Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532538
MD5:	e8ec2cd0994666ebace945d5774b8fdd
SHA1:	d46d96bef76101573e704f11884cc83563a5a7bf
SHA256:	454c1d3fd87f5a257ca5e36d590fa9755e0ae329477ec749418347511572418a
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 5804 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E8EC2CD0994666EBACE945D5774B8FDD)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00511AD0 CryptVerifySignatureA,

0_2_00511AD0

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2187814691.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmp

Source: unknown

DNS traffic detected: query: 18.31.95.13.in-addr.arpa replaycode: Name error (3)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037E032	0_2_0037E032
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039E020	0_2_0039E020
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047A077	0_2_0047A077
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FA00E	0_2_003FA00E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00396079	0_2_00396079
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00440006	0_2_00440006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A607F	0_2_003A607F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E8075	0_2_003E8075
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00428013	0_2_00428013
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00476026	0_2_00476026
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039805F	0_2_0039805F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B604B	0_2_003B604B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E0C2	0_2_0044E0C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038C0A1	0_2_0038C0A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004600FA	0_2_004600FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CA0FD	0_2_003CA0FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C080	0_2_0048C080
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042608D	0_2_0042608D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003740DF	0_2_003740DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004800A7	0_2_004800A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A40C8	0_2_003A40C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E0B7	0_2_0040E0B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003560CE	0_2_003560CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045414B	0_2_0045414B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00394119	0_2_00394119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404163	0_2_00404163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042C166	0_2_0042C166
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00424172	0_2_00424172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00362107	0_2_00362107
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C177	0_2_0045C177
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043E175	0_2_0043E175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00480170	0_2_00480170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042A116	0_2_0042A116
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042211A	0_2_0042211A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A120	0_2_0046A120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00390142	0_2_00390142
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A81BB	0_2_003A81BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004821CA	0_2_004821CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039C1BB	0_2_0039C1BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003821BC	0_2_003821BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004421DD	0_2_004421DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034A1AA	0_2_0034A1AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004981EE	0_2_004981EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A1EA	0_2_0045A1EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A1FA	0_2_0048A1FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004321F7	0_2_004321F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00372181	0_2_00372181
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004481FD	0_2_004481FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003541E5	0_2_003541E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035A1E6	0_2_0035A1E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D81CA	0_2_003D81CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038A1C2	0_2_0038A1C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E1B5	0_2_0048E1B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00478246	0_2_00478246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408252	0_2_00408252
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00490250	0_2_00490250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484268	0_2_00484268
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00496268	0_2_00496268
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A826D	0_2_004A826D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034821E	0_2_0034821E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041026E	0_2_0041026E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00450276	0_2_00450276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F2274	0_2_003F2274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D4270	0_2_003D4270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036C27B	0_2_0036C27B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F626F	0_2_003F626F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048621A	0_2_0048621A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B826E	0_2_003B826E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00462218	0_2_00462218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00366246	0_2_00366246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00436231	0_2_00436231
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE2BE	0_2_003CE2BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E2CE	0_2_0044E2CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037C2A6	0_2_0037C2A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C2D5	0_2_0043C2D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039A2A0	0_2_0039A2A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042E2E6	0_2_0042E2E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EA297	0_2_003EA297
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00388293	0_2_00388293
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004162EA	0_2_004162EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004042F9	0_2_004042F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034628F	0_2_0034628F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00470286	0_2_00470286
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003502FA	0_2_003502FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041428E	0_2_0041428E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035E2E6	0_2_0035E2E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003842EE	0_2_003842EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043A299	0_2_0043A299
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003762EB	0_2_003762EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003862D5	0_2_003862D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003902C1	0_2_003902C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B22C7	0_2_003B22C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C34D	0_2_0045C34D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037233C	0_2_0037233C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FE31F	0_2_003FE31F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034C310	0_2_0034C310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00430366	0_2_00430366
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00446374	0_2_00446374
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C371	0_2_0049C371
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049A309	0_2_0049A309
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036437E	0_2_0036437E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00358364	0_2_00358364
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D0364	0_2_003D0364
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00396365	0_2_00396365
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C835A	0_2_003C835A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402330	0_2_00402330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004583C5	0_2_004583C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A83B8	0_2_003A83B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A3C7	0_2_0040A3C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DC3BA	0_2_003DC3BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047E3C9	0_2_0047E3C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A03A3	0_2_003A03A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004943D6	0_2_004943D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EE393	0_2_003EE393
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004623E8	0_2_004623E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039C381	0_2_0039C381
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DA386	0_2_003DA386
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004523F9	0_2_004523F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AA3FC	0_2_003AA3FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003703E1	0_2_003703E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037C3E9	0_2_0037C3E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BE3DE	0_2_003BE3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004263AD	0_2_004263AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003863CC	0_2_003863CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004883BE	0_2_004883BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E43C7	0_2_003E43C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C243A	0_2_003C243A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E455	0_2_0044E455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C45A	0_2_0046C45A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041C45E	0_2_0041C45E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00438468	0_2_00438468
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044046A	0_2_0044046A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BC409	0_2_003BC409
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038C40C	0_2_0038C40C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D640B	0_2_003D640B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041E400	0_2_0041E400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418402	0_2_00418402
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039447D	0_2_0039447D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406405	0_2_00406405
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042A40D	0_2_0042A40D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A446E	0_2_003A446E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00352456	0_2_00352456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A430	0_2_0046A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412438	0_2_00412438
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F0444	0_2_003F0444
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004004C4	0_2_004004C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036A4A5	0_2_0036A4A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003684AD	0_2_003684AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D04A6	0_2_003D04A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A6493	0_2_003A6493
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00434483	0_2_00434483
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E84FB	0_2_003E84FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B44D2	0_2_003B44D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B84D0	0_2_003B84D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039E4CB	0_2_0039E4CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FA4C3	0_2_003FA4C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047454D	0_2_0047454D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E2530	0_2_003E2530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E651B	0_2_003E651B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F6512	0_2_003F6512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F4578	0_2_003F4578
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036057C	0_2_0036057C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D2571	0_2_003D2571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00442517	0_2_00442517
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C655D	0_2_003C655D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044C520	0_2_0044C520
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C5C8	0_2_0040C5C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B2592	0_2_003B2592
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CC596	0_2_003CC596
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004545E8	0_2_004545E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A5F5	0_2_0048A5F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C5F9	0_2_0046C5F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045658C	0_2_0045658C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AE5E3	0_2_003AE5E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D45E7	0_2_003D45E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A598	0_2_0045A598
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00490594	0_2_00490594
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004105A3	0_2_004105A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004785A0	0_2_004785A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004185AF	0_2_004185AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003745C7	0_2_003745C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004665BF	0_2_004665BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00460644	0_2_00460644
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D862F	0_2_003D862F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00470650	0_2_00470650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408659	0_2_00408659
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038E61E	0_2_0038E61E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F8607	0_2_003F8607
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C61F	0_2_0045C61F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B665A	0_2_003B665A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034A6A7	0_2_0034A6A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004966DC	0_2_004966DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004646DF	0_2_004646DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004846E8	0_2_004846E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049A6E4	0_2_0049A6E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A06FC	0_2_003A06FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003886F4	0_2_003886F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044268A	0_2_0044268A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044A6B1	0_2_0044A6B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DE73F	0_2_003DE73F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00422745	0_2_00422745
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474740	0_2_00474740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00390728	0_2_00390728
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00398728	0_2_00398728
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402754	0_2_00402754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00396724	0_2_00396724
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BE71B	0_2_003BE71B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A676A	0_2_004A676A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E4711	0_2_003E4711
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A2704	0_2_003A2704
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035C77C	0_2_0035C77C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00362779	0_2_00362779
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C8764	0_2_003C8764
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045E724	0_2_0045E724
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035E750	0_2_0035E750
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038C75F	0_2_0038C75F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034E743	0_2_0034E743
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C73B	0_2_0043C73B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00482731	0_2_00482731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00466738	0_2_00466738
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003947BA	0_2_003947BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A7C5	0_2_0040A7C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004447C1	0_2_004447C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039C7AB	0_2_0039C7AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00376785	0_2_00376785
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042E7FC	0_2_0042E7FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004527FB	0_2_004527FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FC7FA	0_2_003FC7FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003567FD	0_2_003567FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00448797	0_2_00448797
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488792	0_2_00488792
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00494795	0_2_00494795
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003707E8	0_2_003707E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004867A4	0_2_004867A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AA7D7	0_2_003AA7D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00446840	0_2_00446840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045085C	0_2_0045085C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049886A	0_2_0049886A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B8811	0_2_003B8811
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B4814	0_2_003B4814
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464870	0_2_00464870
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C870	0_2_0046C870
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C872	0_2_0049C872
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00462879	0_2_00462879
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048082E	0_2_0048082E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035284E	0_2_0035284E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036E8B2	0_2_0036E8B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E8CE	0_2_0044E8CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004948EF	0_2_004948EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B08E4	0_2_004B08E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B0888	0_2_003B0888
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004108F8	0_2_004108F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AE884	0_2_003AE884
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004908F6	0_2_004908F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035C8F5	0_2_0035C8F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BE8EB	0_2_003BE8EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00454895	0_2_00454895
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D28E0	0_2_003D28E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037A8E8	0_2_0037A8E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004208A8	0_2_004208A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C8A5	0_2_0049C8A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B693A	0_2_003B693A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EC938	0_2_003EC938
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043894F	0_2_0043894F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00360939	0_2_00360939
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00382929	0_2_00382929
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418977	0_2_00418977
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D690A	0_2_003D690A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E0906	0_2_003E0906
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041C97F	0_2_0041C97F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039E97F	0_2_0039E97F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00368967	0_2_00368967
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BC969	0_2_003BC969
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00378956	0_2_00378956
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037495A	0_2_0037495A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A6955	0_2_003A6955
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E932	0_2_0040E932
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AA942	0_2_003AA942
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E2945	0_2_003E2945
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004809C6	0_2_004809C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004969C7	0_2_004969C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E69A7	0_2_003E69A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046E9D8	0_2_0046E9D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004309E2	0_2_004309E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034C990	0_2_0034C990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004709E1	0_2_004709E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A9EE	0_2_0046A9EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043A9FA	0_2_0043A9FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042C9F9	0_2_0042C9F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003909FF	0_2_003909FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038A9EB	0_2_0038A9EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003549E8	0_2_003549E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C9A0	0_2_0040C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004609A7	0_2_004609A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004429B9	0_2_004429B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CAA3C	0_2_003CAA3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049AA49	0_2_0049AA49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E8A3D	0_2_003E8A3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045AA42	0_2_0045AA42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402A5B	0_2_00402A5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044CA58	0_2_0044CA58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492A73	0_2_00492A73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B0A06	0_2_003B0A06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00424A3E	0_2_00424A3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00386AB9	0_2_00386AB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00466ACF	0_2_00466ACF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F6AB2	0_2_003F6AB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00384AA0	0_2_00384AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003ECAA5	0_2_003ECAA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C0AA2	0_2_003C0AA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F2A93	0_2_003F2A93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045EAF1	0_2_0045EAF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C2A8A	0_2_003C2A8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00398AF8	0_2_00398AF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B2AFF	0_2_003B2AFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00360AE2	0_2_00360AE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BEAE6	0_2_003BEAE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D0ADD	0_2_003D0ADD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047AAA7	0_2_0047AAA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E4ADA	0_2_003E4ADA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00364ADF	0_2_00364ADF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048EABC	0_2_0048EABC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A0ACF	0_2_003A0ACF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C4ACA	0_2_003C4ACA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003ACAC1	0_2_003ACAC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00362B3C	0_2_00362B3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B4B34	0_2_003B4B34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00448B51	0_2_00448B51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044AB5C	0_2_0044AB5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045CB5F	0_2_0045CB5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00486B57	0_2_00486B57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00350B16	0_2_00350B16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00436B70	0_2_00436B70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047EB70	0_2_0047EB70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00422B0D	0_2_00422B0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035AB65	0_2_0035AB65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B0B59	0_2_003B0B59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037EB47	0_2_0037EB47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00352B44	0_2_00352B44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00444B37	0_2_00444B37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D4B47	0_2_003D4B47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034EBAC	0_2_0034EBAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037CB94	0_2_0037CB94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DAB9A	0_2_003DAB9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00498BE2	0_2_00498BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00410BF2	0_2_00410BF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00372B81	0_2_00372B81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00458BF3	0_2_00458BF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FCBF3	0_2_003FCBF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A2BF4	0_2_003A2BF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B8C30	0_2_003B8C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FEC27	0_2_003FEC27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00346C2E	0_2_00346C2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047CC66	0_2_0047CC66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039CC1F	0_2_0039CC1F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00376C19	0_2_00376C19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DCC0C	0_2_003DCC0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00364C0B	0_2_00364C0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00400C00	0_2_00400C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00392C49	0_2_00392C49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00356C40	0_2_00356C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00482C31	0_2_00482C31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00366C4A	0_2_00366C4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464CC6	0_2_00464CC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043ECC4	0_2_0043ECC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A6CB0	0_2_003A6CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D6CA9	0_2_003D6CA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F4CAA	0_2_003F4CAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00452CD0	0_2_00452CD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A0C98	0_2_003A0C98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F2C9C	0_2_003F2C9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00348C91	0_2_00348C91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00436CEB	0_2_00436CEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038CC91	0_2_0038CC91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B6C92	0_2_003B6C92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00450CE8	0_2_00450CE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048ACF2	0_2_0048ACF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426C86	0_2_00426C86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0037ACCE	0_2_0037ACCE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D2D38	0_2_003D2D38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418D4B	0_2_00418D4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039ED2D	0_2_0039ED2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00496D5F	0_2_00496D5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00396D20	0_2_00396D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00480D68	0_2_00480D68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00374D14	0_2_00374D14
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00430D6E	0_2_00430D6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00382D03	0_2_00382D03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404D01	0_2_00404D01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00368D78	0_2_00368D78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420D16	0_2_00420D16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A4D1C	0_2_004A4D1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00410D3D	0_2_00410D3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00482DD8	0_2_00482DD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00442DD5	0_2_00442DD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C8DA7	0_2_003C8DA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00460DDD	0_2_00460DDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038ADA6	0_2_0038ADA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034AD95	0_2_0034AD95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045EDF5	0_2_0045EDF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036AD85	0_2_0036AD85
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00468D86	0_2_00468D86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042CD92	0_2_0042CD92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00462D97	0_2_00462D97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FADEA	0_2_003FADEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040ADAC	0_2_0040ADAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045CDA9	0_2_0045CDA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D8DD0	0_2_003D8DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048CDB6	0_2_0048CDB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484E48	0_2_00484E48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00360E37	0_2_00360E37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034CE30	0_2_0034CE30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464E5F	0_2_00464E5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003ECE19	0_2_003ECE19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035CE1D	0_2_0035CE1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00450E70	0_2_00450E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B4E7B	0_2_003B4E7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045AE07	0_2_0045AE07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BCE5E	0_2_003BCE5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00454E32	0_2_00454E32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046AEC6	0_2_0046AEC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00446ED4	0_2_00446ED4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416EDF	0_2_00416EDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041AEDF	0_2_0041AEDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F0E9F	0_2_003F0E9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402EFF	0_2_00402EFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BEEF2	0_2_003BEEF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00390EEB	0_2_00390EEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AEE9E	0_2_004AEE9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049AE91	0_2_0049AE91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00422EA7	0_2_00422EA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C6EC9	0_2_003C6EC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00460F42	0_2_00460F42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C0F39	0_2_003C0F39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045CF57	0_2_0045CF57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B0F2D	0_2_003B0F2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CCF18	0_2_003CCF18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B2F0F	0_2_003B2F0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FCF0A	0_2_003FCF0A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00472F07	0_2_00472F07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00454F10	0_2_00454F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00498F10	0_2_00498F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044AF1F	0_2_0044AF1F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042AFCB	0_2_0042AFCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00350FB9	0_2_00350FB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00436FCD	0_2_00436FCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00360FA4	0_2_00360FA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A2FAE	0_2_003A2FAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00476FD0	0_2_00476FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00400FE8	0_2_00400FE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039CF92	0_2_0039CF92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00428FFC	0_2_00428FFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034EFF5	0_2_0034EFF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00346FE0	0_2_00346FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DAFE8	0_2_003DAFE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00364FE0	0_2_00364FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EAFDD	0_2_003EAFDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E9038	0_2_003E9038
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C5028	0_2_003C5028
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043106C	0_2_0043106C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00397008	0_2_00397008
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D5008	0_2_003D5008
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048700B	0_2_0048700B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039507D	0_2_0039507D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00439009	0_2_00439009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003BF060	0_2_003BF060
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DD061	0_2_003DD061
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044D026	0_2_0044D026
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038505D	0_2_0038505D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00433031	0_2_00433031
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038F04C	0_2_0038F04C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004070C8	0_2_004070C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A70B6	0_2_003A70B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F0CC	0_2_0041F0CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E10AE	0_2_003E10AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A10A8	0_2_003A10A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A90A2	0_2_003A90A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004830D0	0_2_004830D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004950D5	0_2_004950D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FF0A0	0_2_003FF0A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003C3094	0_2_003C3094
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003AD0F4	0_2_003AD0F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048B099	0_2_0048B099
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00373123	0_2_00373123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E512A	0_2_003E512A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041D169	0_2_0041D169
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003B7112	0_2_003B7112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039F10F	0_2_0039F10F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0036B176	0_2_0036B176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00419116	0_2_00419116
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043511A	0_2_0043511A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00347156	0_2_00347156
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048F13A	0_2_0048F13A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0038714C	0_2_0038714C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003A5143	0_2_003A5143
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043B13A	0_2_0043B13A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045313C	0_2_0045313C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EF1BE	0_2_003EF1BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044D1DC	0_2_0044D1DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003771AD	0_2_003771AD

