5d5fb30c6d02d92c5e70e0bd016d0bfcec30106
    • Instruction Fuzzy Hash: 89A1BAB3F115254BF3544839CC583A16A83ABE5324F3F82788AAC6B7C5DD3E9C0A5384
    Function 00BE214F Relevance: .3, Instructions: 298COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4d1f8cd49dc3dd40033bd89ef69d7c7dcd468a7f0c5984c92b5fee28cd388964
    • Instruction ID: 5750dae84bd1d7ed0d8c3c50c2a37dc2ac5b80f18c0f2bb5157273b0a9136b2d
    • Opcode Fuzzy Hash: 4d1f8cd49dc3dd40033bd89ef69d7c7dcd468a7f0c5984c92b5fee28cd388964
    • Instruction Fuzzy Hash: F2A14DB3F116254BF3544929CC983A27293DBD5314F2F82788F58AB7C9D93E5C0A9384
    Function 00AE445A Relevance: .3, Instructions: 297COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4acb94b7e3f77f4c8b5b6ba6915ebe46ee7f847fa2772ffb4943c63ea7425926
    • Instruction ID: dd3d43223800280669407c288acde4e3ae45a3fbbca690742d3801ec1ff67bb9
    • Opcode Fuzzy Hash: 4acb94b7e3f77f4c8b5b6ba6915ebe46ee7f847fa2772ffb4943c63ea7425926
    • Instruction Fuzzy Hash: BAA158B3F102258BF3544D29CC983627693EBA5314F2F81788F496B7C5DA7E6D0A5388
    Function 00B47199 Relevance: .3, Instructions: 295COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bc6d5fa8796969ce87b0395d0fff361b811e37ee584c9c4612eb311e20d6cf90
    • Instruction ID: 094a32171cbd6db71397135ab94e2091c44c0e0a9ad260cfaf8c52e728458bdd
    • Opcode Fuzzy Hash: bc6d5fa8796969ce87b0395d0fff361b811e37ee584c9c4612eb311e20d6cf90
    • Instruction Fuzzy Hash: EEA1ABF3F1112487F3444928CC583A17293ABD5324F2F82B88E9C6B7C5D93E5D0A9388
    Function 00B1A370 Relevance: .3, Instructions: 295COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e0a1fa929286b5d2236b84a10445be6aa6c99df45c3f37a9f4c38c719ab6eddc
    • Instruction ID: 27e330e308761ec3f1e108bdf92385491525f3ac33d84e7e920f79caa7aa9588
    • Opcode Fuzzy Hash: e0a1fa929286b5d2236b84a10445be6aa6c99df45c3f37a9f4c38c719ab6eddc
    • Instruction Fuzzy Hash: 2FA16DB3E1122647F3544D29CC583A1B693EBD4310F2F82788F88ABBC9D97E9D565384
    Function 00B10396 Relevance: .3, Instructions: 290COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f049d32bce9545f8a37895dfb84679610a76218d0e2c757ebf9d4c21a9ec2699
    • Instruction ID: e3ebe96753c5a65efce78a2c53270c22585920e90342b46136f7e26c25fe2e99
    • Opcode Fuzzy Hash: f049d32bce9545f8a37895dfb84679610a76218d0e2c757ebf9d4c21a9ec2699
    • Instruction Fuzzy Hash: E5A17AB3F1162547F3584878CCA83B22583DBE5320F2F82788B59AB7C5D87E8D0A5384
    Function 00C2D000 Relevance: .3, Instructions: 289COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 873039aaf98a6238679c0922298c8fc09e02e6e9bc90b4034823d107ea78d033
    • Instruction ID: ff46027dd649f0ff4ba142ce9ada9a75c6f27d8f35128d8f896637a22069eb14
    • Opcode Fuzzy Hash: 873039aaf98a6238679c0922298c8fc09e02e6e9bc90b4034823d107ea78d033
    • Instruction Fuzzy Hash: FDA169B3F1162547F3944878CD983A26583DBD5320F2F82788F5CAB7C5E9BE9D095288
    Function 00BDA3E4 Relevance: .3, Instructions: 289COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2e58f81e0ac072e29e1bdc8397d2288156e0b1f43924c7cb00331aee3fd070ba
    • Instruction ID: 1d1acaa1b597e7a893184da5bea01633f6192e974a3167fd38d189900115bb44
    • Opcode Fuzzy Hash: 2e58f81e0ac072e29e1bdc8397d2288156e0b1f43924c7cb00331aee3fd070ba
    • Instruction Fuzzy Hash: 7CA15AB3F112254BF3444974CC983A266839BE1325F2F82788F5D6B7CAE97E5C4A5284
    Function 00BA2022 Relevance: .3, Instructions: 288COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 58a248c20026f15a293c01ffaa154811b5cc5bd16a5e07b8082c844a898c9c25
    • Instruction ID: a576e0f65abdb2bde13fe44db5e1661e2bdac360bc01c4c25184dc548ce94eb1
    • Opcode Fuzzy Hash: 58a248c20026f15a293c01ffaa154811b5cc5bd16a5e07b8082c844a898c9c25
    • Instruction Fuzzy Hash: 2BA169F7F5022647F3484D78CD593A26682EB90315F2F82388F49ABBC5DD7E9D095288
    Function 00B68172 Relevance: .3, Instructions: 288COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8f634dd037dae7893384f8bf3bf0894c1707134ec867037468b8b32410523030
    • Instruction ID: 3b13da4b376a74e802468236356e733d8d5d02071c639dcd4c3c698f4f65433a
    • Opcode Fuzzy Hash: 8f634dd037dae7893384f8bf3bf0894c1707134ec867037468b8b32410523030
    • Instruction Fuzzy Hash: A0A17BF3F2162547F3544869DCA83626583DBE5324F2F82788F59AB7CAD87E5C0A4384
    Function 00B0C271 Relevance: .3, Instructions: 288COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f36aed3930f6b0b4c6a6b60f2d92ad0b2242802a11139514dc592f48e7246e14
    • Instruction ID: dc7eabe26021c0498d65b19acd48196e4a2f9a7ca5e8989292f23844c8935e98
    • Opcode Fuzzy Hash: f36aed3930f6b0b4c6a6b60f2d92ad0b2242802a11139514dc592f48e7246e14
    • Instruction Fuzzy Hash: C2A15BB3E111258BF3504E28CC943A17693EBA5720F2F42788E9C6B7C5DA7F6D169384
    Function 00B14370 Relevance: .3, Instructions: 288COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bbbbc64f51f1c2bcf9989bb3976807afef1c04104a9158ba4af7f6b8e051aca3
    • Instruction ID: f80a3c29be8ec12e13b5e7dab07f5fc140a2c1b9ce87db003109538fa4b1bbc8
    • Opcode Fuzzy Hash: bbbbc64f51f1c2bcf9989bb3976807afef1c04104a9158ba4af7f6b8e051aca3
    • Instruction Fuzzy Hash: 27A19BF3F1122547F3544978CD883A266939B91320F2F82788F5CABBC9DD7E4D0A5284
    Function 00BA858D Relevance: .3, Instructions: 288COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f478ecd5b640243a599ebe6b5ec433948d05bfe74506cd1d6c63783bbcdb812e
    • Instruction ID: 973ed71ad0e4086082fd9b03ee97319616fd28bbebc1aa98420a1f3712af2a60
    • Opcode Fuzzy Hash: f478ecd5b640243a599ebe6b5ec433948d05bfe74506cd1d6c63783bbcdb812e
    • Instruction Fuzzy Hash: A9A159B3F1052587F3544928CC543A27692ABA5324F2F42788F9C7B7C5D97E6D0A53C8
    Function 00B9C58C Relevance: .3, Instructions: 286COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bb916d32bce95f096f7758592f48003de2b5d01657a6a4675ef49c2053e3a80d
    • Instruction ID: 3cbfa913cd0a9395bd25f862ac999a5a2e3c84fb3c15dc8694a78db14ed73d38
    • Opcode Fuzzy Hash: bb916d32bce95f096f7758592f48003de2b5d01657a6a4675ef49c2053e3a80d
    • Instruction Fuzzy Hash: 63A157F3F1162547F3584879CDA83626582DBA5320F2F82788F9D6BBC6D87E5D0A1384
    Function 00B04101 Relevance: .3, Instructions: 285COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9ad2d7b483651f0ddab2066d956999bed42f980945fd81470dda2fe4a6ab0603
    • Instruction ID: 7557a4eb6aed37e1a50ce1d250a686e8cf1111176c7f9421179eb4cc4ba4650b
    • Opcode Fuzzy Hash: 9ad2d7b483651f0ddab2066d956999bed42f980945fd81470dda2fe4a6ab0603
    • Instruction Fuzzy Hash: 71A19BB3F516258BF3484979CC983A272839BD5324F2F827C8B589B7C9D97E5C0A5384
    Function 00BF83EC Relevance: .3, Instructions: 285COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 158d19a97b36df2ec5763a0e63d1cd452018617679b733cb8ab9455fabc9b176
    • Instruction ID: 3de591a17aee6bdb47573fa0b074d2d7b1472fd1d322dc9f6087487f1b2bec75
    • Opcode Fuzzy Hash: 158d19a97b36df2ec5763a0e63d1cd452018617679b733cb8ab9455fabc9b176
    • Instruction Fuzzy Hash: 53A18BB3F5162587F3544838CC983A27282EBA5324F2F82788E5D6B7C9DD7E5D0A5384
    Function 00B02483 Relevance: .3, Instructions: 285COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 95189e9af5644612f4753bbddf079b5179d752c475c5223ffb737d3fb03b368c
    • Instruction ID: 7177be036072524ac51e22c3bd96c376585fbd11f5cddab63421763dd6dc07bf
    • Opcode Fuzzy Hash: 95189e9af5644612f4753bbddf079b5179d752c475c5223ffb737d3fb03b368c
    • Instruction Fuzzy Hash: 40A16BB3F1162487F3544D29CC983A27683DBA9320F2F42798F996B3C5D97E5C4A5384
    Function 00B58141 Relevance: .3, Instructions: 284COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5c13ba77515708ac3a6e52b01753f1a8410f4d66659a6cff1aef7b6e9aff373a
    • Instruction ID: f48cd2083579324cf9732c874714940b06b22faffe20f1801d4fc2efbab07aed
    • Opcode Fuzzy Hash: 5c13ba77515708ac3a6e52b01753f1a8410f4d66659a6cff1aef7b6e9aff373a
    • Instruction Fuzzy Hash: 38A17CB3F1122587F3504E69CC84362B393EB95715F2F81788F886B7C9D97E6C069288
    Function 00B12407 Relevance: .3, Instructions: 284COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 656248e452869062a05fbb3e470f23295a89f576dc79f3373d992ab82a15e9db
    • Instruction ID: fd21e64cb83b91c1ba97400e84206aececec76652275aa0ff989fe8224aa9126
    • Opcode Fuzzy Hash: 656248e452869062a05fbb3e470f23295a89f576dc79f3373d992ab82a15e9db
    • Instruction Fuzzy Hash: 9CA15CB3F1112547F3544928CC583A27683EBE5325F2F82788E9CAB7C9D97E9C4A5384
    Function 00B320AE Relevance: .3, Instructions: 283COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3490a9dd2575478c8f605eb839d31d170480e56dc91ee9d0bacb053a78b676aa
    • Instruction ID: 3d6844e4b8c54e8811f8b78b8a09f4a51659280e131eb02aa001fd0e655ec9c1
    • Opcode Fuzzy Hash: 3490a9dd2575478c8f605eb839d31d170480e56dc91ee9d0bacb053a78b676aa
    • Instruction Fuzzy Hash: EAA17BF3F5122587F3444A29DC983A27683DBD1314F2F81788F486B7C9D97E5D0A5288
    Function 00B3E1F1 Relevance: .3, Instructions: 283COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2418bbb25f37293500838a43c37ed68a33d1410f8ac97e317f628503720278a6
    • Instruction ID: 2ff7ed0ab3dd12daec4ceeb9c1f34719d5be4015a0e0ec75f1fc66fc423a319e
    • Opcode Fuzzy Hash: 2418bbb25f37293500838a43c37ed68a33d1410f8ac97e317f628503720278a6
    • Instruction Fuzzy Hash: ABA146F3F116254BF3844929CC983666683EBD5324F2F82788F48AB7C5D97E5D0A5388
    Function 00BAA091 Relevance: .3, Instructions: 282COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 61117a0c5f499e96272d5b667449a101608a6b1de4151af750a818429fd370fe
    • Instruction ID: 5d58bb40117b8c149be9248b9348403213a2f694bbb7ccfba243655737cdf28f