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 0050CAC5 appears 35 times

Source: file.exe, 00000000.00000000.2177670009.0000000000336000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2321890911.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: dsenwoqe ZLIB complexity 0.9947670555227407

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@1/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 1758720 > 1048576

Source: file.exe

Static PE information: Raw size of dsenwoqe is bigger than: 0x100000 < 0x1a7400

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.330000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dsenwoqe:EW;leuuuzyv:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1b5d95 should be: 0x1aeb6e

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: dsenwoqe
Source: file.exe	Static PE information: section name: leuuuzyv
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0033E4CC push ecx; mov dword ptr [esp], 7BF52F81h	0_2_0033F453
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034082D push edi; mov dword ptr [esp], ebp	0_2_0034084D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053A055 push 7A6E01F2h; mov dword ptr [esp], ebp	0_2_0053A07F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053A055 push eax; mov dword ptr [esp], ebx	0_2_0053A09A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053A055 push 6DDDB788h; mov dword ptr [esp], esi	0_2_0053A0D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039805F push ebp; mov dword ptr [esp], esp	0_2_003983C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039805F push 09231A15h; mov dword ptr [esp], edi	0_2_003983D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039805F push edi; mov dword ptr [esp], ebp	0_2_0039844F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039805F push edx; mov dword ptr [esp], 7EF7EAE5h	0_2_00398648
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039805F push 1E63242Ah; mov dword ptr [esp], ecx	0_2_003986B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C60D1 push eax; mov dword ptr [esp], ecx	0_2_005C6126
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C60D1 push 41F13CA7h; mov dword ptr [esp], ebp	0_2_005C6145
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C60D1 push 2F970ABAh; mov dword ptr [esp], esi	0_2_005C6155
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054E0C8 push 0F1F46AAh; mov dword ptr [esp], eax	0_2_0054E10D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054E0C8 push edi; mov dword ptr [esp], 75CD43A3h	0_2_0054E13B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054E0C8 push edi; mov dword ptr [esp], esi	0_2_0054E1B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054E0C8 push 7C0D97D8h; mov dword ptr [esp], esp	0_2_0054E1C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0033C090 push ebp; mov dword ptr [esp], edi	0_2_0033C7A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0033C0FE push 15F12BA4h; mov dword ptr [esp], ecx	0_2_0033C3BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005740B2 push ecx; mov dword ptr [esp], esp	0_2_005740D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004100BD push ecx; mov dword ptr [esp], esi	0_2_00410182
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004100BD push edi; mov dword ptr [esp], 525D4030h	0_2_004101A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034016B push ebx; mov dword ptr [esp], edx	0_2_00343418
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034016B push esi; mov dword ptr [esp], ebx	0_2_0034341C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003821BC push ebp; mov dword ptr [esp], 46F16C0Dh	0_2_0038265B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003821BC push esi; mov dword ptr [esp], ebx	0_2_00382684
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003821BC push 02CBC5E3h; mov dword ptr [esp], esi	0_2_00382740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003821BC push eax; mov dword ptr [esp], edx	0_2_00382794
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003821BC push eax; mov dword ptr [esp], 2D9C40FFh	0_2_003827A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003821BC push edi; mov dword ptr [esp], esi	0_2_003827C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003821BC push ebx; mov dword ptr [esp], edi	0_2_0038281F

Source: file.exe	Static PE information: section name: entropy: 7.789485049829895
Source: file.exe	Static PE information: section name: dsenwoqe entropy: 7.953509163753791