    • Opcode Fuzzy Hash: 61117a0c5f499e96272d5b667449a101608a6b1de4151af750a818429fd370fe
    • Instruction Fuzzy Hash: 55A179B3F112218BF3584939CC583626683DBE5314F2F82788F9DAB7C9E97E5C095284
    Function 00BF9086 Relevance: .3, Instructions: 282COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a8be211ceee99d7a6db58d752ec5b7e3433a32fac8a67b859ca032619866c321
    • Instruction ID: 7e876d1f95af0ab285310d66908ca38db119b467f2e89387fcb20cf42fbfba70
    • Opcode Fuzzy Hash: a8be211ceee99d7a6db58d752ec5b7e3433a32fac8a67b859ca032619866c321
    • Instruction Fuzzy Hash: 19A17BF7F6062547F3584879CC983A26682D7A5324F2F82388F5DAB7C5DDBE5C0A1284
    Function 00AEC497 Relevance: .3, Instructions: 282COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 15f36d1a22a0e58ec314b2e9856ff3d0021ee71e021c2cc3be96ec89bbe11d8d
    • Instruction ID: a031688c14fd541a7231076933d462d6b3a64d037bb4f54c7fb17e69f293ca13
    • Opcode Fuzzy Hash: 15f36d1a22a0e58ec314b2e9856ff3d0021ee71e021c2cc3be96ec89bbe11d8d
    • Instruction Fuzzy Hash: C3A15AF3F1262547F3484828CDA83626583ABE5320F2F82798B5D6B7C5DD7E5D0A5384
    Function 00AE2467 Relevance: .3, Instructions: 282COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ea5d201fce68a852764339bebd4fab31ba754c6eb64ccbf436d7afaf13dc8378
    • Instruction ID: 68b1dbffc6a2f598fd072ed3b871743c07e81b7777374edcf70389ceca1bdcd8
    • Opcode Fuzzy Hash: ea5d201fce68a852764339bebd4fab31ba754c6eb64ccbf436d7afaf13dc8378
    • Instruction Fuzzy Hash: F4A1BCF3F5022547F3444878CC993A17683DB95314F2F82388F08AB7C9D97E5D0A5288
    Function 00C0E409 Relevance: .3, Instructions: 282COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fe3d40d6cfc4f07f598aa7d262184bef11b07417113af2c73f6886fd0a6396e2
    • Instruction ID: 8e83b9bdc0365619b1041a42dd84c2d624394edea4047ed405da55f573152cab
    • Opcode Fuzzy Hash: fe3d40d6cfc4f07f598aa7d262184bef11b07417113af2c73f6886fd0a6396e2
    • Instruction Fuzzy Hash: 44A17AB3F2162547F3544839CC683A2668297A5320F2F82788F6D6B7C5ED7E5D0A53C4
    Function 00B9C104 Relevance: .3, Instructions: 281COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e2c6707bd356d855bfeceb25aade749408aeee8aff4c823e59ef7d6a89d8549d
    • Instruction ID: a87def2b3964ec7325dfce026ab2d2416478d767f8efccfad266a7277538fe67
    • Opcode Fuzzy Hash: e2c6707bd356d855bfeceb25aade749408aeee8aff4c823e59ef7d6a89d8549d
    • Instruction Fuzzy Hash: 68A188B3F112254BF3644979CD983A26A829B95324F2F82788F9C6B7C9D87E1D0953C4
    Function 00B40234 Relevance: .3, Instructions: 281COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9952329faff70400b9692ef37b0b1ac0cd5570b684bb6831f9f8e0c6ba39668e
    • Instruction ID: 60fad611d3e18877b04c9eceedea4dd95cc8c19bf3019dd1e1836629d277567c
    • Opcode Fuzzy Hash: 9952329faff70400b9692ef37b0b1ac0cd5570b684bb6831f9f8e0c6ba39668e
    • Instruction Fuzzy Hash: 1DA158B3F112254BF3584D29CC983A27683D794324F2F81798F896B7C5D9BE6C065388
    Function 00ADA684 Relevance: .3, Instructions: 281COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 15e9b1dfa7b90a2ec937545583eec16d527c2431832897c588f3241dcb79967a
    • Instruction ID: 2fb59d2b5e352132c1ea00376014c5f12e439af45f05c09d285b3daa76812920
    • Opcode Fuzzy Hash: 15e9b1dfa7b90a2ec937545583eec16d527c2431832897c588f3241dcb79967a
    • Instruction Fuzzy Hash: AFA19CB3F1122547F7444929CC983627293EBD5314F2F81788B49AB7C9DD7E6C0A9388
    Function 00BD00B1 Relevance: .3, Instructions: 279COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b2a95399cc0806a663e397567a07051a6faa4914ad321e02f8026c8a578edb7f
    • Instruction ID: 6b37021b744924b77c602f691867be046d7f361cf5131cc8667114e726333c99
    • Opcode Fuzzy Hash: b2a95399cc0806a663e397567a07051a6faa4914ad321e02f8026c8a578edb7f
    • Instruction Fuzzy Hash: FE918EB7F1122147F3444939DC683626683DBE5324F2F82788E59AB7C9ED7E5C0A0384
    Function 00B250B3 Relevance: .3, Instructions: 278COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d3aacba66a0766e39e4537e975eef7577bb08327fa635ebfca4d9631180b7599
    • Instruction ID: 4077784fc973094e3d35473580289a6c15cb112adf06f515fb71ecae36182148
    • Opcode Fuzzy Hash: d3aacba66a0766e39e4537e975eef7577bb08327fa635ebfca4d9631180b7599
    • Instruction Fuzzy Hash: 24918CF7F6162547F3584838CC583A26683D7A5320F2F82788E58AB7C5DD7E9D0A5384
    Function 00B303DB Relevance: .3, Instructions: 278COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 664baa98346d58f216b17143611eb7f1da5a84ec32c2063f8f8cc45b3b0cf5cb
    • Instruction ID: c2cc6c8c8e1e5e8759994a1524ad522a7d14d5cc3dc4e6332ffd770382c7a3b3
    • Opcode Fuzzy Hash: 664baa98346d58f216b17143611eb7f1da5a84ec32c2063f8f8cc45b3b0cf5cb
    • Instruction Fuzzy Hash: 94A16DB3F112248BF3444D29CC983A27693EBE5314F2F81788E985B7C9D97E5D0A5384
    Function 00B56485 Relevance: .3, Instructions: 278COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 71f5970cd6ee6c5f2330a0307d12b7a17cf3094b7c061d71138400995a2e567e
    • Instruction ID: 8b1fecac28cabbf17d923e98c8542c76ca6305a3bee26a91d2ba67edc7f3b375
    • Opcode Fuzzy Hash: 71f5970cd6ee6c5f2330a0307d12b7a17cf3094b7c061d71138400995a2e567e
    • Instruction Fuzzy Hash: D59188B3F102254BF3444878DD993622682EB95314F2F82398F99AB7C5DD7E9C0A5388
    Function 00BA604F Relevance: .3, Instructions: 277COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 185eb1207c0d2aa795be965c5ef7056fd4eb9182060583b667e5b006e2350cc9
    • Instruction ID: 2c5b04545ba98e7a98c3a38542a1f2a12201f2c6ae52218f38d7a5f894083847
    • Opcode Fuzzy Hash: 185eb1207c0d2aa795be965c5ef7056fd4eb9182060583b667e5b006e2350cc9
    • Instruction Fuzzy Hash: A29176E7F6062147F3544838DD983A62583EBA5314F2F82788F8DAB7C5D87E5D0A5388
    Function 00B16116 Relevance: .3, Instructions: 277COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c077acb7ab39246fe5009d5b630024a65a730932d7337a92acde85a219dd3b80
    • Instruction ID: a41cb3635ef418321f564f29805d2ab427334fc296ab2ec39ac436bab6b79fd3
    • Opcode Fuzzy Hash: c077acb7ab39246fe5009d5b630024a65a730932d7337a92acde85a219dd3b80
    • Instruction Fuzzy Hash: C291AEF3F5123647F3444978DCA83A26682EB95320F2F82388F59AB7C6D97E5D095384
    Function 00B4A3B2 Relevance: .3, Instructions: 277COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: dfa99e32e392b457937d6a606ba895c4643613ea403824beb0c3b88fc4554098
    • Instruction ID: bc5c507d30f7a357e5cc315318b1ae74502d9b07d7214efa42efe051b91f952b
    • Opcode Fuzzy Hash: dfa99e32e392b457937d6a606ba895c4643613ea403824beb0c3b88fc4554098
    • Instruction Fuzzy Hash: A2915CB3F1122547F3544968CC883A1B693ABD5320F3F82788E5C6B7C5D97EAD0A5388
    Function 00BE50FC Relevance: .3, Instructions: 275COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7f9ab4a2daf6e260686b6fa33417bff847072f54d4147b7cb0841ca3f77a1c4a
    • Instruction ID: e3e8b01dc96148e57552321994733476cf4c8dfd099bcdcf657fe9d5a16f6b5e
    • Opcode Fuzzy Hash: 7f9ab4a2daf6e260686b6fa33417bff847072f54d4147b7cb0841ca3f77a1c4a
    • Instruction Fuzzy Hash: 7691DDB3F2122147F3444938CC683627683DBE5324F2F82788B99AB7C9D97D9C0A5384
    Function 00B601C8 Relevance: .3, Instructions: 275COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c4d01b1f32405e62edfbab6f31685bc099c40d5fafaaea00cf77e043efd2d2a9
    • Instruction ID: da7a998d7b90ed1f89265793ef7ad5848c23257c3572308202434a21b74bc112
    • Opcode Fuzzy Hash: c4d01b1f32405e62edfbab6f31685bc099c40d5fafaaea00cf77e043efd2d2a9
    • Instruction Fuzzy Hash: 8AA19EB3F116258BF3544928DC583627693EBE5324F2F82788E586BBC9DD3E5C0A5384
    Function 00B061C1 Relevance: .3, Instructions: 274COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8bc8eff012da77c3e2c2d6354a07da3100d3ed75eb8ca5d402fbd66436a57980
    • Instruction ID: ca170ca04c87b06740ac1788a4418f405f726f3f2b2f99fb671285a69daab9bd
    • Opcode Fuzzy Hash: 8bc8eff012da77c3e2c2d6354a07da3100d3ed75eb8ca5d402fbd66436a57980
    • Instruction Fuzzy Hash: 4A9168F3F6162147F3584879CD983A2658397E4320F2F82788E9DAB7C5ED7E5C0A5284
    Function 00BEC36E Relevance: .3, Instructions: 274COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cccf62f371deb69ca830c312d702ea1a62fcad8a64c51d0c290956ae41cd0d90
    • Instruction ID: c775c6fa5b72ebf531ce36d3bf0070ef822a9554e8371e5a82b5341496e9726b
    • Opcode Fuzzy Hash: cccf62f371deb69ca830c312d702ea1a62fcad8a64c51d0c290956ae41cd0d90
    • Instruction Fuzzy Hash: D19170B3F102154BF3540D78CD583A27682EB95310F2F82788F49AB7C5D97E9D0A5384
    Function 00C311EB Relevance: .3, Instructions: 273COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b004768e5375460fb0ef2e645566e651a6605fbf6c3628a4401fd8911123b210
    • Instruction ID: 18a0fc35e80bc3c8e41d62e906a623953ee374f34e764dc68600871114b19820
    • Opcode Fuzzy Hash: b004768e5375460fb0ef2e645566e651a6605fbf6c3628a4401fd8911123b210
    • Instruction Fuzzy Hash: C5918CF7F2162147F3584838CC583A26683D7E5324F2F82788F49A7BC9E97E5D0A5284
    Function 00BE036E Relevance: .3, Instructions: 273COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 44e2541a1cd5633aed7d6fcea19c2b2aa84006f22ac3332143b5c8a068e53773
    • Instruction ID: 69c79e234a74f120354748ac8eae1db197ee28c963c45cb64934027ec7960eec
    • Opcode Fuzzy Hash: 44e2541a1cd5633aed7d6fcea19c2b2aa84006f22ac3332143b5c8a068e53773
    • Instruction Fuzzy Hash: 78917AF3E1162547F3544839CDA83626583ABA5320F2F82788EAD6B7C6DC7E5D0A53C4
    Function 00B2C1A2 Relevance: .3, Instructions: 272COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3957210625e5de5d7132104c380dbd4c9b1c3f7412ddbbbeeb194e63d0696e9a