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 33D968 second address: 33D96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ACEBE second address: 4ACED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jo 00007FA958BE8076h 0x0000000e popad 0x0000000f push edi 0x00000010 jne 00007FA958BE8076h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B87A4 second address: 4B87AE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA958DB0DD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B891D second address: 4B8921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8921 second address: 4B8927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8927 second address: 4B892D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B892D second address: 4B897A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE5h 0x00000007 jbe 00007FA958DB0DDCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FA958DB0DE3h 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 jmp 00007FA958DB0DE0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B897A second address: 4B898F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA958BE8076h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jl 00007FA958BE8076h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8D88 second address: 4B8D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8D8C second address: 4B8D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8D92 second address: 4B8DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007FA958DB0DDBh 0x0000000e jmp 00007FA958DB0DDAh 0x00000013 popad 0x00000014 pop esi 0x00000015 pushad 0x00000016 push ecx 0x00000017 jc 00007FA958DB0DD6h 0x0000001d je 00007FA958DB0DD6h 0x00000023 pop ecx 0x00000024 push edi 0x00000025 jmp 00007FA958DB0DE4h 0x0000002a pop edi 0x0000002b ja 00007FA958DB0DE2h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAA98 second address: 4BAAB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jo 00007FA958BE807Ch 0x00000010 jp 00007FA958BE8076h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAAB2 second address: 4BAAD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAAD0 second address: 4BAAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAAD4 second address: 4BAAE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FA958DB0DD6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAB1F second address: 4BAB24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAB24 second address: 4BAB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FA958DB0DE6h 0x0000000d nop 0x0000000e xor ecx, 65FD8A41h 0x00000014 push 00000000h 0x00000016 mov ecx, dword ptr [ebp+122D2A90h] 0x0000001c push 2E59EF96h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FA958DB0DDCh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAB64 second address: 4BABA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 2E59EF16h 0x00000010 sub dword ptr [ebp+122D36B3h], eax 0x00000016 push 00000003h 0x00000018 mov esi, 6E05E332h 0x0000001d push 00000000h 0x0000001f or dword ptr [ebp+122D1CC9h], edx 0x00000025 push 00000003h 0x00000027 mov ecx, dword ptr [ebp+122D2AC0h] 0x0000002d call 00007FA958BE8079h 0x00000032 push ecx 0x00000033 jnp 00007FA958BE807Ch 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BABA9 second address: 4BAC13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jmp 00007FA958DB0DE6h 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jnl 00007FA958DB0DF2h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push ecx 0x00000018 pushad 0x00000019 ja 00007FA958DB0DD6h 0x0000001f push edx 0x00000020 pop edx 0x00000021 popad 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FA958DB0DE4h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAC13 second address: 4BAC18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAC6F second address: 4BAC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAC73 second address: 4BAC77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAC77 second address: 4BAC7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAC7D second address: 4BAC87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA958BE8076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAC87 second address: 4BAD04 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e je 00007FA958DB0DD8h 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007FA958DB0DD8h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 jmp 00007FA958DB0DE3h 0x00000037 push 00000000h 0x00000039 sub dword ptr [ebp+122D1A46h], ebx 0x0000003f mov edx, dword ptr [ebp+122D284Ch] 0x00000045 push 6C14DED0h 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FA958DB0DE7h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAD04 second address: 4BAD08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAD08 second address: 4BAD11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAD11 second address: 4BADB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8081h 0x00000009 popad 0x0000000a popad 0x0000000b xor dword ptr [esp], 6C14DE50h 0x00000012 mov edi, 53D1C0A5h 0x00000017 push 00000003h 0x00000019 movzx ecx, ax 0x0000001c push 00000000h 0x0000001e xor si, 8BC3h 0x00000023 push 00000003h 0x00000025 mov dword ptr [ebp+122D1C06h], ebx 0x0000002b push 8232A2AAh 0x00000030 pushad 0x00000031 jo 00007FA958BE807Ch 0x00000037 jnl 00007FA958BE8076h 0x0000003d push ebx 0x0000003e jmp 00007FA958BE807Dh 0x00000043 pop ebx 0x00000044 popad 0x00000045 xor dword ptr [esp], 4232A2AAh 0x0000004c push 00000000h 0x0000004e push ecx 0x0000004f call 00007FA958BE8078h 0x00000054 pop ecx 0x00000055 mov dword ptr [esp+04h], ecx 0x00000059 add dword ptr [esp+04h], 00000014h 0x00000061 inc ecx 0x00000062 push ecx 0x00000063 ret 0x00000064 pop ecx 0x00000065 ret 0x00000066 mov dh, 9Ch 0x00000068 cld 0x00000069 lea ebx, dword ptr [ebp+124509C3h] 0x0000006f mov dword ptr [ebp+122D1D49h], eax 0x00000075 pushad 0x00000076 mov dx, 7D96h 0x0000007a mov eax, dword ptr [ebp+122D2824h] 0x00000080 popad 0x00000081 xchg eax, ebx 0x00000082 push eax 0x00000083 push edx 0x00000084 jg 00007FA958BE8078h 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BAE6B second address: 4BAE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, esi 0x0000000b push 00000000h 0x0000000d mov esi, edi 0x0000000f push E0582499h 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007FA958DB0DD8h 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DCEAE second address: 4DCEB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DCEB2 second address: 4DCEEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FA958DB0DE6h 0x0000000c jmp 00007FA958DB0DE0h 0x00000011 js 00007FA958DB0DD8h 0x00000017 push esi 0x00000018 pop esi 0x00000019 pushad 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c jmp 00007FA958DB0DE1h 0x00000021 push esi 0x00000022 pop esi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DAE7D second address: 4DAE83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DAE83 second address: 4DAE89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DAFF9 second address: 4DB04F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d popad 0x0000000e pushad 0x0000000f push esi 0x00000010 jmp 00007FA958BE8088h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pop esi 0x00000018 push ecx 0x00000019 push edi 0x0000001a pop edi 0x0000001b pushad 0x0000001c popad 0x0000001d pop ecx 0x0000001e pushad 0x0000001f jo 00007FA958BE8076h 0x00000025 push edx 0x00000026 pop edx 0x00000027 jne 00007FA958BE8076h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB18D second address: 4DB193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB193 second address: 4DB197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB197 second address: 4DB1B7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA958DB0DE7h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB1B7 second address: 4DB1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB1BE second address: 4DB1DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FA958DB0DE9h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB32A second address: 4DB349 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007FA958BE8078h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jo 00007FA958BE8076h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB8BA second address: 4DB8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB8C5 second address: 4DB8CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB9F5 second address: 4DB9FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DB9FB second address: 4DBA18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007FA958BE807Ch 0x0000000b jnc 00007FA958BE8076h 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DBA18 second address: 4DBA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DBA1C second address: 4DBA26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DBCB8 second address: 4DBCC8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA958DB0DD6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DBCC8 second address: 4DBCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D124C second address: 4D1261 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958DB0DE0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DC606 second address: 4DC60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE494 second address: 4DE499 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE499 second address: 4DE4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FA958BE8084h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007FA958BE8076h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE4BE second address: 4DE4D9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA958DB0DD6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007FA958DB0DDBh 0x00000012 push edi 0x00000013 pop edi 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE4D9 second address: 4DE4E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DE4E1 second address: 4DE50F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FA958DB0DD6h 0x00000011 jmp 00007FA958DB0DDEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E1405 second address: 4E1423 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8085h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E1423 second address: 4E1429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E1429 second address: 4E1444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FA958BE807Bh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E03F9 second address: 4E041C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 jmp 00007FA958DB0DE5h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB511 second address: 4AB517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8BE9 second address: 4E8BED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8BED second address: 4E8BF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8BF1 second address: 4E8C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c jmp 00007FA958DB0DDFh 0x00000011 popad 0x00000012 js 00007FA958DB0DEAh 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8C17 second address: 4E8C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8DBD second address: 4E8DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8DC1 second address: 4E8DD3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FA958BE8076h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8DD3 second address: 4E8DD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8DD7 second address: 4E8DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB78A second address: 4EB790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB823 second address: 4EB827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EBBF4 second address: 4EBBF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EBBF8 second address: 4EBBFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EBBFE second address: 4EBC03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EBCB7 second address: 4EBCBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EBCBB second address: 4EBCC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EBCC1 second address: 4EBCEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jc 00007FA958BE8076h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 jmp 00007FA958BE8089h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EBE7A second address: 4EBE84 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA958DB0DDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC30C second address: 4EC310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC310 second address: 4EC316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC316 second address: 4EC31C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC31C second address: 4EC3BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e and di, E829h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007FA958DB0DD8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f jmp 00007FA958DB0DE2h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edi 0x00000039 call 00007FA958DB0DD8h 0x0000003e pop edi 0x0000003f mov dword ptr [esp+04h], edi 0x00000043 add dword ptr [esp+04h], 00000019h 0x0000004b inc edi 0x0000004c push edi 0x0000004d ret 0x0000004e pop edi 0x0000004f ret 0x00000050 movsx edi, cx 0x00000053 xchg eax, ebx 0x00000054 jmp 00007FA958DB0DDEh 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007FA958DB0DE4h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC3BB second address: 4EC3D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA958BE8082h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ECDAB second address: 4ECDB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ECC78 second address: 4ECC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ECDB3 second address: 4ECE00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FA958DB0DDBh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FA958DB0DD8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov esi, eax 0x00000029 push 00000000h 0x0000002b mov edi, 6CB6186Eh 0x00000030 push 00000000h 0x00000032 mov edi, dword ptr [ebp+1247B1E2h] 0x00000038 push eax 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c jnl 00007FA958DB0DD6h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ECC7C second address: 4ECCAB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FA958BE8089h 0x0000000c jmp 00007FA958BE8083h 0x00000011 popad 0x00000012 push eax 0x00000013 je 00007FA958BE8084h 0x00000019 push eax 0x0000001a push edx 0x0000001b jnl 00007FA958BE8076h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ECE00 second address: 4ECE0F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF4D0 second address: 4EF4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EF4D4 second address: 4EF4E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EFFD1 second address: 4EFFEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EFFEE second address: 4F001A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FA958DB0DDCh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FA958DB0DE5h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F0A96 second address: 4F0AF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FA958BE8078h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 movzx edi, ax 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a movzx edi, cx 0x0000002d pop esi 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007FA958BE8078h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a push eax 0x0000004b push edi 0x0000004c push esi 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EFD3E second address: 4EFD4B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EFD4B second address: 4EFD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EFD4F second address: 4EFD53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6977 second address: 4F697B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9992 second address: 4F99AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA958DB0DE1h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F99AA second address: 4F99C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA958BE8080h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F1287 second address: 4F128D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5B3C second address: 4F5B40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6B16 second address: 4F6B27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8D05 second address: 4F8D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9C64 second address: 4F9C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F128D second address: 4F1291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FAA6A second address: 4FAA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6B27 second address: 4F6B2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8D0A second address: 4F8D1F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a ja 00007FA958DB0DD8h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9C6D second address: 4F9C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FAA6E second address: 4FAA72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F5BFD second address: 4F5C01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6B2D second address: 4F6B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9C71 second address: 4F9C75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FAA72 second address: 4FAA78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6B31 second address: 4F6B35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FAA78 second address: 4FAA7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6B35 second address: 4F6B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push esi 0x0000000b jc 00007FA958BE8076h 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6B4B second address: 4F6B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6C3D second address: 4F6C47 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA958BE807Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6C47 second address: 4F6C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007FA958DB0DE2h 0x0000000d js 00007FA958DB0DDCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FDA4F second address: 4FDACF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jne 00007FA958BE8076h 0x00000010 pop edi 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007FA958BE8078h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d pushad 0x0000002e pushad 0x0000002f call 00007FA958BE8086h 0x00000034 pop ecx 0x00000035 mov bx, dx 0x00000038 popad 0x00000039 popad 0x0000003a push 00000000h 0x0000003c mov dword ptr [ebp+122D1CEAh], edi 0x00000042 push 00000000h 0x00000044 or dword ptr [ebp+12463949h], esi 0x0000004a xchg eax, esi 0x0000004b jmp 00007FA958BE807Ah 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jne 00007FA958BE8078h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEAF0 second address: 4FEB23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA958DB0DD6h 0x0000000a popad 0x0000000b jbe 00007FA958DB0DEDh 0x00000011 jmp 00007FA958DB0DE7h 0x00000016 popad 0x00000017 push eax 0x00000018 push ecx 0x00000019 jp 00007FA958DB0DDCh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500C1B second address: 500C52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8087h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA958BE8083h 0x00000011 jnc 00007FA958BE8076h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500C52 second address: 500C66 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA958DB0DD8h 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 500C66 second address: 500C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501291 second address: 501295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501295 second address: 50129C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50129C second address: 5012A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5012A9 second address: 5012FB instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e popad 0x0000000f nop 0x00000010 mov dword ptr [ebp+12461D0Fh], ebx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007FA958BE8078h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov bx, dx 0x00000035 movsx edi, bx 0x00000038 push 00000000h 0x0000003a sub dword ptr [ebp+122D2F60h], eax 0x00000040 push eax 0x00000041 pushad 0x00000042 pushad 0x00000043 push ebx 0x00000044 pop ebx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5012FB second address: 501303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCBF6 second address: 4FCCA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FA958BE8078h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 push dword ptr fs:[00000000h] 0x0000002d or bx, E612h 0x00000032 mov bh, cl 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007FA958BE8078h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 0000001Dh 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 pushad 0x00000056 popad 0x00000057 mov eax, dword ptr [ebp+122D0C45h] 0x0000005d mov edi, dword ptr [ebp+122D27ECh] 0x00000063 push FFFFFFFFh 0x00000065 pushad 0x00000066 mov dword ptr [ebp+122D1A15h], esi 0x0000006c mov bx, dx 0x0000006f popad 0x00000070 nop 0x00000071 push edi 0x00000072 jmp 00007FA958BE807Dh 0x00000077 pop edi 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007FA958BE8085h 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1E58 second address: 4B1E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1E5C second address: 4B1E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8087h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1E79 second address: 4B1E7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1E7F second address: 4B1E83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 506A51 second address: 506AA9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA958DB0DD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c jmp 00007FA958DB0DE1h 0x00000011 pop ecx 0x00000012 nop 0x00000013 xor dword ptr [ebp+124732D3h], edx 0x00000019 push 00000000h 0x0000001b jnc 00007FA958DB0DDCh 0x00000021 push 00000000h 0x00000023 je 00007FA958DB0DDCh 0x00000029 mov ebx, dword ptr [ebp+122D28B8h] 0x0000002f mov edi, dword ptr [ebp+122D180Bh] 0x00000035 xchg eax, esi 0x00000036 jo 00007FA958DB0DE8h 0x0000003c push eax 0x0000003d push edx 0x0000003e jp 00007FA958DB0DD6h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FDD5D second address: 4FDD63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FDD63 second address: 4FDD6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA958DB0DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FEDB3 second address: 4FEDD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA958BE807Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502404 second address: 50240E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5024E3 second address: 5024E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505BC4 second address: 505BC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5175E4 second address: 5175EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51FC94 second address: 51FCBC instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007FA958DB0DDCh 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 jno 00007FA958DB0DD8h 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B0462 second address: 4B0478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA958BE8080h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52383C second address: 523844 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523844 second address: 52385A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA958BE807Ch 0x00000009 jnc 00007FA958BE8076h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523E11 second address: 523E2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA958DB0DE5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523E2C second address: 523E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA958BE8084h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523FCB second address: 523FD8 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523FD8 second address: 523FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 524164 second address: 524168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52429B second address: 52429F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52429F second address: 5242A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5242A3 second address: 5242A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5242A9 second address: 5242AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52454C second address: 524550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 524550 second address: 524555 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 524555 second address: 524565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE807Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 524809 second address: 52480E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52480E second address: 524826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA958BE8082h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E34B second address: 52E350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52CFA7 second address: 52CFD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FA958BE8084h 0x0000000b popad 0x0000000c jl 00007FA958BE8082h 0x00000012 jns 00007FA958BE8076h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52CFD0 second address: 52CFD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52CFD4 second address: 52CFD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D153 second address: 52D159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D6C5 second address: 52D71F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FA958BE808Bh 0x0000000c jnc 00007FA958BE807Ch 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA958BE8087h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007FA958BE807Fh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D71F second address: 52D723 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D723 second address: 52D729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D729 second address: 52D72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D72F second address: 52D734 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52DA42 second address: 52DA4A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52DD18 second address: 52DD26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52DD26 second address: 52DD61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958DB0DE0h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FA958DB0DE9h 0x00000010 jnl 00007FA958DB0DD6h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52DD61 second address: 52DD67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52E02F second address: 52E035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F26BE second address: 4F2724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8082h 0x00000009 popad 0x0000000a jnp 00007FA958BE807Ch 0x00000010 popad 0x00000011 mov dword ptr [esp], eax 0x00000014 xor dword ptr [ebp+122DB508h], edx 0x0000001a lea eax, dword ptr [ebp+124883E0h] 0x00000020 push 00000000h 0x00000022 push esi 0x00000023 call 00007FA958BE8078h 0x00000028 pop esi 0x00000029 mov dword ptr [esp+04h], esi 0x0000002d add dword ptr [esp+04h], 00000016h 0x00000035 inc esi 0x00000036 push esi 0x00000037 ret 0x00000038 pop esi 0x00000039 ret 0x0000003a sub edx, dword ptr [ebp+122D387Ch] 0x00000040 push eax 0x00000041 pushad 0x00000042 jmp 00007FA958BE807Ah 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2724 second address: 4D124C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FA958DB0DD8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov ch, FEh 0x00000027 call dword ptr [ebp+122D1C65h] 0x0000002d jmp 00007FA958DB0DE6h 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FA958DB0DDCh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2D99 second address: 4F2DAE instructions: 0x00000000 rdtsc 0x00000002 je 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007FA958BE8076h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2DAE second address: 4F2DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2DB4 second address: 4F2DBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FA958BE8076h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2EA1 second address: 4F2EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2FA9 second address: 4F2FB2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2FB2 second address: 4F2FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jmp 00007FA958DB0DE6h 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2FD3 second address: 4F2FD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2FD8 second address: 4F2FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007FA958DB0DD6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2FEF second address: 4F2FF5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2FF5 second address: 4F2FFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2FFA second address: 4F3000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30BD second address: 4F30E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958DB0DE5h 0x00000008 jp 00007FA958DB0DD6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F30E4 second address: 4F30E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F357B second address: 4F35FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FA958DB0DE9h 0x0000000d jp 00007FA958DB0DD8h 0x00000013 popad 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FA958DB0DD8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f push 0000001Eh 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007FA958DB0DD8h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f jo 00007FA958DB0DD6h 0x00000055 jnp 00007FA958DB0DD6h 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3891 second address: 4F3896 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3896 second address: 4F38BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jl 00007FA958DB0DD6h 0x00000016 jmp 00007FA958DB0DDFh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F394C second address: 4F395D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F395D second address: 4F3963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3963 second address: 4F39F5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jmp 00007FA958BE807Ah 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FA958BE8078h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b movzx ecx, di 0x0000002e lea eax, dword ptr [ebp+12488424h] 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007FA958BE8078h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 0000001Ah 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e push eax 0x0000004f push eax 0x00000050 jmp 00007FA958BE8081h 0x00000055 pop eax 0x00000056 mov dword ptr [esp], eax 0x00000059 sub edi, dword ptr [ebp+122D2994h] 0x0000005f lea eax, dword ptr [ebp+124883E0h] 0x00000065 mov dword ptr [ebp+122DB4E8h], esi 0x0000006b push eax 0x0000006c pushad 0x0000006d pushad 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320CB second address: 5320D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5320D1 second address: 5320DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE807Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5384BB second address: 5384C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5384C1 second address: 5384C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370BD second address: 5370C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370C1 second address: 537100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA958BE8076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA958BE8088h 0x00000011 jmp 00007FA958BE807Eh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007FA958BE807Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537282 second address: 537286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537286 second address: 537293 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537909 second address: 53790D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53790D second address: 537913 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537A64 second address: 537A6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537A6A second address: 537A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537A6E second address: 537A72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537CF3 second address: 537D3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958BE8082h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007FA958BE807Ch 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007FA958BE8088h 0x0000001c push edx 0x0000001d jno 00007FA958BE8076h 0x00000023 pop edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537E8A second address: 537E90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537E90 second address: 537E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 537E95 second address: 537E9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53832E second address: 538339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA958BE8076h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538339 second address: 53833F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539F57 second address: 539F76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FA958BE8087h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539F76 second address: 539F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53CBFA second address: 53CC00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53CC00 second address: 53CC10 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 js 00007FA958DB0DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53CC10 second address: 53CC14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5402F9 second address: 5402FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54046B second address: 540471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5405C7 second address: 5405CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5405CB second address: 5405D5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA958BE8076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5405D5 second address: 5405E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA958DB0DDAh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A68A second address: 54A69A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54909B second address: 5490AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 ja 00007FA958DB0DDEh 0x0000000b jl 00007FA958DB0DD6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5490AE second address: 5490C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA958BE8083h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5490C5 second address: 5490D4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA958DB0DD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5490D4 second address: 5490DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5493A2 second address: 5493AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 549778 second address: 5497AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8084h 0x00000007 jmp 00007FA958BE8083h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A3F4 second address: 54A3FE instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA958DB0DDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AE9DA second address: 4AE9E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AE9E5 second address: 4AE9E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AE9E9 second address: 4AE9ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DC88 second address: 54DC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DC8F second address: 54DCA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA958BE8076h 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DCA3 second address: 54DCA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DDEA second address: 54DDF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DDF0 second address: 54DDF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DDF6 second address: 54DDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550B83 second address: 550B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FA958DB0DD6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550D2D second address: 550D3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 550D3D second address: 550D43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 557CE3 second address: 557CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5593BB second address: 5593CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958DB0DDAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5593CA second address: 5593D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5596A5 second address: 5596A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5596A9 second address: 5596B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FA958BE8078h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5596B9 second address: 5596C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA958DB0DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CA22 second address: 55CA5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Eh 0x00000007 jmp 00007FA958BE8087h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FA958BE8083h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CA5E second address: 55CA64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CA64 second address: 55CA68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CA68 second address: 55CA7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA958DB0DDBh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CBE4 second address: 55CC06 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FA958BE8088h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55CD4F second address: 55CD53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D038 second address: 55D043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D043 second address: 55D04E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA958DB0DD6h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D5E4 second address: 55D5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D5ED second address: 55D5F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55D5F1 second address: 55D5F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56246C second address: 562476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA958DB0DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562476 second address: 562485 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA958BE8076h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562485 second address: 56248B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569C78 second address: 569C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569C7E second address: 569C98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569C98 second address: 569CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8087h 0x00000009 popad 0x0000000a popad 0x0000000b jp 00007FA958BE8098h 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007FA958BE8076h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569CC5 second address: 569CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569E3D second address: 569E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569E43 second address: 569E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA958DB0DD6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569E4E second address: 569E53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A761 second address: 56A765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A765 second address: 56A76B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A76B second address: 56A775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A775 second address: 56A779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A779 second address: 56A788 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007FA958DB0DD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A788 second address: 56A78E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A8A9 second address: 56A8DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958DB0DE3h 0x00000009 jmp 00007FA958DB0DDBh 0x0000000e popad 0x0000000f pushad 0x00000010 jo 00007FA958DB0DD6h 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A8DB second address: 56A918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jp 00007FA958BE807Ah 0x0000000d popad 0x0000000e pushad 0x0000000f jmp 00007FA958BE8082h 0x00000014 jg 00007FA958BE8084h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A918 second address: 56A91C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5697E4 second address: 5697E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56E198 second address: 56E19E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56E19E second address: 56E1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3817 second address: 4B383C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE5h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jnp 00007FA958DB0DD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B383C second address: 4B3859 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3859 second address: 4B385F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B385F second address: 4B387E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FA958BE8081h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FA958BE807Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 573E3B second address: 573E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958DB0DE0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 573E4F second address: 573E53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 573E53 second address: 573E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 573FEF second address: 574003 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 je 00007FA958BE8076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FA958BE8076h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 574003 second address: 574007 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 574141 second address: 57414B instructions: 0x00000000 rdtsc 0x00000002 js 00007FA958BE8076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 582B7D second address: 582B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jno 00007FA958DB0DD6h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5824BD second address: 5824C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5824C3 second address: 5824CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5824CA second address: 582505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958BE807Ah 0x00000008 jns 00007FA958BE8076h 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007FA958BE807Bh 0x00000015 pop eax 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jnl 00007FA958BE8082h 0x00000020 push edi 0x00000021 push eax 0x00000022 pop eax 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 582505 second address: 582521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA958DB0DE6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 582521 second address: 582533 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FA958BE8076h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 582698 second address: 5826C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE5h 0x00000007 jmp 00007FA958DB0DDFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5826C0 second address: 5826C5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58A66D second address: 58A671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59093D second address: 59095F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FA958BE8088h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5944A9 second address: 5944AF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5944AF second address: 5944BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5944BC second address: 5944DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FA958DB0DDCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5944DC second address: 5944E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5944E0 second address: 5944E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59CEFC second address: 59CF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D05D second address: 59D065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D1A3 second address: 59D1A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D1A7 second address: 59D1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FA958DB0DD6h 0x0000000d je 00007FA958DB0DD6h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D1BB second address: 59D1CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA958BE807Ch 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D367 second address: 59D36B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D36B second address: 59D37D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE807Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D37D second address: 59D382 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59DF6D second address: 59DF71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59DF71 second address: 59DF9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA958DB0DE3h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59DF9F second address: 59DFA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A3E4C second address: 5A3E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AED24 second address: 5AED36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FA958BE807Ah 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AED36 second address: 5AED3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BCB4D second address: 5BCB53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE676 second address: 5BE67C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE67C second address: 5BE682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE682 second address: 5BE698 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE1h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE698 second address: 5BE69E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C5E9B second address: 5C5EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C5EA8 second address: 5C5EAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6313 second address: 5C6319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6319 second address: 5C6337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8089h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6337 second address: 5C633C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C633C second address: 5C6353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 jp 00007FA958BE8076h 0x0000000f jbe 00007FA958BE8076h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C65BF second address: 5C65CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b popad 0x0000000c push esi 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C65CF second address: 5C65DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 js 00007FA958BE8076h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9E4A second address: 5C9E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007FA958DB0DE8h 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop esi 0x0000000e pushad 0x0000000f jmp 00007FA958DB0DE2h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C990B second address: 5C9914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDE6C second address: 5CDE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDE70 second address: 5CDE76 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDE76 second address: 5CDE9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FA958DB0DF4h 0x0000000c jmp 00007FA958DB0DE8h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D352B second address: 5D3561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jmp 00007FA958BE8087h 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA958BE8085h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D3639 second address: 5D363D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D4FFF second address: 5D502A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA958BE807Fh 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jc 00007FA958BE8076h 0x00000017 jnc 00007FA958BE8076h 0x0000001d pop eax 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CAD63 second address: 5CAD86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FA958DB0DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA958DB0DE5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CAD86 second address: 5CAD9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 33D8BD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 33DA07 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 33B08A instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4CE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4E70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 6E70000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0033E070 rdtsc