    • Instruction ID: f256fc9097c01888b2a9db77340efb85adcc6fc51178e32ad4cfbf8c00e15114
    • Opcode Fuzzy Hash: 3957210625e5de5d7132104c380dbd4c9b1c3f7412ddbbbeeb194e63d0696e9a
    • Instruction Fuzzy Hash: 9E919EB3F116258BF3444D68DC983A27693EBA5320F2F82788E9C6B7C5D93E5D095384
    Function 00C1C6E5 Relevance: .3, Instructions: 271COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8738a49592f2b6b182d84cc3ed2140419e7544b2f663dadd378aeca6f5c5aa31
    • Instruction ID: 51c655fffc9fa21deae51198421c7c18e464f5106fddcbca5fa6174b87a78354
    • Opcode Fuzzy Hash: 8738a49592f2b6b182d84cc3ed2140419e7544b2f663dadd378aeca6f5c5aa31
    • Instruction Fuzzy Hash: 229158B3F101254BF3444D29CD583A27683DBD5314F2F82788B49AB7C9D97EAD0A5388
    Function 00C25182 Relevance: .3, Instructions: 270COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e848b0a290c3620b63fd887d6eeea906f0249f9411e906514536935c540f5e21
    • Instruction ID: 783e33ae20c9b408eecb203b465ff3e427338fe5c58e09f1eee4567e4ebd556e
    • Opcode Fuzzy Hash: e848b0a290c3620b63fd887d6eeea906f0249f9411e906514536935c540f5e21
    • Instruction Fuzzy Hash: 6D9179B3F1162547F7584878CC983627683EB95314F2F82788F996B7C9D87E6C0A5388
    Function 00BC2177 Relevance: .3, Instructions: 270COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 02567cf3254a724b44cb16aa9482d5b5c0ff5e42bf41d686b4afffa76ed332df
    • Instruction ID: 7e4a76104eb3119cd01ba4f94d5add2b3688f48e9464adc24ba4f379ffbaed7e
    • Opcode Fuzzy Hash: 02567cf3254a724b44cb16aa9482d5b5c0ff5e42bf41d686b4afffa76ed332df
    • Instruction Fuzzy Hash: 5691BBB3F111254BF3444D38CC983626683DBD5325F2F827C8B58ABBC9D97E9D0A5288
    Function 00BDC27E Relevance: .3, Instructions: 269COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 777ca922e2e9070ff8446e7dc39496950bf810974ba9525dbd558aad37e5ee04
    • Instruction ID: f852a5346ca90ba51d5559c45b744320cf06303d369d8edcda2b32c861e34c1d
    • Opcode Fuzzy Hash: 777ca922e2e9070ff8446e7dc39496950bf810974ba9525dbd558aad37e5ee04
    • Instruction Fuzzy Hash: 4D916BB3F1122587F3444929CC983627693EBD5321F2F82788B586BBC9D97E9C4A5384
    Function 00BFE184 Relevance: .3, Instructions: 268COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d2b5f754cb3388add2f055b093ad4ac39fad99cfaf98d1506e05cbef466307e9
    • Instruction ID: 8d4ed1d4b8863e2db743ac48ac74ed5a81573aa73494f2b47096f59d0b25457d
    • Opcode Fuzzy Hash: d2b5f754cb3388add2f055b093ad4ac39fad99cfaf98d1506e05cbef466307e9
    • Instruction Fuzzy Hash: 7B917AF3F116154BF3440939CC683627683DBE5324F2F82389B599B7C6D97E980A5388
    Function 00C085D7 Relevance: .3, Instructions: 268COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2ae9087d27323354b9bc7d7be350b2bcbd54c0c9c9fc5c96dfd8286e09555231
    • Instruction ID: 6e45270a4f2e52c7d3d5b0972b2cb6d7e7a21c7720cb7e98879544340265495f
    • Opcode Fuzzy Hash: 2ae9087d27323354b9bc7d7be350b2bcbd54c0c9c9fc5c96dfd8286e09555231
    • Instruction Fuzzy Hash: 1D919BB3F112258BF3544929CC983A276939BE5324F3F82788E5C6B7C5D97E5C099384
    Function 00B165AA Relevance: .3, Instructions: 266COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d8a075f02628f40826808b63b1b4ad81e3b9dfb14eeaeaf5ebbd31a1118a2ed3
    • Instruction ID: c6f17e1c0808dcfeacc0b303822eb1a8c7080ead2fe34e4630a94e6c4e219878
    • Opcode Fuzzy Hash: d8a075f02628f40826808b63b1b4ad81e3b9dfb14eeaeaf5ebbd31a1118a2ed3
    • Instruction Fuzzy Hash: 3C91A9B3F1022547F3580978DCA8362B6939BA1324F2F42798E5D6B7C6E97E6C094384
    Function 00B5441B Relevance: .3, Instructions: 265COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 53c22b17b707fa2aa28fcb049eaca2dc2e78aea1e17320eee2d36539a5c17815
    • Instruction ID: 5476c1168788f42489fb472904ce760614234734b4f8d1223d75fceb9c28b89c
    • Opcode Fuzzy Hash: 53c22b17b707fa2aa28fcb049eaca2dc2e78aea1e17320eee2d36539a5c17815
    • Instruction Fuzzy Hash: 549159F3F1012547F3580928CD683666643DBA5324F2F827D8B5A6BBC8DD7E9D0A5388
    Function 00B0E19F Relevance: .3, Instructions: 264COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b0c4abff17cd0e2fa75cdb0bb2c9e6ea60cc835a5937a862712cd2149f5f8191
    • Instruction ID: d8b10f362c92d1522bca72f53e05a3239cc5b6867d98efdf700cde162c8a8d00
    • Opcode Fuzzy Hash: b0c4abff17cd0e2fa75cdb0bb2c9e6ea60cc835a5937a862712cd2149f5f8191
    • Instruction Fuzzy Hash: D89168B7F1152547F3940928DC583A27253EBE5324F2F81788E4C6B7C5E97EAD0A5388
    Function 00B8E0F0 Relevance: .3, Instructions: 263COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 96d1d725468c03fb8fc7f64b88bbbcbd87a807eb99151babfb1e6e05b4d196c8
    • Instruction ID: 3dcc15465ab8b64408d38ca913f8b6d2081b55dd17fd99a1c1942fc8b11af09d
    • Opcode Fuzzy Hash: 96d1d725468c03fb8fc7f64b88bbbcbd87a807eb99151babfb1e6e05b4d196c8
    • Instruction Fuzzy Hash: 849148B3F5022547F3444979CD983A27683EBD4324F2F81388E89AB7D5DD7EAD0A5284
    Function 00C02239 Relevance: .3, Instructions: 263COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4c457754f61c9f022bb9834add6faddf90d059b0f2ff8b1990dd205972d24ac8
    • Instruction ID: e5b7d8cb67441c02ffd663b567c6fc4e7e7f89910d69a5ff9e2a135c4bbbd731
    • Opcode Fuzzy Hash: 4c457754f61c9f022bb9834add6faddf90d059b0f2ff8b1990dd205972d24ac8
    • Instruction Fuzzy Hash: 3C9158B3F1112487F3544928CC983A276939BD5324F2F82788F5C6B7C5DA7E5D0A9388
    Function 00AFA4C4 Relevance: .3, Instructions: 263COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8e8616fec65a8259eb63779f7b1bdebdc4b630754666e8404ff832b2e432e1a7
    • Instruction ID: 09074f6cfcf00b5e1549d691d50fce04ee4654692a656eff4f30981d6fcfba75
    • Opcode Fuzzy Hash: 8e8616fec65a8259eb63779f7b1bdebdc4b630754666e8404ff832b2e432e1a7
    • Instruction Fuzzy Hash: 19918DB3F111358BF3604D68CC983A1B652AB95320F2F82788E9C6B7C9D97E6D4953C4
    Function 00AF8432 Relevance: .3, Instructions: 261COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8e6247b412a0ee173b5aaff0b06213edc9e8ed2e3363ab8d2772df1624d79bd5
    • Instruction ID: 942884459eacad5dac5b23f8bd7d79e9f80a48a7e39f94908fb845735b7673bf
    • Opcode Fuzzy Hash: 8e6247b412a0ee173b5aaff0b06213edc9e8ed2e3363ab8d2772df1624d79bd5
    • Instruction Fuzzy Hash: E09189B3F1043547F3544938CD583A26A92AB94314F2F82798F8DABBC9D97E9D0A13C4
    Function 00AEE451 Relevance: .3, Instructions: 261COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0d50820e2a3e91ae1477af79eaa29b0704cc4b5c592dbd63535665b7461c4565
    • Instruction ID: 402e1756ea09787c4f9235a9db1ea599ca3022fdeb0907720fdd021b55e33bd5
    • Opcode Fuzzy Hash: 0d50820e2a3e91ae1477af79eaa29b0704cc4b5c592dbd63535665b7461c4565
    • Instruction Fuzzy Hash: 4C9188B3F1122547F3504D78CDA83A2A693AB91324F3F42788E5C6BBC5DD3E5D0A5288
    Function 00C22183 Relevance: .3, Instructions: 260COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5e57dee61011959a05b9dd3f64ede227c71e50773aa52c8d364535ae2abb07b2
    • Instruction ID: 6050357570e8b513bca7efe1db89022043fece988452fc21d027b4f620981a30
    • Opcode Fuzzy Hash: 5e57dee61011959a05b9dd3f64ede227c71e50773aa52c8d364535ae2abb07b2
    • Instruction Fuzzy Hash: BD916AF3E1112587F3544929CC583A2B293ABE5320F2F82788F5CAB7C5DA7E5D165388
    Function 00BEE3FD Relevance: .3, Instructions: 260COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a3c95484caf706d02c5ca3b03b286d5b29ee61b4bddce3faaf5c7a8ff5449f60
    • Instruction ID: 8a0fc863073e2fa567a04f5894350153d2e668507dbeaec0d2afaf16eba8d0a0
    • Opcode Fuzzy Hash: a3c95484caf706d02c5ca3b03b286d5b29ee61b4bddce3faaf5c7a8ff5449f60
    • Instruction Fuzzy Hash: CA9159B3F106210BF3584879CD693A665839BD0324F2F82798F5D6BBC5DCBE0C4A0284
    Function 00B3E690 Relevance: .3, Instructions: 260COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6d42b13eaa3c3feed7815afcaa734129c258ab6e4696e069fc8aaa0bbb5507b2
    • Instruction ID: 4a34b40123262938b20ef60f3dc691a6918a8fd43c49aa4e5b868f28bfbb5c95
    • Opcode Fuzzy Hash: 6d42b13eaa3c3feed7815afcaa734129c258ab6e4696e069fc8aaa0bbb5507b2
    • Instruction Fuzzy Hash: F4918DF7F5022547F3944878CD99352A582D7A4320F2F82388F9CAB7C6E97E9D095384
    Function 00AE8160 Relevance: .3, Instructions: 259COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c9e6409a431b1b70d27f28e6341129e5ec229236895675ee4aeab2e55b71ede6
    • Instruction ID: b87195a32f5b4aca3509f86b8b81cce47a0f834f45c32f0127bc23b6efc6814f
    • Opcode Fuzzy Hash: c9e6409a431b1b70d27f28e6341129e5ec229236895675ee4aeab2e55b71ede6
    • Instruction Fuzzy Hash: EE9178B3F1162547F3584934CDA83A26683E7D4314F2F82798F4A6B7C6DD7E5D0A4288
    Function 00B2A40B Relevance: .3, Instructions: 259COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d8979fecd0f0d862c93b395aac262dd7a5f8ab23ed6c7718469122f4fe84d18a
    • Instruction ID: 7c01567de52ef7266777e0105e39fc97dcc06a70307e58e9d7c980254a94cfb2
    • Opcode Fuzzy Hash: d8979fecd0f0d862c93b395aac262dd7a5f8ab23ed6c7718469122f4fe84d18a
    • Instruction Fuzzy Hash: 9E9159F3F1122547F3544D39DC983A2668297A4324F2F42788E9CAB7C6E97E9C4A5384
    Function 00B865F7 Relevance: .3, Instructions: 259COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3d8849db4be03935200e7bbb4227a3fbff19683241f2ddf54f29c241f87aa19d
    • Instruction ID: b65dc6d9931cf80cf48fb0ba4e9446059373f7daf6e6ef468957cea5c602b92b
    • Opcode Fuzzy Hash: 3d8849db4be03935200e7bbb4227a3fbff19683241f2ddf54f29c241f87aa19d
    • Instruction Fuzzy Hash: 6D919CF3F1162547F3844928CC983627683ABE0320F2F82398E9D6B7C5D97E9D0A5384
    Function 00BDE1C5 Relevance: .3, Instructions: 258COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4807f5bf2355c09db5425e9a75b6e7990020f0a74fa5bc5ce356512e5e3f8c1d