0_2_0033E070

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7136

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0051A6E3 GetSystemInfo,VirtualAlloc,

0_2_0051A6E3

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0033E070 rdtsc

0_2_0033E070

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0033B7FC LdrInitializeThunk,

0_2_0033B7FC

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: file.exe, 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: 'Program Manager
Source: file.exe	Binary or memory string: h'Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00510C12 GetSystemTime,GetFileTime,

0_2_00510C12

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\Desktop\file.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\Desktop\file.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Bypass User Account Control	261 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	261 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	24 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
18.31.95.13.in-addr.arpa	unknown	unknown	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532538
Start date and time:	2024-10-13 16:03:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/1@1/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtProtectVirtualMemory calls found.
VT rate limit hit for: file.exe

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.935004738875263
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'758'720 bytes
MD5:	e8ec2cd0994666ebace945d5774b8fdd
SHA1:	d46d96bef76101573e704f11884cc83563a5a7bf
SHA256:	454c1d3fd87f5a257ca5e36d590fa9755e0ae329477ec749418347511572418a
SHA512:	22a178e292400e08addfe527164cad0e61f61c64bda9f9d0a61f8e61e00a51ab5568ffe86edcf1b982c837686537e153367d615c204abbb1e1649a7f038a674e
SSDEEP:	49152:o8d1zpgzzxrAyG1JF2mRLkojFVHsgifTECwpmsEM:J1zKuF2ULZhBsg0TW
TLSH:	0B853313025627F3E5BD7E758EA7B3E43B132184DAC41333A74CB27BA5B2973A464948
File Content Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............E.. ...`....@.. ........................F......]....`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x85c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:	0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FA958B665DAh
lfs ebx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or dword ptr [eax+00000000h], eax
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8055	0x69	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x59c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x81f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x2000	0x4000	0x1200	0197c7514c1dfaa91cc44725c85b30a2	False	0.931640625	data	7.789485049829895	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6000	0x59c	0x600	aae15e30898a02f09cc86ed48aa06b09	False	0.4140625	data	4.036947054771808	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x8000	0x2000	0x200	ec9cb51e8cb4ea49a56ee3cf434fb69e	False	0.1484375	data	0.9342685949460681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0xa000	0x2a8000	0x200	fd27c6c8ef6a577f5a597904ac497058	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dsenwoqe	0x2b2000	0x1a8000	0x1a7400	1fc01745f0d1aa42cbed2cc3c65077cf	False	0.9947670555227407	data	7.953509163753791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
leuuuzyv	0x45a000	0x2000	0x400	dd08dd3e3024a60b0f4a35a6899ba2c0	False	0.8193359375	zlib compressed data	6.390554989825111	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x45c000	0x4000	0x2200	17925cca0c91b2643ee19e5835ec36c8	False	0.08088235294117647	DOS executable (COM)	0.9015716318118923	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x6090	0x30c	data			0.42948717948717946
RT_MANIFEST	0x63ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
kernel32.dll	lstrcpy

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 16:04:40.533176899 CEST	53	50530	162.159.36.2	192.168.2.5
Oct 13, 2024 16:04:41.053594112 CEST	64949	53	192.168.2.5	1.1.1.1
Oct 13, 2024 16:04:41.060431957 CEST	53	64949	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 13, 2024 16:04:41.053594112 CEST	192.168.2.5	1.1.1.1	0xfc12	Standard query (0)	18.31.95.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 13, 2024 16:04:41.060431957 CEST	1.1.1.1	192.168.2.5	0xfc12	Name error (3)	18.31.95.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

Target ID:	0
Start time:	10:04:11
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x330000
File size:	1'758'720 bytes
MD5 hash:	E8EC2CD0994666EBACE945D5774B8FDD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	3.4%
Signature Coverage:	4.5%
Total number of Nodes:	354
Total number of Limit Nodes:	20

Executed Functions

Function 0051A6E3 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,-11F95FEC), ref: 0051A6EF
VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 0051A750

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: dedfc7d6a6909704fcc76e972c5efa9e10c84ec51740c5323158896c800a9a69
Instruction ID: 6af32f7eedd15d016e563a316aedb2f31ffc6eb778d611b38b53e80a77046010
Opcode Fuzzy Hash: dedfc7d6a6909704fcc76e972c5efa9e10c84ec51740c5323158896c800a9a69
Instruction Fuzzy Hash: 19412171D41206AFE736DF609945FE67BACFF48741F0000A7B607DA882E670D5E18BA1

Function 0033B7FC Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

!!iH, xrefs: 0033B966

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: !!iH
API String ID: 0-3430752988
Opcode ID: 81243e5cca178c7fcf415912c243e4e96b0bca07338567f71afde5d567c94288
Instruction ID: d49b9490ccbda4e918215ac2ebb089f14bae163e938668335c9ab8bd5bc88e2a
Opcode Fuzzy Hash: 81243e5cca178c7fcf415912c243e4e96b0bca07338567f71afde5d567c94288
Instruction Fuzzy Hash: FDE0C2F2008DCA8EDB638F20C8417AABB1AEB41700F230615EB419AD4ADB2E4D10C7A0

Function 0050E198 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?), ref: 0050E2A9
LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 0050E2BD

Strings

.dll, xrefs: 0050E1E0
.exe, xrefs: 0050E204
1002, xrefs: 0050E273

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: .dll$.exe$1002
API String ID: 1029625771-847511843
Opcode ID: 832bf72403dd3ebd3426d152645684c6f392011e7490dba2916117fdfacc68b6
Instruction ID: 8fe332f7cd24af6e44ea0a985b9b1cf6a68025194b6e738c502bfb59b93ef69a
Opcode Fuzzy Hash: 832bf72403dd3ebd3426d152645684c6f392011e7490dba2916117fdfacc68b6
Instruction Fuzzy Hash: 65318B3980420AEFDF11EF50D90AAAD7F79FF45350F208A65F802561E1C7309AA0EBA1