    • Instruction ID: d61597515cfce45de027b3699ac1338c29415406cd3db970c707b322dfdfdc5c
    • Opcode Fuzzy Hash: 4807f5bf2355c09db5425e9a75b6e7990020f0a74fa5bc5ce356512e5e3f8c1d
    • Instruction Fuzzy Hash: 5791AFB3F106258BF3544D68CC983627692EB95720F2F42788F5CAB7C5D97EAC065384
    Function 00B8A287 Relevance: .3, Instructions: 258COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 252231580dcb60f85d062284bce08dc927f9ec1795455da46b440f91a607cd07
    • Instruction ID: 257f40104f3769f0649d07722885d23cdcf2eddfabd3f19031bd09ecc4e9bd36
    • Opcode Fuzzy Hash: 252231580dcb60f85d062284bce08dc927f9ec1795455da46b440f91a607cd07
    • Instruction Fuzzy Hash: B2917DF3F2162547F3444928CD983A26643D7E4325F2F82388B59AB7CADD7E9D0A1384
    Function 00C2E441 Relevance: .3, Instructions: 256COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c0e809e6d8ef18ae41240e4cdc40cb9273503ef6637b1e82c2dc2f321a8a5a57
    • Instruction ID: 7594e24745756ccd1bbf42a2d23b878ccbe5157e3c1259de18d041e2ba5ef6c6
    • Opcode Fuzzy Hash: c0e809e6d8ef18ae41240e4cdc40cb9273503ef6637b1e82c2dc2f321a8a5a57
    • Instruction Fuzzy Hash: A591ADE3F1162547F3884938DD983627682EBA5314F2F81388F496B7C9DD7E5D0A4384
    Function 00B442A9 Relevance: .3, Instructions: 255COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8ac8ef5c1af6f94bcb15dddea614542711a80cbb990944be219a89da9150db12
    • Instruction ID: 65b6f9c6e46250255e36a9609294a5176e8c726462d641262960c1079be5232a
    • Opcode Fuzzy Hash: 8ac8ef5c1af6f94bcb15dddea614542711a80cbb990944be219a89da9150db12
    • Instruction Fuzzy Hash: C8919CB3F516254BF3444979CC983A22683DBD5320F2F82788F986B7C9D97E5D0A5388
    Function 00C240D2 Relevance: .3, Instructions: 254COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 55ce623b6439cadc613a82d308694ec9e0ccd67d707510828f22dec0b5a38c82
    • Instruction ID: ebe7a0fb857f63232cd988435890d6188a47bf7c515f11afe3712248bbed4d98
    • Opcode Fuzzy Hash: 55ce623b6439cadc613a82d308694ec9e0ccd67d707510828f22dec0b5a38c82
    • Instruction Fuzzy Hash: EA817CF3F1162547F3444878CCA83626683D7A5321F2F82798F59AB7CAD97E9D0A4384
    Function 00C2C366 Relevance: .3, Instructions: 254COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 94ca77d343c988545bfd387fdd6cb24df5e203c8b4dfee66279b57dceaa20226
    • Instruction ID: 91f81f5c25ea67fd2c371d55b6d367578bb89d4a9b80c9f232a373afb47531d7
    • Opcode Fuzzy Hash: 94ca77d343c988545bfd387fdd6cb24df5e203c8b4dfee66279b57dceaa20226
    • Instruction Fuzzy Hash: 55816AB3F2152547F3544879DC583A266839BE5324F2F82788E5CABBC8DD7E8C0A5384
    Function 00BD308A Relevance: .3, Instructions: 253COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 240f2f4848552da9f3d5dbe29c0ea162088a58807216d7dab37bfdef5751710c
    • Instruction ID: 09f9f5eaa7b439b9c45ecac39c6cac40c99a4d399b1aadf6825f94b388778754
    • Opcode Fuzzy Hash: 240f2f4848552da9f3d5dbe29c0ea162088a58807216d7dab37bfdef5751710c
    • Instruction Fuzzy Hash: 48816DF3F111244BF7584929CC593626683ABE5320F2F827D8B9DAB3C5ED3E5C065288
    Function 00B12019 Relevance: .3, Instructions: 253COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5ce4c0ee377264acee04dad1481dc4b7b2c6514867c4e8702ec702d1a992bed7
    • Instruction ID: 0d88fe3ad70e9328110061f4aaf515adede87d2d628ae221756f4054594ffcfa
    • Opcode Fuzzy Hash: 5ce4c0ee377264acee04dad1481dc4b7b2c6514867c4e8702ec702d1a992bed7
    • Instruction Fuzzy Hash: F4916DB3F2122547F7544929CC983A27683DBD5320F2F82788F5CAB7C5D97D5D0A5288
    Function 00BF1008 Relevance: .3, Instructions: 253COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ce08f0492427c955aba0dd15823b523bd2fe106055053a442d6542b8844caf79
    • Instruction ID: c22824b1fc9051473ae645fc837561d639733c6c44bc261f1782cc3d153bdaac
    • Opcode Fuzzy Hash: ce08f0492427c955aba0dd15823b523bd2fe106055053a442d6542b8844caf79
    • Instruction Fuzzy Hash: 20915AB3F112258BF3504929DC983A27683DB95314F2F42788F4CAB7C5D97E6D0A5384
    Function 00BEA23F Relevance: .3, Instructions: 253COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b57dad78065c013823dcd3d6fe0ab7100c3fd9ed633f770ca91f9c32fedf91d6
    • Instruction ID: 64aa6720296e8e27bbbf6ea0d7f03106e4e1493ef8b89b62438ddbcbc3086994
    • Opcode Fuzzy Hash: b57dad78065c013823dcd3d6fe0ab7100c3fd9ed633f770ca91f9c32fedf91d6
    • Instruction Fuzzy Hash: 809149B3F1122587F3544D28CC583A26693EBE5310F2F82798E8D6B7C5E97E9D0A5384
    Function 00B2E595 Relevance: .3, Instructions: 253COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a70a8106da17a72b4defe0ec6d6eff1d45db7c34962857f38357afbaa20ff135
    • Instruction ID: c0c0a679b3aca1cb6f897ec86489daa627a2bfef38ce66c10059a4f1488ff5e0
    • Opcode Fuzzy Hash: a70a8106da17a72b4defe0ec6d6eff1d45db7c34962857f38357afbaa20ff135
    • Instruction Fuzzy Hash: 3191ADB3F1022587F3544D69CC583A2B683AB95320F2F427D8E4D6B7C5D97EAD099384
    Function 00B131AE Relevance: .3, Instructions: 252COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 13d27b18c442107345b850985b33565bea9c34412efa5689cb5c1f5f8c63b2db
    • Instruction ID: bd7caece4a336191f8f3cbf59083729ac7732128efe6bc9f186285cf4f7f7ae3
    • Opcode Fuzzy Hash: 13d27b18c442107345b850985b33565bea9c34412efa5689cb5c1f5f8c63b2db
    • Instruction Fuzzy Hash: 6C913CB3F112254BF3504D68CC983A27692EB95320F2F82B88E5C6B7C5D97E6D0957C4
    Function 00B2655D Relevance: .3, Instructions: 252COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f445fcfa1f158856d1effd8b4ddb8a5d4708eec1bc0719b9c6b9569e3a343a39
    • Instruction ID: 08ce3cc0c38166d36eb4f50398a4e6488278edb88584f7069423ef2229061b18
    • Opcode Fuzzy Hash: f445fcfa1f158856d1effd8b4ddb8a5d4708eec1bc0719b9c6b9569e3a343a39
    • Instruction Fuzzy Hash: AC816AF3F206208BF3548D39CD583626583AB95324F2F82788FACAB7C5D97E5D095284
    Function 00BAF08C Relevance: .3, Instructions: 251COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f2813e1f1c31bb4c28443cdaaafd03f25f2b0f174a3b1488e03c85e849a37c4b
    • Instruction ID: 4fcfc3ec192943ebe567dbd0c924f62d3c4f73808f21f3e905aa27f10e58b0b1
    • Opcode Fuzzy Hash: f2813e1f1c31bb4c28443cdaaafd03f25f2b0f174a3b1488e03c85e849a37c4b
    • Instruction Fuzzy Hash: 91913BB3F111254BF3544939CC583A27693ABD5320F2F82788E5CABBD9D93E9D0A5384
    Function 00C282E6 Relevance: .3, Instructions: 251COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cb5429a356d6065d757f9f87a97d633c870c474a03d358b4f21ffa21c189194c
    • Instruction ID: a30f675d2342fff616322c53da3885c2063d5be9f71919db038eac83fa6e928d
    • Opcode Fuzzy Hash: cb5429a356d6065d757f9f87a97d633c870c474a03d358b4f21ffa21c189194c
    • Instruction Fuzzy Hash: 228177B3F1122547F3544D29CD98362B693ABA4324F2F82788E8C6B7C5ED7E5D064388
    Function 00B7F0D4 Relevance: .2, Instructions: 250COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f7729b08103699ae29691e643f1ff85c9603ee72513fc8f4a77325928b487303
    • Instruction ID: 2f310f0f8fca81073916326cc93996119fc068001ff984b5bdc5473dba186a50
    • Opcode Fuzzy Hash: f7729b08103699ae29691e643f1ff85c9603ee72513fc8f4a77325928b487303
    • Instruction Fuzzy Hash: D3919EB7F6062547F3404D28DC983927643DB95324F2F82788E58AB7C9D97E9D0A53C8
    Function 00BC0416 Relevance: .2, Instructions: 250COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: eb7774f34be7acda7a414bb248a4e23100c244c11f5bb0634dca79326b656de8
    • Instruction ID: 4230003f23b3b6b7d72174d38d5345b260d838ab1b8f4c3779ddc81eb7a0ba7a
    • Opcode Fuzzy Hash: eb7774f34be7acda7a414bb248a4e23100c244c11f5bb0634dca79326b656de8
    • Instruction Fuzzy Hash: AF9167F3E1122547F3544939CC983A26683ABA5320F3F42788FAC6B7C5DD7E9D0A5284
    Function 00B8C064 Relevance: .2, Instructions: 249COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 094fc878eaa0a851a977fe026d21aef6ba4f33fb589c8802c03d8271707eaeca
    • Instruction ID: c568041edb9023eaff771f66137537a5a4801309d6326d6d7946d9058d98ae6b
    • Opcode Fuzzy Hash: 094fc878eaa0a851a977fe026d21aef6ba4f33fb589c8802c03d8271707eaeca
    • Instruction Fuzzy Hash: F181AAF3F5062547F3444928DC983A26683EBD1314F2F82788E5CABBC6D97E5D0A5388
    Function 00AFE235 Relevance: .2, Instructions: 248COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5e23ba5cd640f81bf58d6a6f4de0c836fa3c05bd611198fbf9c75d1ad0af76ab
    • Instruction ID: 04bf4c37d42f398db2ebbad069989b11e97fa98da78614cdbeca13d26c52344a
    • Opcode Fuzzy Hash: 5e23ba5cd640f81bf58d6a6f4de0c836fa3c05bd611198fbf9c75d1ad0af76ab
    • Instruction Fuzzy Hash: 098148B3F106254BF3544939CDA83627583ABD5324F2F82788E8D6B7C9D93E5D0A5384
    Function 00B8E5A9 Relevance: .2, Instructions: 248COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6296fdc359fc5ff1d5eea95faa7c67cd311c6a322b24a651e5d8927a0a936303
    • Instruction ID: afef01f2d07e1382a712eaa437cbd896857d92f1fce0826f5a93b1d709a7c7f0
    • Opcode Fuzzy Hash: 6296fdc359fc5ff1d5eea95faa7c67cd311c6a322b24a651e5d8927a0a936303
    • Instruction Fuzzy Hash: 9A8199B3F2112547F3884839CD583A666839BD4320F2F82788E5DAB7C5DD3E9C0A5384
    Function 00B890A8 Relevance: .2, Instructions: 246COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c607879337b8a7b4f44d0ebd0a487891fa44f98093db766095debb4bc51f2041
    • Instruction ID: 10dd6298641c5db22d77bf3f7da49f8a5e89007efb2cc831a6fc308850769f87
    • Opcode Fuzzy Hash: c607879337b8a7b4f44d0ebd0a487891fa44f98093db766095debb4bc51f2041
    • Instruction Fuzzy Hash: 598158B3F116258BF3544D69CCA43626283DBA5720F2F82788FA9AB7C4DD7E5C065384