Function 0050E69E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,0050E630,?,00000000,00000000), ref: 0050E75B
GetModuleHandleA.KERNEL32(00000000,?,?,?,0050E630,?,00000000,00000000), ref: 0050E769

Strings

.dll, xrefs: 0050E6D1

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: HandleModule
String ID: .dll
API String ID: 4139908857-2738580789
Opcode ID: 6b2333bba189c469630c3c6a42510d4b8c2c05fd82a51d40800251b092dc912f
Instruction ID: 3b87fae7d87f9d2a4e991465b0261d9a121c82cecf774261a8a506d2d269adeb
Opcode Fuzzy Hash: 6b2333bba189c469630c3c6a42510d4b8c2c05fd82a51d40800251b092dc912f
Instruction Fuzzy Hash: C9118E70200686EADF31AF14D90FBAD7EB1FF80345F284B25ED02484E0D7B5A9E4DA91

Function 00510FF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(00D818D4,-11F95FEC), ref: 00511071
GetFileAttributesA.KERNEL32(00000000,-11F95FEC), ref: 0051107F

Strings

@, xrefs: 00511024

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2726393805
Opcode ID: 95a326304b08206975ee8b45889c4a63bf80ac333a088657ecde7daa859ed5ed
Instruction ID: 07d71778b1be3dc8f7cea6fa39e7b13e23218763ea024156299aa4591a59fb34
Opcode Fuzzy Hash: 95a326304b08206975ee8b45889c4a63bf80ac333a088657ecde7daa859ed5ed
Instruction Fuzzy Hash: FD016D31904986FBEB21AF54C90D7DC7F71BF88344F2081A5E702690D1CB759AD5EB48

Function 0050D078 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddExtensionA.KERNELBASE(?,00000000), ref: 0050D0DA

Strings

\\?\, xrefs: 0050D135

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: ExtensionPath
String ID: \\?\
API String ID: 158807944-4282027825
Opcode ID: 1a57cb38c0f1cc9771b20f344a58c54551d8e3e1ee34e4f16879cee64ecf0e69
Instruction ID: 8f939153e35d69e7183504163e1cfc0444b38707a33022d9c7d0315f553b0b9b
Opcode Fuzzy Hash: 1a57cb38c0f1cc9771b20f344a58c54551d8e3e1ee34e4f16879cee64ecf0e69
Instruction Fuzzy Hash: C531D73660060ABEDF21DFD4CD09B9EBEB6BF48345F040165F901A50A0DBB29A61DB61

Function 0050E787 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0050CAC5: GetCurrentThreadId.KERNEL32 ref: 0050CAD4

GetModuleHandleExA.KERNELBASE(?,?,?), ref: 0050E7EB

Strings

.dll, xrefs: 0050E7A8

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CurrentHandleModuleThread
String ID: .dll
API String ID: 2752942033-2738580789
Opcode ID: eb1535c445bb9e10b642ce215561d32d77ec189b45214bb0750944898d4b6312
Instruction ID: 5e0c535c7c0ba648911a59c62ea2f79835e3235f344c5cd283eb3bd9c11a5537
Opcode Fuzzy Hash: eb1535c445bb9e10b642ce215561d32d77ec189b45214bb0750944898d4b6312
Instruction Fuzzy Hash: C5F06D75100245ABDB109F64D84AE6D3FB5FF45340F208615FE0546091C730D8A1EA60

Function 00511214 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00D818D4,?,?,-11F95FEC,?,?,?,-11F95FEC,?), ref: 005112C6

Part of subcall function 005111C6: IsBadWritePtr.KERNEL32(?,00000004), ref: 005111D4

CreateFileA.KERNEL32(?,?,?,-11F95FEC,?,?,?,-11F95FEC,?), ref: 005112E6

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CreateFile$Write
String ID:
API String ID: 1125675974-0
Opcode ID: 40197714c7c2af5e4f7baa67144f87e9d7188a3b9182a54c41ece04c262359ce
Instruction ID: 74cb3c1d87dc7686bc4b5df6cd64274f7e23c27d58d06a5167a6893f96d09d2c
Opcode Fuzzy Hash: 40197714c7c2af5e4f7baa67144f87e9d7188a3b9182a54c41ece04c262359ce
Instruction Fuzzy Hash: 5311893640494AFBEF229F91CC09BDD3E31BF49340F108094FA22A40A0C77589F2EB55

Function 00510B80 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0050CAC5: GetCurrentThreadId.KERNEL32 ref: 0050CAD4

GetCurrentProcess.KERNEL32(-11F95FEC), ref: 00510B8D
DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00510BF3

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: Current$DuplicateHandleProcessThread
String ID:
API String ID: 3748180921-0
Opcode ID: bf1ef7496724ccbc68c8f040e4bcf3f5c2dfc6fafdfc5230271a3534feede145
Instruction ID: d83f1bb59a2231dbcde2c6a51da7082b553a80552d2ffdec1f8eec86c6837039
Opcode Fuzzy Hash: bf1ef7496724ccbc68c8f040e4bcf3f5c2dfc6fafdfc5230271a3534feede145
Instruction Fuzzy Hash: 5D014B3610010BBBDF12AFA4DC09CEE7F25BF993997044A11F909A1090D776D4E2EB61

Function 0051B10F Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f70168da94ee1ffd0cc14cf6fa9ab0e3317db45e06fd9b4ad9c108abe95284e9
Instruction ID: bc4a42cb26f12f3cb9e17121fe897cc5b8193443c3e9bce2d11f26ff06660d58
Opcode Fuzzy Hash: f70168da94ee1ffd0cc14cf6fa9ab0e3317db45e06fd9b4ad9c108abe95284e9
Instruction Fuzzy Hash: 2B416775900209EFFB25DE60D944BEEBFB1FF00310F248495E916AA192C375ADD4CB51

Function 0050F1FF Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 0050F2B4

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 744ce44d382e1e2776a5d89e42c70a0efa2e42ea4a2f267c37d5f515c09a5215
Instruction ID: 5c1e5bdca429a994305769d62ae083ef568fa91a08094adb44e9a41f46448861
Opcode Fuzzy Hash: 744ce44d382e1e2776a5d89e42c70a0efa2e42ea4a2f267c37d5f515c09a5215
Instruction Fuzzy Hash: 3B318975900205BAEB209F64DC8AFDEBFB8FF44324F208629F515AA1D1C771AA51CB50

Function 0050EA1B Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 0050EA9D

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 48c14d80ec651b494040b5c1094d729deb84325b21b5f7fcdf0c63d7334fc3d5
Instruction ID: 2f860849f91d434e0f9565c0880444ee4b17a7133c8086a0302c986ea207f18f
Opcode Fuzzy Hash: 48c14d80ec651b494040b5c1094d729deb84325b21b5f7fcdf0c63d7334fc3d5
Instruction Fuzzy Hash: 2C31E171600205BAEB309F64DC4BF9D7FB8BF04724F308A29F615AA1D1D7B1A9428B50

Function 0051AE5C Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,?), ref: 0051AF09

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: fa854e228ec215febe4761ea6b3e034f8da55e0bfce41aae1981782ab4112abb
Instruction ID: d9f0e66f6db62d9cf7d5b662fdbcfbb3034692c300a516ee9c61247225950f42
Opcode Fuzzy Hash: fa854e228ec215febe4761ea6b3e034f8da55e0bfce41aae1981782ab4112abb
Instruction Fuzzy Hash: 2E1190B5A03225AFFB335A148C48FEABB6CFF55751F108095E805A6081D7749DC2CAE2

Function 04D30D42 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04D30DCD

Memory Dump Source

Source File: 00000000.00000002.2323853251.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d30000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: cdeb44c5ced6526bc5bb65776ecfc93d2f300bf8f09bc103577cb2c3578b6d29
Instruction ID: 2d5e157767d8d86a739394ddb0a11ab25f31a1670a26ba2cfc4ed3be93e51ab2
Opcode Fuzzy Hash: cdeb44c5ced6526bc5bb65776ecfc93d2f300bf8f09bc103577cb2c3578b6d29
Instruction Fuzzy Hash: C72115B6C012189FDB50DF99E884ADEFBF4FF88310F14851AD908AB248D774A540CBA4

Function 04D30D48 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04D30DCD

Memory Dump Source

Source File: 00000000.00000002.2323853251.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d30000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 95343c5b0af28db712748e8a4680be4c307d9fe0b2d2e0e735188225cb2e963c
Instruction ID: 54a948550c3d8c9016c4ff4a53dc236ccd95da99d44da50b279733da28c56ae1
Opcode Fuzzy Hash: 95343c5b0af28db712748e8a4680be4c307d9fe0b2d2e0e735188225cb2e963c
Instruction Fuzzy Hash: A92124B6C012189FCB50CF99E884ADEFBF4FF88310F14851AD908AB248D734A540CBA4

Function 04D31509 Relevance: 1.6, APIs: 1, Instructions: 56serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04D31580

Memory Dump Source

Source File: 00000000.00000002.2323853251.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d30000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 9bd92e6de441fef4a7fe922ff8a56e6b81920a16a9f99cb3e38419e5a289de8c
Instruction ID: 910a103be90f8c217a983bf66c21e01c3a7a597c028307cb2f2b2063f1d0a323
Opcode Fuzzy Hash: 9bd92e6de441fef4a7fe922ff8a56e6b81920a16a9f99cb3e38419e5a289de8c
Instruction Fuzzy Hash: 612114B19002499FDB10CF9AC484BDEFBF4FB48320F108429E959A7350D778A644CFA5

Function 04D31510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04D31580

Memory Dump Source

Source File: 00000000.00000002.2323853251.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d30000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: cfe9aa008b6e9aa2363d5d51ced9ebd0fdb558aed4c5898dae0f1bef42cd80d7
Instruction ID: 128fcd722a8beda772aff976caafcadc04c84311144dbe57a6f375a90e0c8c63
Opcode Fuzzy Hash: cfe9aa008b6e9aa2363d5d51ced9ebd0fdb558aed4c5898dae0f1bef42cd80d7
Instruction Fuzzy Hash: 8E11E4B19002499FDB10CF9AC584BDEFBF4FB48320F108429E559A3250D778A644CFA5

Function 00511D4C Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0050CAC5: GetCurrentThreadId.KERNEL32 ref: 0050CAD4

MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-11F95FEC), ref: 00511DD3

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CurrentFileThreadView
String ID:
API String ID: 1949693742-0
Opcode ID: f317cb3b69d25d0ecfa17ef5e983c6cb3521272b93eef2315226497da342f348
Instruction ID: 893754f37f16f8c929b73f7391d31f68068a58971956a1cb3460e77804ca046b
Opcode Fuzzy Hash: f317cb3b69d25d0ecfa17ef5e983c6cb3521272b93eef2315226497da342f348
Instruction Fuzzy Hash: B111B33210090BEBDF12AFA4ED0ADDE3E76BF89340B044951FA1255061C736D9B2EB65

Function 00511B34 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 9ac7575b3e247374f5003c0efd085c7da91f1a7f41fccc09eac172d1106a2ea5
Instruction ID: 5603cdf94ef02424e5ae2159e2f006b786912c2a48bc707d048846a7541681c5
Opcode Fuzzy Hash: 9ac7575b3e247374f5003c0efd085c7da91f1a7f41fccc09eac172d1106a2ea5
Instruction Fuzzy Hash: C4115B7250850AEBDF22AFA4DD0DEDE3F65BF85340F044551FA01860A1E735D9A1EB68

Function 04D31301 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04D31367

Memory Dump Source

Source File: 00000000.00000002.2323853251.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d30000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 9c1ff5d58520056eb2eff194fa3b149a369138c23c4dd9536730df3c4c9958d9
Instruction ID: 76d99d4f72afc804198b74d4f163b28f5e5bf018f182c94496a0a6558dca2eff
Opcode Fuzzy Hash: 9c1ff5d58520056eb2eff194fa3b149a369138c23c4dd9536730df3c4c9958d9
Instruction Fuzzy Hash: ED1136B1800259CFDB10DF9AC484BEEFBF4EF48324F20845AD558A3650C778A944CFA5

Function 04D31308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04D31367

Memory Dump Source

Source File: 00000000.00000002.2323853251.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d30000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 884f55e0ef153c009dc579362be704dd9307618b722075cf54018b617ae5dc6c
Instruction ID: 89e938d561c2731b2ac9cbaef3267662453645fedfdc2e42a5392116fc7b5e69
Opcode Fuzzy Hash: 884f55e0ef153c009dc579362be704dd9307618b722075cf54018b617ae5dc6c
Instruction Fuzzy Hash: FF1118B1800249CFDB10DF9AC945BEEFBF8EF49320F14845AD558A3650D778A544CFA5

Function 00511418 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0050CAC5: GetCurrentThreadId.KERNEL32 ref: 0050CAD4

ReadFile.KERNELBASE(?,00000000,?,00000400,?,-11F95FEC,?,?,0050F147,?,?,00000400,?,00000000,?,00000000), ref: 00511484

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CurrentFileReadThread
String ID:
API String ID: 2348311434-0
Opcode ID: 8acd6a7644cf07e16f0324fd8c086ff79a4faad2211aac55fcf2fd1f52826ed7
Instruction ID: 80dbb54f39ed1ed6f426d29235ec006c233f4aa935246dc4489e79c5243a9956
Opcode Fuzzy Hash: 8acd6a7644cf07e16f0324fd8c086ff79a4faad2211aac55fcf2fd1f52826ed7
Instruction Fuzzy Hash: F0F03C3210050ABBDF12AF94DC09EDE3F26BF89780F048551FA164A061C772D4A2EB65

Function 0033E4CC Relevance: 1.3, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 0033F446

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0b591346ed5d93730c90268b50894a410aa3715aa8910e2486c2a2bd85be33f8
Instruction ID: 22d6e07139fc4981198bb11465fd23ec6cf241b68599a6669a3b112711f77503
Opcode Fuzzy Hash: 0b591346ed5d93730c90268b50894a410aa3715aa8910e2486c2a2bd85be33f8
Instruction Fuzzy Hash: BD115EB261C201DFE746AF18E89077BB7E8EB48750F254D2DE6C6D2680E2358840DA17

Function 0050CC96 Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(?,?), ref: 0050CCFA

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: d0962b71e36e8b3370902958a18ab8eed5bc39dfa6188e628cbf4c55c4a5ee1f
Instruction ID: 8334e2f84203ea1defbf61def4e3015914d5fccea3bd305930c1f952d3c3f32b
Opcode Fuzzy Hash: d0962b71e36e8b3370902958a18ab8eed5bc39dfa6188e628cbf4c55c4a5ee1f
Instruction Fuzzy Hash: 0F012436A0010ABFDF119FA4DC08ECEBF76FF85781F0042A5F805A50A5E7728A61DB60

Function 0051AA86 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,0051AA82,?,?,0051A788,?,?,0051A788,?,?,0051A788), ref: 0051AAA6

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 98d9ce1a2954b385b99e23a29225822fe687ff8b4855beceb348bd15cffcab16
Instruction ID: b0859ab748282adaf11cec1cebb8e66265dfc34e9c2a7b1d9cdc6c62dbd9ec19
Opcode Fuzzy Hash: 98d9ce1a2954b385b99e23a29225822fe687ff8b4855beceb348bd15cffcab16
Instruction Fuzzy Hash: 28F081B2901206EFE7258F14CE05B99BFA4FF45761F218065F54B9B591D3B298C0CB51

Function 0050F819 Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 0050CAC5: GetCurrentThreadId.KERNEL32 ref: 0050CAD4

CloseHandle.KERNELBASE(0050F1DC,-11F95FEC,?,?,0050F1DC,?), ref: 0050F857

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CloseCurrentHandleThread
String ID:
API String ID: 3305057742-0
Opcode ID: da67852ebd57fb80e6ae1c9ad94c5de8247a619e17ec9294dae04ce08dbb7815
Instruction ID: b402aaabe813b5f3d73d34c5835ca903748a2738c38ea3e3019c881cdad8f2ab
Opcode Fuzzy Hash: da67852ebd57fb80e6ae1c9ad94c5de8247a619e17ec9294dae04ce08dbb7815
Instruction Fuzzy Hash: C0E04F7260000BA5DA207BB9D90ED8E2E28BFD23847044B36F906854D1DB24E092D671

Function 0050E8DE Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,0050C964,?,?), ref: 0050E8E4

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: d7dc2eb1d8a24f0be8ef7a1a47a037ab8dde9c1a7a1754e2d657e6c8f78c80e2
Instruction ID: 1ac7f65246de2d28a59fc8a7fc1647221ecda722fe4998d96cae92456e52f944
Opcode Fuzzy Hash: d7dc2eb1d8a24f0be8ef7a1a47a037ab8dde9c1a7a1754e2d657e6c8f78c80e2
Instruction Fuzzy Hash: 32B09231000109BBCB01BF51DD0A88DBF69BF51398B10C920F94A540618B7AE960DBE0

Function 0033EE65 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 0033F5D1

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7ad2e2076f919e846d4e01c6a4d0f2799551a17eb0e9280598db4c28d264b836
Instruction ID: be4cd915e54d368dad3019545789165ea14d8f190e4a3760e89c0ac39a537ad6
Opcode Fuzzy Hash: 7ad2e2076f919e846d4e01c6a4d0f2799551a17eb0e9280598db4c28d264b836
Instruction Fuzzy Hash: A0C0123180810E8BEB019F74800C38F3B30EF00321F240210B82281EC0DF324C21DA2A

Non-executed Functions

Function 004A826D Relevance: 11.7, Strings: 8, Instructions: 1684COMMON

Download Yara Rule

Strings

.zG, xrefs: 004A950D
vr, xrefs: 004A9519
M4zu, xrefs: 004A9135
x;S, xrefs: 004A8A6D
:nl, xrefs: 004A8785
^_C, xrefs: 004A8AB7
O, xrefs: 004A8570
s{W, xrefs: 004A8A53

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: :nl$ O$.zG$M4zu$^_C$s{W$vr$x;S
API String ID: 0-2366917226
Opcode ID: 2ebddff1e42f6ae9a394d3d5ea07c1a4bfc4e8a66dc0291f60523bb4f232c6bf
Instruction ID: 4b12bdc231dcffcddc4b11d9888884bff13d15317c81c5c25112769c3ee952d2
Opcode Fuzzy Hash: 2ebddff1e42f6ae9a394d3d5ea07c1a4bfc4e8a66dc0291f60523bb4f232c6bf
Instruction Fuzzy Hash: 8BB24AF3A0C2009FE304AE2DEC8567AFBE5EFD4720F1A453DEAC583344E97558058696

Function 003D04A6 Relevance: 5.4, Strings: 4, Instructions: 440COMMON

Download Yara Rule

Strings

V, xrefs: 003D056A
v={?, xrefs: 003D09A1
mm|u, xrefs: 003D08F6
wQE, xrefs: 003D0A16

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: V$mm|u$v={?$wQE
API String ID: 0-3360389385
Opcode ID: 8b57c5ac14e6df448b676ba17f3da3854b05b920828dba551ac3a68d0fcfaa28
Instruction ID: 00f4e4c5e8f9106d91180cdbdff4b7d4b3ac16a87f6766b60a2776c475bd9ff2
Opcode Fuzzy Hash: 8b57c5ac14e6df448b676ba17f3da3854b05b920828dba551ac3a68d0fcfaa28
Instruction Fuzzy Hash: 79E123B3F142254BF3445E79DC983A2B692EBD4320F2B823DDE89977C4E97E5D058284

Function 003842EE Relevance: 4.3, Strings: 3, Instructions: 510COMMON

Download Yara Rule

Strings

in, xrefs: 00384A0C
qoy6, xrefs: 003847F1
We;<, xrefs: 00384404

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: in$We;<$qoy6
API String ID: 0-2049887250
Opcode ID: 97257ca61f88bcc65cca94e24b13b69fe6ba52d2de2be2a6af58733b63b0ffd8
Instruction ID: c10f22ef448bfb90735201030b59256ac371e14d12a2d8eaac7b66ea7eaf420d
Opcode Fuzzy Hash: 97257ca61f88bcc65cca94e24b13b69fe6ba52d2de2be2a6af58733b63b0ffd8
Instruction Fuzzy Hash: EB02D3F3F142204BF3445939DD59366B693EBD0720F2F82399A98ABBC4D87D9D0A4385

Function 0046A430 Relevance: 3.0, Strings: 2, Instructions: 516COMMON

Download Yara Rule

Strings

Xd)a, xrefs: 0046A6AC
v>?, xrefs: 0046AB21

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: Xd)a$v>?
API String ID: 0-476994917
Opcode ID: cfae25b564843fb24056e903c1d041d12e38cbfaaa75fce5001c27f972210673
Instruction ID: 0cf8237178b1950e2435a4f926ba0ceda7b8ea4ac752fa8d3ce5acc1053479f3
Opcode Fuzzy Hash: cfae25b564843fb24056e903c1d041d12e38cbfaaa75fce5001c27f972210673
Instruction Fuzzy Hash: 170201F3E142244BF3185929DC993667692EBA4320F2F823C9FC8A77C5E87E5C058385

Function 003FA4C3 Relevance: 2.8, Strings: 2, Instructions: 256COMMON

Download Yara Rule

Strings

b, xrefs: 003FA5CF
LDa|, xrefs: 003FA75F

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: LDa|$b
API String ID: 0-3893261757
Opcode ID: 7fb60ce75491af7c82abe927d2401f3d68f2589109273249d6c28b94a7c42cab
Instruction ID: e6a8f1ac7fe53422264ee10f151b9da9c82cb8d266a318104e998feeb561363d
Opcode Fuzzy Hash: 7fb60ce75491af7c82abe927d2401f3d68f2589109273249d6c28b94a7c42cab
Instruction Fuzzy Hash: B8915BB3F5122507F3944879CD683626583ABD5324F2F82788E99ABBC5DC7E9D0A13C4

Function 0037C3E9 Relevance: 1.8, Strings: 1, Instructions: 507COMMON

Download Yara Rule

Strings

r, xrefs: 0037C508

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: ba379273a9ec62a2bfc38aab0d2c916a1dc0e633c02337cdc1ae0b58d2ef4bde
Instruction ID: 75d9ddf76e954f9ae9e52632e5d43658c694a3bda1460db37e21acc4320cbd0b
Opcode Fuzzy Hash: ba379273a9ec62a2bfc38aab0d2c916a1dc0e633c02337cdc1ae0b58d2ef4bde
Instruction Fuzzy Hash: 1CF1F1F3F156154BF3489939CD5936676C3DBE4320F2F82388A989B7C9EC7E99094280

Function 0039805F Relevance: 1.7, Strings: 1, Instructions: 482COMMON

Download Yara Rule

Strings

nB?>, xrefs: 003983DB

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: nB?>
API String ID: 0-270283029
Opcode ID: 43f10eba7a0f190b7eebe5ef5ed1eb91f959a0b139da3ce2d1be9b8edd5f4d4d
Instruction ID: d75b695e41791ce5e44836eb3da3c49694dc17f7ad6cb1c0f804f8fcb6d3d9d9
Opcode Fuzzy Hash: 43f10eba7a0f190b7eebe5ef5ed1eb91f959a0b139da3ce2d1be9b8edd5f4d4d
Instruction Fuzzy Hash: ABF1EFF7F142104BF3144D29DC993767696EBD4320F2B423DEA8897BC5E97E9D068284

Function 0035A1E6 Relevance: 1.7, Strings: 1, Instructions: 453COMMON

Download Yara Rule

Strings

Oa?s, xrefs: 0035A812

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: Oa?s
API String ID: 0-989084890
Opcode ID: f8696cdc8479fc4db64be156add60de832b2334e5857a122c6f634f55914ec78
Instruction ID: 92e930c1eb328ccc59ccf1193081579b5fd76d16ab419ca49cc46efbff33a653
Opcode Fuzzy Hash: f8696cdc8479fc4db64be156add60de832b2334e5857a122c6f634f55914ec78
Instruction Fuzzy Hash: 18F1E1B3E142248BF3445E39CC943AAB692EBD4324F2B863C9ED8973C0D97E5C059785

Function 00450276 Relevance: 1.7, Strings: 1, Instructions: 422COMMON

Download Yara Rule

Strings

A%7, xrefs: 004506FF

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: A%7
API String ID: 0-3576645031
Opcode ID: a51f2507d79969fc7ac0d64a3a217233caf194dc0be4394da8996be6a5cfaee3
Instruction ID: a5782de80940ea60b2d76b86f0dc635876832377858cfbaf24e192ae8f7e6b35
Opcode Fuzzy Hash: a51f2507d79969fc7ac0d64a3a217233caf194dc0be4394da8996be6a5cfaee3
Instruction Fuzzy Hash: 0FD1D1F3E142204BF3185E29DC99366B6D2EB94720F1B863C9E88A77C4E93E5D0587C5

Function 0038714C Relevance: 1.7, Strings: 1, Instructions: 409COMMON

Download Yara Rule

Strings

b!U, xrefs: 00387582

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: b!U
API String ID: 0-36410507
Opcode ID: b0d2c0a5ea9df4a8b40ef4e862b3a4bd3fb9d293dc3597d65e3ef75ff76f72f2
Instruction ID: bbedfe4292ac36236003dacd6f1c58307afbb2dc5cdd7b18ccefa09e13b40bd8
Opcode Fuzzy Hash: b0d2c0a5ea9df4a8b40ef4e862b3a4bd3fb9d293dc3597d65e3ef75ff76f72f2
Instruction Fuzzy Hash: FBD1D0F3E142104BE3045E29CCA43B6B7D2EBD5720F2A423CDA89973C4EA7E5D458785

Function 004042F9 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

H$, xrefs: 004045DD

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: H$
API String ID: 0-156034157
Opcode ID: ee38fa76aa78b0a95015b5db63b2a4fa7ccdacd820d77bb26f3317d422e9b574
Instruction ID: 409d267569f71d84f15308d38f8b6a9952da1b5f85eb4ae8db4331a14a86d022
Opcode Fuzzy Hash: ee38fa76aa78b0a95015b5db63b2a4fa7ccdacd820d77bb26f3317d422e9b574
Instruction Fuzzy Hash: CBC169B3F1111047F3484939CD693A62683DBD1324F2F82798B99AB7C5DD7E9E0A5384

Function 003BC409 Relevance: 1.6, Strings: 1, Instructions: 326COMMON

Download Yara Rule

Strings

'J/g, xrefs: 003BC411

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: 'J/g
API String ID: 0-2691075099
Opcode ID: 9b97c69d04973cb7f7892745e09e90bce9872edb18addb85e5d7aec02814cbef
Instruction ID: c0fa828749054afcb3222f54a771e323bb5b31e4d4207f2b74bb7d2ec6e975a1
Opcode Fuzzy Hash: 9b97c69d04973cb7f7892745e09e90bce9872edb18addb85e5d7aec02814cbef
Instruction Fuzzy Hash: 47B18CB7F2122547F3140978CDA83A26693DBD1324F2F82388E596BBC6D9BE5D4953C0