    Function 00AE011C Relevance: .2, Instructions: 246COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 06303250dfa02d70d31c1383408a2362afee53c523067873812dee32db200305
    • Instruction ID: bcc158a9ba32717d436bb48d312c1d02fe73f6be7b3ff2167435d96783b96754
    • Opcode Fuzzy Hash: 06303250dfa02d70d31c1383408a2362afee53c523067873812dee32db200305
    • Instruction Fuzzy Hash: B4815CB3F111258BF3544D28CC983A1B692ABA5320F2F82798E9C6B7C5D97E5C099384
    Function 00BE442C Relevance: .2, Instructions: 245COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ae47a93a4b61d93ca7c3c5b7c2c8d15608f6b69d36369e860a51af74dd925eee
    • Instruction ID: 8f558d4941d865b0d54a36db68be33fbc00e131d5762435f1ba4764d8dd1e4af
    • Opcode Fuzzy Hash: ae47a93a4b61d93ca7c3c5b7c2c8d15608f6b69d36369e860a51af74dd925eee
    • Instruction Fuzzy Hash: 518157B3F1122547F3484D38CC983A26692ABD5320F2F82788F5DAB7C5D97E5D0A5388
    Function 00C08219 Relevance: .2, Instructions: 244COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b2971ceba5333e01b5bf51a6f7724f4ff65e495ea30837869e1f447f7b727f0a
    • Instruction ID: 2adad1c11275e9643bfd62e93748353c0fa750fd22b516764ceb03bf591b04af
    • Opcode Fuzzy Hash: b2971ceba5333e01b5bf51a6f7724f4ff65e495ea30837869e1f447f7b727f0a
    • Instruction Fuzzy Hash: D0819CB3F1122587F3484D39CC583627693AB95320F2F827C8E9DAB3D5D97E5D0A5288
    Function 00B3851A Relevance: .2, Instructions: 241COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2159088afcd2079cafda266afd49e8015cb8d84c74f959d76ae73c59f99d3902
    • Instruction ID: ca936391a99335f65c1d832cfa24365e37c195d9d01a8ae0ca1c40a8e98ffc9e
    • Opcode Fuzzy Hash: 2159088afcd2079cafda266afd49e8015cb8d84c74f959d76ae73c59f99d3902
    • Instruction Fuzzy Hash: 2F816BF7F5062587F3544D28DCA83A27182DBA4324F2F81388F49AB7C5D97E9D0A5388
    Function 00B970B9 Relevance: .2, Instructions: 240COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0d22a158de1f520c200a7db484eb1084d1611e74e4f82ee1640debaf8568e8d8
    • Instruction ID: 2968946900dec512a6ed053ca8d21da936929c6bcffe14dbfd39dacca85ef94b
    • Opcode Fuzzy Hash: 0d22a158de1f520c200a7db484eb1084d1611e74e4f82ee1640debaf8568e8d8
    • Instruction Fuzzy Hash: 1981B0F7F206254BF3544D68CC983A27282EBA5320F2F42788F996B7C5D97E6D095384
    Function 00B1E08B Relevance: .2, Instructions: 239COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e2927731d1fac64df16b453c681f55b1b23bc81839138d585a82bda580ccf104
    • Instruction ID: 3a0fbf809dc2baed30840f20e4b26d666e65e44c7f2d4be1354878e4555fcc63
    • Opcode Fuzzy Hash: e2927731d1fac64df16b453c681f55b1b23bc81839138d585a82bda580ccf104
    • Instruction Fuzzy Hash: AF81A9B7F2122587F3544D24DC583A2B283EBA5325F2F82388E5C2B7C5D97E5D4A5388
    Function 00C4E2AD Relevance: .2, Instructions: 239COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4a18a2c07d577d444eb382b8c6cded8c5e6f2b3aa39638f1b41157b608f64d24
    • Instruction ID: eba83dc3e3283804b2d61f4040d5a4297b9b843ad5e59508c0941492f258831e
    • Opcode Fuzzy Hash: 4a18a2c07d577d444eb382b8c6cded8c5e6f2b3aa39638f1b41157b608f64d24
    • Instruction Fuzzy Hash: 2171E7F39082109FE7046E1CDC8667AFBE8EF94720F16492DEAC4D7344E5759C158792
    Function 00C1E6D7 Relevance: .2, Instructions: 239COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 698c4a072cb424b8594addd410905b84c4e7de9f7ed1b34fa408f75d52542625
    • Instruction ID: 470d5897495e66c3a7865bee608ec610f044882f31c494e8d1dd4c28120fcb47
    • Opcode Fuzzy Hash: 698c4a072cb424b8594addd410905b84c4e7de9f7ed1b34fa408f75d52542625
    • Instruction Fuzzy Hash: 2781AEF3F1162587F3540978CC983A27682DBA5321F2F42788E5CAB7C6D97E9D095388
    Function 00B28084 Relevance: .2, Instructions: 236COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b91e7b35fd93362c668d89e6161c6a36db312b0cb15651f2c23fc82b00c25316
    • Instruction ID: 872a0967bd6279bc9e54ae9fc4bb9f336e1164cd517b2c056eac3f13e5411f9b
    • Opcode Fuzzy Hash: b91e7b35fd93362c668d89e6161c6a36db312b0cb15651f2c23fc82b00c25316
    • Instruction Fuzzy Hash: 7A8147B3F1022547F3944E29CC593627292EBA5314F2F427D8E8DAB3C5D97E6C4A5388
    Function 00B3D074 Relevance: .2, Instructions: 236COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7b8763483ea0855087d8b0a0ee67b42d568ee8dd093d3d877341e2bc549805a4
    • Instruction ID: 1b12d78d0ebf75239310de854acc6bb948c479fe704e6116fe20748305364aa9
    • Opcode Fuzzy Hash: 7b8763483ea0855087d8b0a0ee67b42d568ee8dd093d3d877341e2bc549805a4
    • Instruction Fuzzy Hash: E1816AB3F1122487F3104E69CC98352B693EB95324F2F82788E9C6B7C5D97E6D0A5384
    Function 00BD24FC Relevance: .2, Instructions: 236COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2167232a132c1be89bf578eaa431154a139db89b84cd661f1610cd933703b2a4
    • Instruction ID: 31d774db7ae6f957b8b4e442b52a120021ba4ae130ba7382f58dfc2fa52a2d8c
    • Opcode Fuzzy Hash: 2167232a132c1be89bf578eaa431154a139db89b84cd661f1610cd933703b2a4
    • Instruction Fuzzy Hash: 2F816CB7F2162147F3544938DC5836266839BA5324F2F82388E69AB7C9DD3E9C0A4284
    Function 00C2F1F8 Relevance: .2, Instructions: 234COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cc4fac2561fd9445c153d3496cdeebd601c1f71fbaa2426a6e393c8ffddc8c3b
    • Instruction ID: 5bd2d5b96c22659370491be6afd7a2b7c87772ed997fdc6a297a604848cc8356
    • Opcode Fuzzy Hash: cc4fac2561fd9445c153d3496cdeebd601c1f71fbaa2426a6e393c8ffddc8c3b
    • Instruction Fuzzy Hash: 9A818EB3F111258BF3444E29DC983A27253DBD5310F2E817C8B885B7D8DA7E6D1A9788
    Function 00BE644E Relevance: .2, Instructions: 233COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 353e12a2d96430cfa056c2c003ca14ad824c3854e0670be7d1f76a4a7e19a431
    • Instruction ID: feeb3ad410feeb4cad0ac65a939e79ef4b0f4d0afb85b2531a10d11965cbd07e
    • Opcode Fuzzy Hash: 353e12a2d96430cfa056c2c003ca14ad824c3854e0670be7d1f76a4a7e19a431
    • Instruction Fuzzy Hash: 3F816DB3F111258BF3544E29CC983A17693ABD5324F2F41B88E9C6B7C1D97E6D0A9384
    Function 00B32538 Relevance: .2, Instructions: 233COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f3c366731aae04c29684ae8684d686784b0ce11650053cff74cc584464b00dab
    • Instruction ID: 722e09ac5bfabcb0b68819b4bdefbc86bf851a279bf071b56016ac8829468539
    • Opcode Fuzzy Hash: f3c366731aae04c29684ae8684d686784b0ce11650053cff74cc584464b00dab
    • Instruction Fuzzy Hash: E2815AB3E1122587F3944D29CC98362B693ABE4320F2F42798E9C677C5DD7E5D065388
    Function 00BF46A3 Relevance: .2, Instructions: 233COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fe89c75a1474314d0474fd3762313382e89dabec4dd7c13ae6263d6f46baad06
    • Instruction ID: d29c2f061847a5c0e4423f0ce0fea702ecfd11c8dcc0e0731a91f8dac103bc00
    • Opcode Fuzzy Hash: fe89c75a1474314d0474fd3762313382e89dabec4dd7c13ae6263d6f46baad06
    • Instruction Fuzzy Hash: 39813BF3F1152587F3144D29CC943A27293ABE5325F3F82388E586B7C5EA3E6D165284
    Function 00C183F6 Relevance: .2, Instructions: 232COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ebc111d215538de47df34264c1c403bb98d6dcaf003cf310df4618825c7c9406
    • Instruction ID: 70ea56bffcc511088fb677c834a576f22082fe7caa45cb2f2ff3e354293628a9
    • Opcode Fuzzy Hash: ebc111d215538de47df34264c1c403bb98d6dcaf003cf310df4618825c7c9406
    • Instruction Fuzzy Hash: 0F8118F7F112254BF3544979CD583A2768397E1310F2F82788E8C6BBC9E97E9D0A5284
    Function 00B082F1 Relevance: .2, Instructions: 229COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d84600c271e0b7419d6409620941c197ddc5523d11c6bf151b3d472da1cb9b62
    • Instruction ID: 45e398517e5763521af9c3b8d2042045235bfb0e18db2703313d4d68e4e6d2c1
    • Opcode Fuzzy Hash: d84600c271e0b7419d6409620941c197ddc5523d11c6bf151b3d472da1cb9b62
    • Instruction Fuzzy Hash: FC816CF3E1122587F3544D74CC983626683E7A1324F2F82788FA86BBC5D97E5D0A5384
    Function 00BE25E5 Relevance: .2, Instructions: 229COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a66657db90ca712407f2b5fc7036586dff0e665b3acd2ab53a100c779ff0a5b7
    • Instruction ID: b957404d4924843653ee4d368a4a7484eff0403861806949b75cefea43c0d194
    • Opcode Fuzzy Hash: a66657db90ca712407f2b5fc7036586dff0e665b3acd2ab53a100c779ff0a5b7
    • Instruction Fuzzy Hash: F771ADF7F102244BF3544969DC983A27293EB94314F2F82788F4DAB7C5E97E5D0A5288
    Function 00B7D189 Relevance: .2, Instructions: 227COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c87247b2938e6d2c4d0bd7282d2097b3de372b61b6787f726f7ea746861d1195
    • Instruction ID: 60e27a1dfcf7803966ad4cc6886451b6fa6118cd348cc5b67a98b9b0ff7bc704
    • Opcode Fuzzy Hash: c87247b2938e6d2c4d0bd7282d2097b3de372b61b6787f726f7ea746861d1195
    • Instruction Fuzzy Hash: 2C719DB3F0022547F3544D78CD983627692AB95320F2F82788E9CABBC9D97E5D0A53C4
    Function 00B926A7 Relevance: .2, Instructions: 225COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f91cd368ac3e0f775a68dd3ba75179654237459610c13c44d8c1b46775642cdc
    • Instruction ID: bdadc0231a80ba08ac4e542bee022092d45c99f7537ef328aaf6b4db48e4ffbd
    • Opcode Fuzzy Hash: f91cd368ac3e0f775a68dd3ba75179654237459610c13c44d8c1b46775642cdc
    • Instruction Fuzzy Hash: DF7147F7E1162587F3544929CC583A276839BE4324F2F82788F9C6B3C5E97E6D065388
    Function 00B5E25F Relevance: .2, Instructions: 224COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 57941ba77b17ef4a96b9b44233210285a8c4b61e397add47b8b22e3cc10ae2cb
    • Instruction ID: ae43d296e962a9b920747fe23fee9c0098fac6f7b73fd105dda63807fd6eba81
    • Opcode Fuzzy Hash: 57941ba77b17ef4a96b9b44233210285a8c4b61e397add47b8b22e3cc10ae2cb
    • Instruction Fuzzy Hash: EC715DB3F1152587F3444D29CC983A27683EBD5310F2E827C8E996B7C8D97E6D0A9384
    Function 00AEB05E Relevance: .2, Instructions: 223COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9f5bf0cbb42185811b1540d8425e5cc9a9c87133336605be4a668c027711d128
    • Instruction ID: 9d21c750d27167b179b2ed692207c8f1a57c4cb02362d3a5eb8bdc34f9fe28d4
    • Opcode Fuzzy Hash: 9f5bf0cbb42185811b1540d8425e5cc9a9c87133336605be4a668c027711d128
    • Instruction Fuzzy Hash: 8E718EB3F102258BF3544D39CC983A17692DB95320F2F83788EAC6B7D8D97E5D095284
    Function 00B9F0FC Relevance: .2, Instructions: 222COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f69a9dd0b2a69d803cce977db56030038e5465086fa093dd92d408dc3559e26f
    • Instruction ID: a61787a16b9281a4499811a5689fe02929bc8d7a81e48e390a2e346766495d9e
    • Opcode Fuzzy Hash: f69a9dd0b2a69d803cce977db56030038e5465086fa093dd92d408dc3559e26f
    • Instruction Fuzzy Hash: 7B714BB3F1122487F3544D29CC583A27692EB95324F2F82788E9CAB7C5D97E6D095388
    Function 00AEA529 Relevance: .2, Instructions: 221COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 0fbc64031d2eadcdd1c96aa376987e0e419d2bf64c55719aa9e65244c2a26fb9
    • Instruction ID: f6387c84c20bba4273ca37f6e9b5995e90988f87f0d37d52024010cd2f48c0d4
    • Opcode Fuzzy Hash: 0fbc64031d2eadcdd1c96aa376987e0e419d2bf64c55719aa9e65244c2a26fb9
    • Instruction Fuzzy Hash: FB713BB3F001258BF3544E29CC543A27793EB95714F2E8179CE886B7C4DA3E6C569788
    Function 00B960A8 Relevance: .2, Instructions: 218COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b655cbacaa7df26be62a4cf0f7a4e8cb23d5e648642b7b83b98e1ab4ea2c66b8
    • Instruction ID: d513785e3ffda0b4ad37dd8cb713bb4eb3a704f4fb244083f7273cb8fe0ce3c3
    • Opcode Fuzzy Hash: b655cbacaa7df26be62a4cf0f7a4e8cb23d5e648642b7b83b98e1ab4ea2c66b8
    • Instruction Fuzzy Hash: C0715CB3F1162547F3144E29CC943A1B693EBE5324F2F81788E489B7C5EA7F6C165288
    Function 00BBA3BD Relevance: .2, Instructions: 218COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bd45ca1b0ac070918d3110bc6136cbb35a2a733dabf549636f194e7703510660
    • Instruction ID: 8c288562c22246bff987bf8b3575e7a4fadea872179a030314fbcbe6816bf9a1
    • Opcode Fuzzy Hash: bd45ca1b0ac070918d3110bc6136cbb35a2a733dabf549636f194e7703510660
    • Instruction Fuzzy Hash: AB715DF3F115258BF3544D29CC583627293ABA5320F2F82788E9CA77C5D93E9D0A5384
    Function 00B9D059 Relevance: .2, Instructions: 217COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 20707bf86d8f7ecb9cf85efc331a21e67487a879e358cbc39473ed67a84aaefb
    • Instruction ID: 06b2f6ba804931687f861f0daecb36b37ce6b9518e89e0d273754fa5b94692b5
    • Opcode Fuzzy Hash: 20707bf86d8f7ecb9cf85efc331a21e67487a879e358cbc39473ed67a84aaefb
    • Instruction Fuzzy Hash: DC717DB3F1022547F3544928CD993A27692EBA5320F2F81788F8DAB7C5D97EAD095384
    Function 00C2E0D5 Relevance: .2, Instructions: 215COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 04fcbe30ed9e8974275db085cb1de8aa9804cd544bff2198e857866f6d05e334
    • Instruction ID: 1169c771dda53419d1b97043d19e4c83481504ea024500b210bb729bdc820ef9
    • Opcode Fuzzy Hash: 04fcbe30ed9e8974275db085cb1de8aa9804cd544bff2198e857866f6d05e334
    • Instruction Fuzzy Hash: 4F717CB3F1121487F3584E29DCA43627683EB95324F2E827C8B595B7C5DE7E6C0A5388
    Function 00B5031F Relevance: .2, Instructions: 215COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1eedc7248957adcb7f52b9af8abf00ba88759cf98162bc3c326a44dc372a826b
    • Instruction ID: abd01ff0dfe590447357b93770327b206204b0d1a4d0e6cd166e29e426e9a331
    • Opcode Fuzzy Hash: 1eedc7248957adcb7f52b9af8abf00ba88759cf98162bc3c326a44dc372a826b
    • Instruction Fuzzy Hash: A671ADF3F5162587F3444928CC983B2A5839BE1320F2F42788F5DAB7C5E97E9D0A5284
    Function 00BF4342 Relevance: .2, Instructions: 214COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7abe80f84241ecff7257414a6bf9f7546641023297416af74a1ab59cd797ed65
    • Instruction ID: 7fdfea7c0c28cb1621fb14e9c6dd3c2c4c0908c96e3af9267816606fd0259096
    • Opcode Fuzzy Hash: 7abe80f84241ecff7257414a6bf9f7546641023297416af74a1ab59cd797ed65
    • Instruction Fuzzy Hash: 4771CEB3F506248BF3444979CC983A27693DBE5311F2F82788B589BBC9D97D5C0A5384
    Function 00BCA455 Relevance: .2, Instructions: 214COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 31b3d156dd399f911ce7420d44a213ce76af8be050f40b77cfebdd45074aca7f
    • Instruction ID: 216e1e41fba3d4b94582328117a269a9868df81886a2bb6fe02a88f455dfe67d
    • Opcode Fuzzy Hash: 31b3d156dd399f911ce7420d44a213ce76af8be050f40b77cfebdd45074aca7f
    • Instruction Fuzzy Hash: 017182B7F111258BF3444E28CC983617792EB96314F2F827C8B596B7C5D93E6D099388
    Function 00ADB029 Relevance: .2, Instructions: 213COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6deb37a6a7a45d8749caf0525242221ba9d37eba0ef8a211e9e8429f5704f729
    • Instruction ID: f5f8452ef3d5c39eb573ad9e5b546816d0ec6810ccf3398f0b4f5b0b00ac1d39
    • Opcode Fuzzy Hash: 6deb37a6a7a45d8749caf0525242221ba9d37eba0ef8a211e9e8429f5704f729
    • Instruction Fuzzy Hash: 52717CF3F1162587F3544D28CC983A67693EBA5324F2F42388F692B7C5D93E5D065288
    Function 00BF01FC Relevance: .2, Instructions: 213COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 39486c39973fcff183011e4fb55d101ee98589598ac585b5e27feb96a587524e
    • Instruction ID: ead0e3f2546f0e7cc85ff00114102d41114be1635bfbfefa7ac8d0e07fd17de3
    • Opcode Fuzzy Hash: 39486c39973fcff183011e4fb55d101ee98589598ac585b5e27feb96a587524e
    • Instruction Fuzzy Hash: 4071AEB3E2152547F3644D29CC583A2B293EBD5320F2F42788E9D6B7C5D93E6D095384
    Function 00C22591 Relevance: .2, Instructions: 212COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ce58c33bcfc3c6e87ecf6668d9a54f60136e7812836357feda2d8ca772ca890d
    • Instruction ID: 8ba358f40621ff794993aca95b30ecc3fa76618e6ba730bbbb53f1b21183e2c9
    • Opcode Fuzzy Hash: ce58c33bcfc3c6e87ecf6668d9a54f60136e7812836357feda2d8ca772ca890d
    • Instruction Fuzzy Hash: 38619CF3F1152547F3484938CC983616683DBA5320F2F82398B59AB7C9ED7E9C0A5388
    Function 00BDA543 Relevance: .2, Instructions: 210COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 746bc3a266cbaa1940460604017673860659aa2921068a90a5dc9e4230a9f7d9
    • Instruction ID: 7fa9785728de18eba577d3d89a8fdbfcb4fe6a338c202fff2a54e338440a865d
    • Opcode Fuzzy Hash: 746bc3a266cbaa1940460604017673860659aa2921068a90a5dc9e4230a9f7d9
    • Instruction Fuzzy Hash: 99718BB3F112254BF3444975CC983A26683D7D1324F2F82788E196B7CADD7E5C4A5384
    Function 00B26229 Relevance: .2, Instructions: 209COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d69a5c12c56821f55a3cec309efc1a59c849d60019c9bb4f53f65287e044b5e9
    • Instruction ID: c7cf81110554774b942b54243803ea4e2392e4848358b8ee4e6e77a66eeb0d6c
    • Opcode Fuzzy Hash: d69a5c12c56821f55a3cec309efc1a59c849d60019c9bb4f53f65287e044b5e9
    • Instruction Fuzzy Hash: D07170B3F106254BF3544D29CC583A17292EBA5320F2F82788E9D6B7C5D97E5C4A53C4
    Function 00BFB0F3 Relevance: .2, Instructions: 207COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: df494dda0e5bfba03f263910e544c1e7a8e4586403af3db0ac8b328d988e6c27
    • Instruction ID: b8c0671f686abda5540bf076e23b01d985cb0e661ce3c4daac0331e7ebbd4c21
    • Opcode Fuzzy Hash: df494dda0e5bfba03f263910e544c1e7a8e4586403af3db0ac8b328d988e6c27
    • Instruction Fuzzy Hash: 22712AF3F1111187F3544D29CC583A26683EBE5324F2F85788B896B7C9D97E9C4A5388
    Function 00BA24C5 Relevance: .2, Instructions: 204COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: df54885b41bd2b32c37a2d7e3b1faa1667243122476102ad645433901302a8e0
    • Instruction ID: 212e9d7e26c69ddf2801175e2484b67fef0d29f4195a5e4873df0cd42d3793c4
    • Opcode Fuzzy Hash: df54885b41bd2b32c37a2d7e3b1faa1667243122476102ad645433901302a8e0
    • Instruction Fuzzy Hash: 2E619AB3F1122587F3544928CC583A67683EB95324F2F82788F4DAB7C5E97E5D0A5388
    Function 00C040CE Relevance: .2, Instructions: 203COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8cb2eb214b95ef1e2fde208c4f6b4603005e8d8a782c405889773e143bb435d9
    • Instruction ID: a8193cdc08a008cca281a3355f9977f1f48edd68751a50d4cc666a2719faa36e
    • Opcode Fuzzy Hash: 8cb2eb214b95ef1e2fde208c4f6b4603005e8d8a782c405889773e143bb435d9
    • Instruction Fuzzy Hash: 60618EB3E2152587F3944D39CC983A27293EB94324F2F42788E9DA77C5D93E6D095388
    Function 00BC00FC Relevance: .2, Instructions: 203COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8f4ed677a1bd2df45b2822412465ccee29211f6f4421793916c65c5e1c593478
    • Instruction ID: bbfdd70505b78214a40454a436d111b4d5485d3c4e4cac56c7ad8689f6c3a5f2
    • Opcode Fuzzy Hash: 8f4ed677a1bd2df45b2822412465ccee29211f6f4421793916c65c5e1c593478
    • Instruction Fuzzy Hash: 57617DB3F5162587F3500D69CC84362B292EB95321F2F82788E9C6B7C5EA7E6C0553C8
    Function 00B4A09F Relevance: .2, Instructions: 202COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 189ebfdcd2c9fcd20acfdfd55106d2ccbc76e6bf85277183804d83f4e8403201
    • Instruction ID: 6af82012e14e9fe7ffaed9e40ae65c9eb58fda72938865b45ab46796981513ac
    • Opcode Fuzzy Hash: 189ebfdcd2c9fcd20acfdfd55106d2ccbc76e6bf85277183804d83f4e8403201
    • Instruction Fuzzy Hash: 0A618DB3F1162587F3544D69DC883627693AB95320F2F82788E9CAB3C5D97E1D0A53C4
    Function 00C0021E Relevance: .2, Instructions: 198COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 47f74c352f79011eea24c5b3f993e86a826c6754ef80e646248239b6920e3c8c
    • Instruction ID: 836babf8bb58a067ebcbce52c1162d46f45267791148c7c55b1b3a75626d57cc
    • Opcode Fuzzy Hash: 47f74c352f79011eea24c5b3f993e86a826c6754ef80e646248239b6920e3c8c