Function 003E84FB Relevance: 1.6, Strings: 1, Instructions: 323COMMON

Download Yara Rule

Strings

>, xrefs: 003E86D4

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: >
API String ID: 0-325317158
Opcode ID: 01a7a7e410f9d9243264d294f858c673da9467c0fd6cb3d7b6ef2fb8f136f6d9
Instruction ID: a2c2aaa67d56b14106107a21b8f47c9190ba359e416ff3364461c1159f8eabb2
Opcode Fuzzy Hash: 01a7a7e410f9d9243264d294f858c673da9467c0fd6cb3d7b6ef2fb8f136f6d9
Instruction Fuzzy Hash: 90B16BB3F2112047F3544939CD683626693EBE5324F2F82788E98ABBC5D87E5D0A42C4

Function 003BF060 Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

?,O/, xrefs: 003BF314

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: ?,O/
API String ID: 0-1684793084
Opcode ID: ed94e16e8721ec4c4097c1e63176858ad605d43f2aab8b932b731efa08cdca26
Instruction ID: e43842e3c1bf47bdabacd7a8abca3d5cea7c08371b20770a77d950311ae83661
Opcode Fuzzy Hash: ed94e16e8721ec4c4097c1e63176858ad605d43f2aab8b932b731efa08cdca26
Instruction Fuzzy Hash: C3A19EB3F5022547F7444938CDA83A26683DBD5710F2F82388F49AB7C9D97E9D0A5384

Function 0036B176 Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

_BXu, xrefs: 0036B409

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: _BXu
API String ID: 0-2470038441
Opcode ID: f9afcf96742a27d6856c20dbc9a1c099b6c95224623923373de7bd83be4b1abb
Instruction ID: c82558fb08a3de86b896f3d4806a0046f17e8a5d116ee2e2fae55a4fe96207ff
Opcode Fuzzy Hash: f9afcf96742a27d6856c20dbc9a1c099b6c95224623923373de7bd83be4b1abb
Instruction Fuzzy Hash: E8A18BB3F506254BF3544835CCA83A26683ABE5324F2F82788F99AB7C5D97E4D0653C4

Function 003762EB Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

#A#6, xrefs: 003763D6

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: #A#6
API String ID: 0-2475219651
Opcode ID: 80bb0afba69d417d4e840c178913efd6fbdcc8b0fa31a81a74af82956941c696
Instruction ID: 4b1998b8445bb13508e353eb5e7e53c3f1b5a210776d2fea8e952e7307f4e270
Opcode Fuzzy Hash: 80bb0afba69d417d4e840c178913efd6fbdcc8b0fa31a81a74af82956941c696
Instruction Fuzzy Hash: 57A17FF3F6152547F3540938CC683A16683EBE5311F2F82388E48ABBC5D97E9D495380

Function 003AE5E3 Relevance: 1.5, Strings: 1, Instructions: 275COMMON

Download Yara Rule

Strings

9, xrefs: 003AE6E0

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 678795ec9705fc8d77532dd8139be077fa5f6a783aad17b65d20a2f2a9ccd7da
Instruction ID: 78b2f922d62ec8fd4ef60263245eb7219fa2aba5f2f96d0f34c3cd42a85e1f78
Opcode Fuzzy Hash: 678795ec9705fc8d77532dd8139be077fa5f6a783aad17b65d20a2f2a9ccd7da
Instruction Fuzzy Hash: 77918CB3F2112547F3544A68CC683A17653EBD6320F2F81788E486B3C5D9BE6D4993C4

Function 003D81CA Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

T4?*, xrefs: 003D81CA

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: T4?*
API String ID: 0-3308054863
Opcode ID: 256c8951505d6e276cd70aa1c4bed99bb75ff635afd7317b7f583e240de40a0b
Instruction ID: b5580bbb1c7342464878ec73dcbd6f7bf980c0d10b176aad9c7e93842b0e3deb
Opcode Fuzzy Hash: 256c8951505d6e276cd70aa1c4bed99bb75ff635afd7317b7f583e240de40a0b
Instruction Fuzzy Hash: B391ADB3F5062547F3484829CDA83A26683DBE5320F2F82798F5DAB7C5DC7E5D0A5284

Function 0043C2D5 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

O5il, xrefs: 0043C2D5

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: O5il
API String ID: 0-816336273
Opcode ID: d63f7013aa3373114afd73436ca7c2a21f5bf131c7a965608d7bd07562f4e52c
Instruction ID: 41e5192d7b0e8176c37033946b5b8dacc1bf553a6563580da6e36ef7d80ede48
Opcode Fuzzy Hash: d63f7013aa3373114afd73436ca7c2a21f5bf131c7a965608d7bd07562f4e52c
Instruction Fuzzy Hash: EE915DB3F502254BF3544979CDA83A26683DB95710F2F82388F89677C9DCBE5D0A5384

Function 003E2530 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

5=M#, xrefs: 003E26AC

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: 5=M#
API String ID: 0-766697846
Opcode ID: 89a1ddd1caafd577e43ff5169970cd661e6561d6ad7685d031375d9c80b772a4
Instruction ID: 7d5eb1b7359f22e3c50433e14b36881088a96b76a92058a6f70fa48c73f99de8
Opcode Fuzzy Hash: 89a1ddd1caafd577e43ff5169970cd661e6561d6ad7685d031375d9c80b772a4
Instruction Fuzzy Hash: 6D9159B7F1112547F3584D28CC68361A693EBE5324F2F827C8E896B7C8D97E5E0A5384

Function 0048A1FA Relevance: 1.5, Strings: 1, Instructions: 263COMMON

Download Yara Rule

Strings

3a7, xrefs: 0048A1FA

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: 3a7
API String ID: 0-3374949718
Opcode ID: 62cb661ae7cc6db9487725017794c7ace501bc7f3dcd3ab6c4e8cc4d67fd8b02
Instruction ID: c34b640808e71698a68e314ccd1e71a5989d55f7252ba23b62e5c9d5039a1414
Opcode Fuzzy Hash: 62cb661ae7cc6db9487725017794c7ace501bc7f3dcd3ab6c4e8cc4d67fd8b02
Instruction Fuzzy Hash: 5191AFB7F1022547F3100E68CCA83A1B292EB96310F2F42798E486B7D5D9BE6D0993C4

Function 003C835A Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

Z, xrefs: 003C85B0

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: Z
API String ID: 0-1505515367
Opcode ID: c70dfb58311433916e6d1982d0c8fc5575048eee959b9f48c7602e2f24be6250
Instruction ID: 8cce008db3f622bdfe602e05e26d8087e448ac873eaa37bb90846d540ae68f21
Opcode Fuzzy Hash: c70dfb58311433916e6d1982d0c8fc5575048eee959b9f48c7602e2f24be6250
Instruction Fuzzy Hash: 869179F3F1122147F3584D29CCA93A27682EBA1324F2F81788E896B7C5DD7E9D095384

Function 0045A1EA Relevance: 1.5, Strings: 1, Instructions: 234COMMON

Download Yara Rule

Strings

`, xrefs: 0045A294

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 41a7ae6e359b4ab625e9309a17c0826af5052d1e51c103f18a2b257e9fef0ec1
Instruction ID: 07f89d4c3ca33ed2e34a0f7aa6005acc546842f484c9c3195cc17051091dcb3a
Opcode Fuzzy Hash: 41a7ae6e359b4ab625e9309a17c0826af5052d1e51c103f18a2b257e9fef0ec1
Instruction Fuzzy Hash: E2815AB3F1122547F3504D69DC983A16283ABD5325F2F82788E8C6B7C9D8BF6D4A5384

Function 003BE3DE Relevance: 1.5, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

$C, xrefs: 003BE3DE

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: $C
API String ID: 0-278732962
Opcode ID: 7cf4529cb137523190d9a8c48788a33c9d7a6e2805767d62b415eecc892eaba9
Instruction ID: 37f5958bcde471f4bd0e637406197547fb3aa570674e6037b323fd883b54cc6d
Opcode Fuzzy Hash: 7cf4529cb137523190d9a8c48788a33c9d7a6e2805767d62b415eecc892eaba9
Instruction Fuzzy Hash: 5D619FB3F012154BF3544D68DC643A1B693EBD1324F3F81388A89ABBC5E97EAD055384

Function 003B44D2 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

, xrefs: 003B4626

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: a629bed57c1ed5b936cc34498abd721f9b85f087275f603ab1ec51143a667dca
Instruction ID: 7770a055824b200cf9ae20a73120206e4612e0af74502aceb39fb2eef7a0f73f
Opcode Fuzzy Hash: a629bed57c1ed5b936cc34498abd721f9b85f087275f603ab1ec51143a667dca
Instruction Fuzzy Hash: 536188B3F1162547F3584839CD683A265439BE1324F2F423C8E996B7C6E8BE5D4A5284

Function 0033E070 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

V, xrefs: 0033E253

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: a47718eca5809746c678b824d863725bd4496bfb03580d73c803df19511ae3a3
Instruction ID: 9222fc2d435d8babe89f031de296934f1709f0f9d0eefdd47bfd7cd2aad9fc6f
Opcode Fuzzy Hash: a47718eca5809746c678b824d863725bd4496bfb03580d73c803df19511ae3a3
Instruction Fuzzy Hash: DB31C77644830E9FDB178F61D5C45EF3BA9EE56330F304126E84282E82D6F20D55AB69

Function 0044D1DC Relevance: .6, Instructions: 619COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c06d3df2aac1b9bc28b7b190882735545fe5985f5bf877d2c7ecd83bbe2bcaf6
Instruction ID: 4ad4a484c2f59be8575c8ce1c1fa644f71b9210b5ca9c0bbca8b24a675466b8e
Opcode Fuzzy Hash: c06d3df2aac1b9bc28b7b190882735545fe5985f5bf877d2c7ecd83bbe2bcaf6
Instruction Fuzzy Hash: AE2249F3F515240BF7640878CD593A2598397E1324F2F82798E6CAB7C6D8BE5D4A42C8

Function 004800A7 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0913c3073c37550991d0112affd55ec3aed15c0a73d4908a7293f8ee4ec09197
Instruction ID: f8a0f45295fbb019a34344c56f29d898ae824e5cdf205157fc7d533bca24d6c5
Opcode Fuzzy Hash: 0913c3073c37550991d0112affd55ec3aed15c0a73d4908a7293f8ee4ec09197
Instruction Fuzzy Hash: D20279B3F616240BF7A00478CD983A6598297A1320F2F42758F5CAB7C6D8BE5D4A53C9

Function 003821BC Relevance: .5, Instructions: 512COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73a7aba4b03ca462a7a7d9596885864f3f2c0762889fd678abfe38c7f8bece8b
Instruction ID: 2232a9138617b02c0ec2d2200bf655c3e2b92a920b2e8390b2e2313cc386810e
Opcode Fuzzy Hash: 73a7aba4b03ca462a7a7d9596885864f3f2c0762889fd678abfe38c7f8bece8b
Instruction Fuzzy Hash: AE02BEF3F152204BF3448929CC98766B697EBD4320F2B863DDA88A77C5D97E9C064385

Function 0043511A Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad39cecfb3a90fad5c6101503b2a4578669299cdf2dfa04d72e260564eece396
Instruction ID: 1e0e46d0dfd9affe19b5d3ad61842074f75823bd6648b360c7068eec55c72a08
Opcode Fuzzy Hash: ad39cecfb3a90fad5c6101503b2a4578669299cdf2dfa04d72e260564eece396
Instruction Fuzzy Hash: 0602E2B3F052108BF3545E39DC88366B693EBD4310F2B863CDA989B7C5E97E59098385

Function 004846E8 Relevance: .5, Instructions: 496COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d83881c626392a0942341db1071e39834c5c5ab2fe27f083a787bbb54cf99c8
Instruction ID: 07df63f89cdc2aa9d7e225ce2621a1e9a03a6f71bbfda2412e3b33bf60c61bcc
Opcode Fuzzy Hash: 9d83881c626392a0942341db1071e39834c5c5ab2fe27f083a787bbb54cf99c8
Instruction Fuzzy Hash: CFF1DEF3F112254BF3044A29DC943667693EBD5720F2F823D9A889B7C5E87E5C0A4285

Function 0041F0CC Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10ba3ebb0b256802b13a5be37899f4bd1d78fb0b58359fd0e4df526f7197f544
Instruction ID: 0391d8fa75cc2827a4a539c3452f9b202479d6fecc6e6a0d8b235a01bb2ffc1d
Opcode Fuzzy Hash: 10ba3ebb0b256802b13a5be37899f4bd1d78fb0b58359fd0e4df526f7197f544
Instruction Fuzzy Hash: D8F1CCF3F106214BF3444979DD98366B693ABE4320F2F82399A88977C5E87D9D0A4385

Function 003CE2BE Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5edbebebb39c799d99af66fdf45f7240c168d5b79feab0eb395ecc45f9353387
Instruction ID: eb05cf5a40b3173c5fc2611e00e31d304fde05575065f34cc9a6d4931b1f0ce3
Opcode Fuzzy Hash: 5edbebebb39c799d99af66fdf45f7240c168d5b79feab0eb395ecc45f9353387
Instruction Fuzzy Hash: C8F1C2B3F112244BF3444979DD6836276939BD4320F2F82399E8CAB7C9EC7E9D064285

Function 00406405 Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8648fc62849fff3bfaae0c3d7aea0dd6a8959d3a8b1345e79f87e4223e387b7
Instruction ID: 3046b757927a68e67e01255a70396c7bd454b5e270de9b96df6bf84054ddeca1
Opcode Fuzzy Hash: d8648fc62849fff3bfaae0c3d7aea0dd6a8959d3a8b1345e79f87e4223e387b7
Instruction Fuzzy Hash: 30F1BEF3E142204BF3545968DD993A6B692EB94320F2F823C9F98AB7C4E97E4D0543C5