    • Instruction Fuzzy Hash: B061A1B3F1112487F3484E68CCA83617692EB95310F2F827D8E496B7C4DD7E6D099384
    Function 00B4845B Relevance: .2, Instructions: 197COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1d5175ce6f725867ff750d7f680c05dcdb0c95d9aeea396edb37c19add628a25
    • Instruction ID: c127e6636aa583fd21be57f07764d87606f8a1cd13e44c8925304b68754c18ab
    • Opcode Fuzzy Hash: 1d5175ce6f725867ff750d7f680c05dcdb0c95d9aeea396edb37c19add628a25
    • Instruction Fuzzy Hash: DE614AB7F111258BF3544D25CC583A27293EBD5315F2F81788A8D6B7C9DA3E6C0A9388
    Function 00C111D3 Relevance: .2, Instructions: 195COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bba716b49cb6a4ab050c2f788ba8d38332ad4ce92865646f353be331a58052de
    • Instruction ID: 7f26adca3326fe0edbce912eb9ca8213ffd4d703e5b45649290d50aa67f043ae
    • Opcode Fuzzy Hash: bba716b49cb6a4ab050c2f788ba8d38332ad4ce92865646f353be331a58052de
    • Instruction Fuzzy Hash: AE614EB7F2252547F3444928CC1836272539BD5324F2F82B88E6C6B7D5D97E6D0A5388
    Function 00BDE5B2 Relevance: .2, Instructions: 195COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6c6ca80227f3c0bb3113128691b3e06ef4983b06ce1bf5e20d0f08b46ce57e67
    • Instruction ID: 20e25a695c8e1996c1692da8706c765ffc2e22cc14b5fa576e67fee512f531e5
    • Opcode Fuzzy Hash: 6c6ca80227f3c0bb3113128691b3e06ef4983b06ce1bf5e20d0f08b46ce57e67
    • Instruction Fuzzy Hash: BC615BB3F1162447F3980978CD683626183E7E5324F2F82798B99AB3C5DD7E9C095384
    Function 00B646F8 Relevance: .2, Instructions: 185COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f6a84419f541a581210498e841e854d1f3c8bf9337acaa634ceac87627ca7095
    • Instruction ID: e775503d4336a3098cc6f131981d4f98bf00e73258548a1c1bdf282af0d0522c
    • Opcode Fuzzy Hash: f6a84419f541a581210498e841e854d1f3c8bf9337acaa634ceac87627ca7095
    • Instruction Fuzzy Hash: 13514CB3F112254BF3944928DC583666582DBA4324F2F82788F9CAB7C5D97E9D095388
    Function 00BA4516 Relevance: .2, Instructions: 180COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5b863e0b84292e4d43a60b3b312d531dd9a40fbc472da90ba20a0b24afdd3519
    • Instruction ID: c1a23c23d6e525011dd3674f0364ba748c3e64621b5fe889105941cc7d896f45
    • Opcode Fuzzy Hash: 5b863e0b84292e4d43a60b3b312d531dd9a40fbc472da90ba20a0b24afdd3519
    • Instruction Fuzzy Hash: C75172B3F1162487F7544A69DC983617292EBD9314F2F42788E9C6B3C5EA7E2C0993C4
    Function 00C286EA Relevance: .2, Instructions: 180COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f4289907240a53d1b3859f3b4d562f9a8fc273b9ca6bc13dce952b1b5fbad0b7
    • Instruction ID: fd752fbd1d9c10f6ac53c4a209648f12f4a7a3fa1509ad5304cb75650898a29a
    • Opcode Fuzzy Hash: f4289907240a53d1b3859f3b4d562f9a8fc273b9ca6bc13dce952b1b5fbad0b7
    • Instruction Fuzzy Hash: 8851BBB3F6162587F3404928CC983927683DBE5721F2F83788E68AB7C5D97E9C195384
    Function 00B4C4D0 Relevance: .2, Instructions: 178COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4587a5cc6f8b3e7a9b03e856fd4e42747ab38383f657e670daaa7025495df5be
    • Instruction ID: fbd528f477c70cd91dbf4a96e33d2a24999e93e4d0f3c78fa842a36e80ab8831
    • Opcode Fuzzy Hash: 4587a5cc6f8b3e7a9b03e856fd4e42747ab38383f657e670daaa7025495df5be
    • Instruction Fuzzy Hash: FE5159F3E216254BF3444874CD983626692E7A5310F2F82798F4CAB7C9D97E9D0A43C8
    Function 00BEE129 Relevance: .2, Instructions: 175COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cee32dcd3fbfabab24b55a57275390bd7a36352d6980a0b2ea18051eafedaf7c
    • Instruction ID: 2c2ee4da79561e1cf2d86474eccea4d1c1aded4e9bb3d62aca770747afb1b625
    • Opcode Fuzzy Hash: cee32dcd3fbfabab24b55a57275390bd7a36352d6980a0b2ea18051eafedaf7c
    • Instruction Fuzzy Hash: 6C5131B3F5152647F3548939CC483627683DBD5321F2F81788E88ABBC9D97E9D0A5384
    Function 00BA64D3 Relevance: .2, Instructions: 174COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d7003703106c5b9619990e5104051f02cef17c9090cc70b959e17a21468f68de
    • Instruction ID: 95a03b66fdff003c8a21104d149a6934acfbe6ade02b438f06a408e1df3e725d
    • Opcode Fuzzy Hash: d7003703106c5b9619990e5104051f02cef17c9090cc70b959e17a21468f68de
    • Instruction Fuzzy Hash: 29514D73F212258BF7544E24CCA83B17252EB95310F2E417C8E896B3D5DA7F6D09A788
    Function 00BCF1AB Relevance: .2, Instructions: 173COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: eff09db37d85e7e3c0de48832964122f6e7f3b1e597ee16cd0933185cd516249
    • Instruction ID: 71b846ad77b46894be961565bd863565d7e1eac22843d77bab3a9bd1c7f0d1dd
    • Opcode Fuzzy Hash: eff09db37d85e7e3c0de48832964122f6e7f3b1e597ee16cd0933185cd516249
    • Instruction Fuzzy Hash: 56512DB3E112258BF3544E28CC583A177A2EB95310F2F417CCE895B7D4DA3E6D19A788
    Function 00BA30B6 Relevance: .2, Instructions: 171COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 696f26c86867ffa5e08506fce48b231f73d66c617f73c2fd3e9c1900bdae855e
    • Instruction ID: 42b3f31def7bbeb44cfd01f2e5681e993ffbb388c955a26520dc9c2fdadcadca
    • Opcode Fuzzy Hash: 696f26c86867ffa5e08506fce48b231f73d66c617f73c2fd3e9c1900bdae855e
    • Instruction Fuzzy Hash: 9051C0B3F1022587F3544D29CC993A17292EB95320F2F427C8E9C6B7C5D97E6D095388
    Function 00BD6234 Relevance: .2, Instructions: 171COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 52ce4469147cac4b2c79ad346c4861fa07a128c095eede18804205722cc1bca2
    • Instruction ID: 74850a95e26f47247fe8c7a865c204ba29f998557f7ed40158acb7a622b6f0ba
    • Opcode Fuzzy Hash: 52ce4469147cac4b2c79ad346c4861fa07a128c095eede18804205722cc1bca2
    • Instruction Fuzzy Hash: E451A0F3F615254BF3544979CC983A2258397E4324F2F82B88E9CA77C5EC7E5D065288
    Function 00C1631E Relevance: .2, Instructions: 171COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4310700c0997267f06cc37958725551189fbf53750a1c90176f775fab76e5893
    • Instruction ID: 0bc011a9511eb8bb82c52ce2a109ddced54c750a22525c99c9a913ab8dce421f
    • Opcode Fuzzy Hash: 4310700c0997267f06cc37958725551189fbf53750a1c90176f775fab76e5893
    • Instruction Fuzzy Hash: 5A5139B3F1122587F3544D29CC58361B293ABD5321F2F82788E9D6B7C4DA7E6C469288
    Function 00B9B1FA Relevance: .2, Instructions: 158COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 51bc28c5837b2abece49b81b65a564936853c01efd6c4d375c7f12cbc8ef2a8a
    • Instruction ID: 38ec340e10de0f98124531bb2add69b23f162ae2d200afac8ca465750e4cc3e9
    • Opcode Fuzzy Hash: 51bc28c5837b2abece49b81b65a564936853c01efd6c4d375c7f12cbc8ef2a8a
    • Instruction Fuzzy Hash: 925185B3F502258BF7444E69CCA43B27392EB99320F2E427D8B559B3D4DA7D6C059388
    Function 00B963D9 Relevance: .2, Instructions: 158COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f6cf9c73cecbaea83cc164b248ff7b143c376dfeba67aca536beb6ddacf944ac
    • Instruction ID: f6284f44e666c181d122545f91b34df517699e4fb131c75954d2397a651e8e47
    • Opcode Fuzzy Hash: f6cf9c73cecbaea83cc164b248ff7b143c376dfeba67aca536beb6ddacf944ac
    • Instruction Fuzzy Hash: C85148F3F1022487F3984928DDA83A63282DB95314F2F42798B5A5B7C5D97E5D095288
    Function 00AE506D Relevance: .1, Instructions: 149COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 317b2181d9903726c87670ed9e29dd5983d8481975bd65c444c12a99f82acbb1
    • Instruction ID: dd7028e9544d608fbe42c413a37ddb319f506f11eaa4b7794262cdc7492dd548
    • Opcode Fuzzy Hash: 317b2181d9903726c87670ed9e29dd5983d8481975bd65c444c12a99f82acbb1
    • Instruction Fuzzy Hash: C5514AB3F5112447F3544939CC583627693A7D5324F2F82388A9C677C9DD7E5C0A5288
    Function 00C1C480 Relevance: .1, Instructions: 149COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 42d0347dadeaf7ba7fe58e20fe035c8e2c4bc97788403e048434b4f426f9d10d
    • Instruction ID: dc5a9947d4eca385569a091093edb03521098e3600f7e6048f3c808e801b2b2b
    • Opcode Fuzzy Hash: 42d0347dadeaf7ba7fe58e20fe035c8e2c4bc97788403e048434b4f426f9d10d
    • Instruction Fuzzy Hash: 4951ABF3F2062547F3544929CC983A16283EBE5325F2F82788F9DAB7C5D93E5D095288
    Function 00B0F1FD Relevance: .1, Instructions: 129COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 85a86abec7f4aca3100918e45e4c42b3b49c53f84b5ee9c22fc00aea9042dd87
    • Instruction ID: 3e0071be4fd1a69a28214cbc0eefc9d8c4fa91f50321192ca1003137a5a678b7
    • Opcode Fuzzy Hash: 85a86abec7f4aca3100918e45e4c42b3b49c53f84b5ee9c22fc00aea9042dd87
    • Instruction Fuzzy Hash: 004178B3F2152547F3844829CC593A27283EBD5324F2F82788B596B7C9D97E9D0A5288
    Function 00BB9083 Relevance: .1, Instructions: 117COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cfeee812381ac6714017233cc6dc69769555d5c29c1e556816e1e848a8b02a40
    • Instruction ID: 9847a3c9efc55034c0669b72758a7b5c29763aba1d2a1a8e65e2935fcbbe5767
    • Opcode Fuzzy Hash: cfeee812381ac6714017233cc6dc69769555d5c29c1e556816e1e848a8b02a40
    • Instruction Fuzzy Hash: 0A417EF7E5152647F3500878CD083A266939BE5324F3F42758F1CABBC5E9BE9C4A5284
    Function 00B64523 Relevance: .1, Instructions: 116COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 918dfc69f10f8e53622ca2d06cfac79e6ccb7a7651e8160a76a009d30672059c
    • Instruction ID: 76c86dd4f1a8cd1624cd3b202a31b8295ae406dfcef9e19e55fe85c73a39f5b7
    • Opcode Fuzzy Hash: 918dfc69f10f8e53622ca2d06cfac79e6ccb7a7651e8160a76a009d30672059c
    • Instruction Fuzzy Hash: D0416BB3F5162147F3888829CDA93726583EBD0314F2EC13D8B9A9B7C9C97E5D0A4284
    Function 00B2A247 Relevance: .1, Instructions: 112COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a254fd1a9649241a9fb852880aa1688188a35f749cd26f37e03c5ca6d56a5a89
    • Instruction ID: 0e121080caa7a9d118dac42330cdb2f0388237b217fbfb4365785abc67ac27ad
    • Opcode Fuzzy Hash: a254fd1a9649241a9fb852880aa1688188a35f749cd26f37e03c5ca6d56a5a89
    • Instruction Fuzzy Hash: A4318DB3F1053147F3544868CC483A2A6929BA4314F2F42B8CF8CBBBC9D97E1C0A42C4
    Function 00C2F036 Relevance: .1, Instructions: 107COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bf2484b83c1c8a0e465f84040b0d690580e6de3a44877369b0d645b0598ab3ab
    • Instruction ID: e278c25a2b1a2ce83bad0f1cf306e89d69f0096802692fae1de06a9fa5bce639
    • Opcode Fuzzy Hash: bf2484b83c1c8a0e465f84040b0d690580e6de3a44877369b0d645b0598ab3ab
    • Instruction Fuzzy Hash: 1131AFB3F511224BF3504D69CC883626683DBD5310F2F82798E5C2BBC8D97E5D0A52C4
    Function 00ADA4D6 Relevance: .1, Instructions: 104COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 28b1fdc85eea7d924ff83a07e7890c3089a77c708fc25048a06eeb9b148fbc6b
    • Instruction ID: bdeca00df54082e4b69ef89dde896a6b405532cd9ec8847675891b5db6dbbac0
    • Opcode Fuzzy Hash: 28b1fdc85eea7d924ff83a07e7890c3089a77c708fc25048a06eeb9b148fbc6b
    • Instruction Fuzzy Hash: 84312FB3F1111547F3548839CD593626183E7D0324F2F82398E599B7C5DD7EAD0A5384
    Function 00B623DC Relevance: .1, Instructions: 103COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f799eb78807cd37e3e805b0b884ea8ac135e070a104672c83cd0e717258dd26b
    • Instruction ID: c17a2ccd07289bdffc51d250afb0e1824889cf18ff3d0b2912bd4651965889f7
    • Opcode Fuzzy Hash: f799eb78807cd37e3e805b0b884ea8ac135e070a104672c83cd0e717258dd26b
    • Instruction Fuzzy Hash: 09315CB3F1112447F7544D39CD983626A43A7D5324F2B83388BAC9B7C9DD7EA90A4384
    Function 00BBA214 Relevance: .1, Instructions: 98COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b9ee8396ec38cf52eb243567a1c461ccb95dedd42dc1b191bebc9a4f83e3083b
    • Instruction ID: 52aaa65816fb687a497059d5f547c701a0c17a857fcd1c95a01a8283895a4da4
    • Opcode Fuzzy Hash: b9ee8396ec38cf52eb243567a1c461ccb95dedd42dc1b191bebc9a4f83e3083b
    • Instruction Fuzzy Hash: D93115E3E1053503F39848B4CD693A655429BA1310F2F82798F4EBBBC6DC7E9D0A12C8
    Function 00BC80D0 Relevance: .1, Instructions: 97COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6e57e28c64f3998cadd43d7c9921f0478471f6b47ce308150617825a34fedb91
    • Instruction ID: f7fdccf5f32e0d35f19eea7c15af23cfb7e6c183b7ea142ed11c8a8a44991705
    • Opcode Fuzzy Hash: 6e57e28c64f3998cadd43d7c9921f0478471f6b47ce308150617825a34fedb91
    • Instruction Fuzzy Hash: 2E317CB3E502308BF3544D69CC953A26282DB95324F2F82798E58AB7C5DD7E5C0A93C8
    Function 00BCE578 Relevance: .1, Instructions: 97COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e57264f6d9a1fa2c3f73c89d2270082557a75888e57e93e8d420b9ad31567acb
    • Instruction ID: e238fc182c489814f16fa3133a65b2f2b2f914f530e2cb215dc3df0840a9ddea
    • Opcode Fuzzy Hash: e57264f6d9a1fa2c3f73c89d2270082557a75888e57e93e8d420b9ad31567acb
    • Instruction Fuzzy Hash: CD314BB7F5062607F3544879DD993A165839BD0324F2F82398F1DABBC6DC7E8C4A1284
    Function 00BB62B6 Relevance: .1, Instructions: 94COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 215827c31e436a29194beebecb9eb36c9ead6daaac88b112b38190977c92c237
    • Instruction ID: 4effe7cde209cda66d9eebff93b10578ced05a70709b2c1068c90f704a850b81
    • Opcode Fuzzy Hash: 215827c31e436a29194beebecb9eb36c9ead6daaac88b112b38190977c92c237
    • Instruction Fuzzy Hash: 6B3139B3F2012487F3984925DC693A23252DBA5321F2F417D8B4EAB3C1D97E6C4A5788
    Function 00B4C357 Relevance: .1, Instructions: 94COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 332b19200b1f394496ca9cf171eb2312a49d3a1460578efb7112b64108470a7a
    • Instruction ID: 1f5d9edb970d471c994eac42c8d5f697c2d8df57833433b5e550e5d4b5a58fc8
    • Opcode Fuzzy Hash: 332b19200b1f394496ca9cf171eb2312a49d3a1460578efb7112b64108470a7a
    • Instruction Fuzzy Hash: 59317AB3F6152547F3A88839CD693B26443DBE0310F2E863D4B9AA7BC4DC7D89095284
    Function 00B1109E Relevance: .1, Instructions: 91COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1deec7ae2048470942ab6cb77b32e429ae4213ead3aa731601221c0a7cd6ff18
    • Instruction ID: f221cf4260924866caa8d98d25faa90e399b985cc841c235c7bd586d748575fe
    • Opcode Fuzzy Hash: 1deec7ae2048470942ab6cb77b32e429ae4213ead3aa731601221c0a7cd6ff18
    • Instruction Fuzzy Hash: A6313CF3F6163543F3544868DD993A2A542D7E5320F2F42398F58677C1E9BE9C4A12C8
    Function 00B002E3 Relevance: .1, Instructions: 91COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1133bdcda6cfd55c6a94921c03ea14184e4ae0e07308459a2505e4aa2143d4ac
    • Instruction ID: 420d93275c14ad1fbf31bc7a1dac1d13d4503150a1f4232553c6fc5131af9f93
    • Opcode Fuzzy Hash: 1133bdcda6cfd55c6a94921c03ea14184e4ae0e07308459a2505e4aa2143d4ac
    • Instruction Fuzzy Hash: 9231B0B3F1153647F3244878C8683A2658297A1324F2F42788E5DBB7C6E87E9C0613C4
    Function 00B1F022 Relevance: .1, Instructions: 90COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 42df4bdcba8c52a0dc80aa5410c573b6ed6faf53eb5c73f3e3a4e566e06525ce
    • Instruction ID: 7cb36510ad62771492db823ad52edd5923fcc40b61c8046c2adcdbd250984bd3
    • Opcode Fuzzy Hash: 42df4bdcba8c52a0dc80aa5410c573b6ed6faf53eb5c73f3e3a4e566e06525ce
    • Instruction Fuzzy Hash: 5F313BF7F1152947F3844D39CC983A26583A7E4314F2F41388B4CAB7CAE97E994A1288
    Function 00BF71FF Relevance: .1, Instructions: 88COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7fd15d69cdcb3391d5b7a71b31903654ed9930170c77cebef599289a592d4d26
    • Instruction ID: 93c52e4ed2de92bc3030917827194d5845ce16fea0f328bf13058f97bd33f98b
    • Opcode Fuzzy Hash: 7fd15d69cdcb3391d5b7a71b31903654ed9930170c77cebef599289a592d4d26
    • Instruction Fuzzy Hash: F32178B3E4012107F3588839DD683A265839BD0324F1F83388E59BBBC9DD7E4C0A02C4
    Function 00B5C5DE Relevance: .1, Instructions: 86COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d9d8bc974acec3045e46d63fa26f2d44007fb9a5e3510b2a61db90a6595822a7
    • Instruction ID: b4c3056037145c265c1d293f4483cf87a4d067a838efb24e2b14e83bad788751
    • Opcode Fuzzy Hash: d9d8bc974acec3045e46d63fa26f2d44007fb9a5e3510b2a61db90a6595822a7
    • Instruction Fuzzy Hash: 59218EE3F516110BF3944839CDA936624C39BD5324F2F827D8B9AAB7CAD87D490A4384
    Function 00BFA1C8 Relevance: .1, Instructions: 82COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9cb81fd8623ecdecdc9d49d541a807a3057ea07aa9fbd9f47cc588b638dcf7b3
    • Instruction ID: 168c09416a6e7f750d53fb6478eaa73ba12716464cf02c01eeadd89af0bbd3a8
    • Opcode Fuzzy Hash: 9cb81fd8623ecdecdc9d49d541a807a3057ea07aa9fbd9f47cc588b638dcf7b3
    • Instruction Fuzzy Hash: 7A216DF3F2152147F348487CDD5E3A265429B94314F2F82388E5CEBBCAD87D9D0A4288
    Function 00BA70D5 Relevance: .1, Instructions: 80COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cfa9a7dd835cfc930b490b2dc5a11ecb4da7fcaec79fe87382895ab757d053f4
    • Instruction ID: 5138f70b8c2f93136c0a8cc40f57995b7a9fb33c884ac9bfdca43c9f24ecfc50
    • Opcode Fuzzy Hash: cfa9a7dd835cfc930b490b2dc5a11ecb4da7fcaec79fe87382895ab757d053f4
    • Instruction Fuzzy Hash: C4211AF3F412144BF344493ACD983666583A7E0354F2B4279CB4D9B7C9DD7E684A4284
    Function 00BB61AA Relevance: .1, Instructions: 68COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 46560d51640c119e5684d3b6cc865247861a8aa66b75ee8b1c07fda655aa9f1a
    • Instruction ID: cc5402f2b985bb2d201be76071121a5b1a1610c1112822d95b1876def116589b
    • Opcode Fuzzy Hash: 46560d51640c119e5684d3b6cc865247861a8aa66b75ee8b1c07fda655aa9f1a
    • Instruction Fuzzy Hash: DD116DB3F1062107F3980864CC583A26283A791324F2F827D8F9DABBC5C97D4C464384
    Function 00AD01AB Relevance: .1, Instructions: 58COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3c237b224fdf71a1e97f890d58d798e33ac6c67ccb206f804cd2a8519d765e84
    • Instruction ID: 7b1b34bfc7906cfbe8f53ddd33cb3a92437df718514262974a03437be4c0f124
    • Opcode Fuzzy Hash: 3c237b224fdf71a1e97f890d58d798e33ac6c67ccb206f804cd2a8519d765e84
    • Instruction Fuzzy Hash: 2C2197B540920ADFDB148F35E5083AE77E0EF84311F05452EE98282680DBBA4CA4CF9A
    Function 00CA96D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
    Download Yara Rule
    APIs
    • GetFileAttributesExW.KERNEL32(0165A294,00004020,00000000,-11805FEC), ref: 00CA97C4
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2297601653.0000000000C5A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AC0000, based on PE: true
    • Associated: 00000000.00000002.2297554949.0000000000AC0000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297573420.0000000000AC2000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297587719.0000000000AC6000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000ACA000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D67000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297601653.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297793682.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297902653.0000000000F20000.00000040.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2297917557.0000000000F22000.00000080.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_ac0000_file.jbxd
    Similarity
    • API ID: AttributesFile
    • String ID: @
    • API String ID: 3188754299-2726393805
    • Opcode ID: 5358584cfd4c24ce7771eb6082990e67c4a1f62436e18204bd55f90a0e3c657e
    • Instruction ID: 55367fb6730c1c6890beadc0dd0b624a607cc3ae2c17faf8c78946903d293e0d
    • Opcode Fuzzy Hash: 5358584cfd4c24ce7771eb6082990e67c4a1f62436e18204bd55f90a0e3c657e
    • Instruction Fuzzy Hash: 1431A075504706EFDB258F49C849B9EBBB0FF05308F008519E556A7660C371EAA1DFA0