Function 003863CC Relevance: .5, Instructions: 457COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 280018e6e6696111e9c163224bff3cd5ca24af48b81d4bf9f82cfb8ef388f3d7
Instruction ID: 168ecfcdb0310614cafaf00309d9b6bd3116fd465b6ed9d099e3ef09ec0bf920
Opcode Fuzzy Hash: 280018e6e6696111e9c163224bff3cd5ca24af48b81d4bf9f82cfb8ef388f3d7
Instruction Fuzzy Hash: 7BE1CEF3F156244BF3485928DC993667692EBD4310F2F823C8B89AB7C5E97E8D094385

Function 0034C310 Relevance: .5, Instructions: 451COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42fb643c190f9d74db0b6cfcbe7e856db3bf4d0486d7cb08369b79a4cf535fc1
Instruction ID: 143be483cf355da1e10cb5bd8c94c56378b4d77ebd9198865cf419856ce6da62
Opcode Fuzzy Hash: 42fb643c190f9d74db0b6cfcbe7e856db3bf4d0486d7cb08369b79a4cf535fc1
Instruction Fuzzy Hash: 13E100F3E142108BF3185E29DC99366B6D2EBE4320F2F463D9E88973C0E97E5D059685

Function 003C3094 Relevance: .4, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8561d62f71b22a47f891931d9c6b33e86c952e0e52bc47c14807a3491645aa5
Instruction ID: 313ff44acb46676863837145a3032c255fb6a967a7a081dc842bbd7d4abf5012
Opcode Fuzzy Hash: b8561d62f71b22a47f891931d9c6b33e86c952e0e52bc47c14807a3491645aa5
Instruction Fuzzy Hash: 00D1DFF3F102245BF3544D68DC983A67692EBD4320F2F853D9A88A77C5E97E9D064384

Function 00480170 Relevance: .4, Instructions: 397COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f92ab39c739b1217c09b5dfe45608dfcd28dc60b6fe44124e143c473dbacb4cc
Instruction ID: ee82b3b43f997f11f50de1176973a07f701c62113c42ab828f824bbb262dd437
Opcode Fuzzy Hash: f92ab39c739b1217c09b5dfe45608dfcd28dc60b6fe44124e143c473dbacb4cc
Instruction Fuzzy Hash: 60D168F3E61A240AF7A40478CD983A6198357A2320F2F4275CF5C6B7C6D8BE5D4A43C9

Function 00439009 Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5565a519d17d3e25a0a2d22d1bc01df2ef25996152d704d73a9f7071eb4e9bf
Instruction ID: 13771a8117d17cebd04d056cc8f28c5d4aaafd2a662f8642d3e939b416dd9e97
Opcode Fuzzy Hash: d5565a519d17d3e25a0a2d22d1bc01df2ef25996152d704d73a9f7071eb4e9bf
Instruction Fuzzy Hash: 5FD19EB3F1162547F3544968CCA83A2A683DBD5324F2F82388F58AB7C5D97E9D0A53C4

Function 0036C27B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9e8ac2286de48120969ee0163c07a47cba877ad062cd87c2389e349e5466e8b
Instruction ID: e40333499215ed8080d4afb01de9a1b6bcb7aa422794787546931e22c8332946
Opcode Fuzzy Hash: a9e8ac2286de48120969ee0163c07a47cba877ad062cd87c2389e349e5466e8b
Instruction Fuzzy Hash: 37D18CF7F206250BF3444968DCA83A125839BE5324F2F42788E9D6B7C6D8BE5D0A53C4

Function 003B604B Relevance: .4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2dccadf929aabb19f9743822fdbe7c88179e6590f9f4faf710c4cef12edbebb
Instruction ID: 456284e9261317dae80d53dfc9d331212279d269bb83a6df8b41f9e16b817753
Opcode Fuzzy Hash: c2dccadf929aabb19f9743822fdbe7c88179e6590f9f4faf710c4cef12edbebb
Instruction Fuzzy Hash: B1D17CF3F1162547F3484968CCA53A26683DBE5324F2F82788F49AB7C5D8BE5D0A5384

Function 003A70B6 Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe8ab1e4939f58e532b576efcb7a3ee7b4635ff5aa726390fee5a194f916f17b
Instruction ID: 06bf6936ad702da57ae64e265bfaf9a95846a9f40332bf9e1bdcb1943bd0d6ed
Opcode Fuzzy Hash: fe8ab1e4939f58e532b576efcb7a3ee7b4635ff5aa726390fee5a194f916f17b
Instruction Fuzzy Hash: F6C1A0B3F6062547F3584838CC693A26583DBD5324F2F823C8E59AB7C5D8BE9D4A5384

Function 004162EA Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f06e5427e5c61fd2d706563983fd2d11d3470dfdec695a3df27120f1ce4ee40
Instruction ID: 4e5290378292dcce8b8fef23b865f4ffe7a9efc7923846f2e1001d0b51dd38da
Opcode Fuzzy Hash: 1f06e5427e5c61fd2d706563983fd2d11d3470dfdec695a3df27120f1ce4ee40
Instruction Fuzzy Hash: E3C18CB3F6122547F3444879CC983A26683DBD5320F2F82788F58AB7C9D8BE9D465384

Function 004481FD Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5141417e98c1cc5a4795d283508432152ddffd124ff3ded19fd498a1764d473
Instruction ID: 48b4c958c5b1476b8210562128c74346daeaba39256cbd6c3e3ba2e6a563313d
Opcode Fuzzy Hash: d5141417e98c1cc5a4795d283508432152ddffd124ff3ded19fd498a1764d473
Instruction Fuzzy Hash: A4C19CB3F1122547F3444978CC683A26683ABD5324F2F82388E5DAB7C5ED7E9D4A5384

Function 003F6512 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f230add7f567755f1ef63ec9c323ed297b04e62dd00d5ce645dd91276b4a362
Instruction ID: 11b39331d1dd691697532e681034e049a8426898597ea945bf2bf317d311ddf7
Opcode Fuzzy Hash: 4f230add7f567755f1ef63ec9c323ed297b04e62dd00d5ce645dd91276b4a362
Instruction Fuzzy Hash: 46C16BF3F1122547F7484879CD68362658397E5321F2F83388E996BBC9ECBE5D491284

Function 00476026 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ed225e49654f1c6be33d15c16b9f702d141907c317b52e587bfd5eebcf60b5
Instruction ID: 12d069c00607c382db91db3e77e04c4478cb9dd15e7536a613273a6cd1989b47
Opcode Fuzzy Hash: 80ed225e49654f1c6be33d15c16b9f702d141907c317b52e587bfd5eebcf60b5
Instruction Fuzzy Hash: 8EC1BCF3F112154BF3584D38CC683626583DBD6314F2F82788B19AB7D9E87E9D0A6284

Function 0048621A Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f79fe593fc625d12a9c6ef38d3a01053dc0fca69d0d63b90c20ec8d5f46cbee1
Instruction ID: 314d0b9df0d360f1ed3ac1f7a7b1bcfd146535dc78981daf4b78ee17ba6cfa37
Opcode Fuzzy Hash: f79fe593fc625d12a9c6ef38d3a01053dc0fca69d0d63b90c20ec8d5f46cbee1
Instruction Fuzzy Hash: E7C19DB3F1122547F3584929CCA83A26683ABD5324F2F82788E9D6B7C5DC7E5D0A53C4

Function 00358364 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69583ca0572e9773c67d13ee848968b3b65edda7eeb1b84b832fd7531eb919e9
Instruction ID: 00b07a77d17d9748f8d2dfa2fde8e9b142a1939f2c75a43af449e44649ad0401
Opcode Fuzzy Hash: 69583ca0572e9773c67d13ee848968b3b65edda7eeb1b84b832fd7531eb919e9
Instruction Fuzzy Hash: C6C17EB3F1122547F3544D29CCA83A27643DBD5320F2F82788E986B7C5D97E9D4A5384

Function 003D45E7 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48a622881c6a0eab31afdd84e565e46d4aa776ef6b0796362c8137fcfbd565f6
Instruction ID: b198d5f7b6d1d3d4a18d104768e6dd619d53721d85d13287a36bdbb0f235cfe8
Opcode Fuzzy Hash: 48a622881c6a0eab31afdd84e565e46d4aa776ef6b0796362c8137fcfbd565f6
Instruction Fuzzy Hash: DFB17CB3F112250BF3584939DC683626683DBE5314F2F82798B4DABBC9DC7E5D0A5284

Function 003B2592 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1bb503a8f1e92623cfe1b2ca4f38aa1739487e91a8ff62bd83e511baf6179b
Instruction ID: c43bf9419b92c427fa47b7e64ab1b5844caaf0d62cb0c0c9c4892e3c369a6a51
Opcode Fuzzy Hash: 9b1bb503a8f1e92623cfe1b2ca4f38aa1739487e91a8ff62bd83e511baf6179b
Instruction Fuzzy Hash: 0FC157B3F1162147F3544938CD683A26693ABD1724F2F82788E9CAB7C9D87E5E0953C4

Function 003D862F Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af0940aa0e54df9d6d3d4e07263a502bd3d1138620249407d5eda3466d679502
Instruction ID: d248fb06c8b8bb825bce8790c9cb55a3a15c1edfa7f916af3d26c2e9699aa68e
Opcode Fuzzy Hash: af0940aa0e54df9d6d3d4e07263a502bd3d1138620249407d5eda3466d679502
Instruction Fuzzy Hash: CAB16BF7F2112547F3544878CD583A265839BE5324F2F82788F8CAB7C5D8BE9D4A5288

Function 003AA3FC Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f17f75ccc65c4dcddfbda5d82c23524f2dffc55e21fa6cd35659b8f3e4d49ef
Instruction ID: 70beb871455266624de93edb6118b058bb1929603032ef682bed7f300a53ae0f
Opcode Fuzzy Hash: 7f17f75ccc65c4dcddfbda5d82c23524f2dffc55e21fa6cd35659b8f3e4d49ef
Instruction Fuzzy Hash: F1B1ABB3F1122507F3544868CDA93A26683ABD5320F2F81788E4DAB7C5DD7E9D0A53C4

Function 004321F7 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b198ec56955a2e0b14cae4e5c720a220eb8c0ca4fa7a82f2007ea2f3b14ae86
Instruction ID: 187f0ddb416c9c8ff784a72dd184f5ab9ec77c822cac7980757ec31b6817d0a6
Opcode Fuzzy Hash: 5b198ec56955a2e0b14cae4e5c720a220eb8c0ca4fa7a82f2007ea2f3b14ae86
Instruction Fuzzy Hash: 76B19AB7F1023547F3544938CCA83A26682ABA5324F2F82788F9D6B7C5E87E5D0953C4

Function 0036057C Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eefbfc42cd04705fcfd21a0938b8e5d696546e292f8039a90139a22917953f91
Instruction ID: b11489ac95b6629a90a97660647102484679faa946bdaa2316307fbc3b9de7cc
Opcode Fuzzy Hash: eefbfc42cd04705fcfd21a0938b8e5d696546e292f8039a90139a22917953f91
Instruction Fuzzy Hash: 7FB17EB3F502254BF3484978CCA83A26683DBD5714F2F82388F59AB7C9E9BE5D055384

Function 0039F10F Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f45478280748863fed2e5b1279e03d77a531b77024c613f9fa2cd02e458aff0
Instruction ID: 08bf71129a74ff9e8b8b3f37811c24b95ea1627133c57ca2bee2923a082e3fd9
Opcode Fuzzy Hash: 3f45478280748863fed2e5b1279e03d77a531b77024c613f9fa2cd02e458aff0
Instruction Fuzzy Hash: 47B18FF3F2112547F7544839CD683A225839BE5314F2F82798A8D9BBC9DCBE9D0A5384

Function 0041C45E Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0155c34b161e3ccda586fcffd61080ed167649b8c09ec8938f743a1577fe391
Instruction ID: 82c97c331f2391fce216f4cefd2d4da5a2a9792c442dbb5d9781ab4fb68823c0
Opcode Fuzzy Hash: a0155c34b161e3ccda586fcffd61080ed167649b8c09ec8938f743a1577fe391
Instruction Fuzzy Hash: 11B1B0B7F5022547F3544978CCA83A17282EBD5314F2F827C8E48AB7C5D97E9D495384

Function 004821CA Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa1ee66f0c81c64740a83a41fa00e1964823e220abf029cf9b6b85248d278d9d
Instruction ID: 925aa3f40c420be4de7a148042e42545b1166f7fa9cfd1e3b9b5c61375c444cf
Opcode Fuzzy Hash: aa1ee66f0c81c64740a83a41fa00e1964823e220abf029cf9b6b85248d278d9d
Instruction Fuzzy Hash: 00B128B7F1122507F3544879DC68362A583ABE1724F2F82788E89AB7C5DC7E9D0653C4

Function 004600FA Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5a0b59db31f8e719329e21fe3b7c1d1b640b2254d701295113e676639994bb5
Instruction ID: f7159eb4178ed0b93d7f9d33fdd8f43acd803a9adc951353fbc90f1485d6ce38
Opcode Fuzzy Hash: d5a0b59db31f8e719329e21fe3b7c1d1b640b2254d701295113e676639994bb5
Instruction Fuzzy Hash: 0AB16BF3F1122547F3544929CC683A26683DBE5324F2F82788E8DAB7C5E97E5D0A5384

Function 003FF0A0 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72618a828d0df82ba6b583712a9a55d74271f0163606473a3fa53dbb9b7f960a
Instruction ID: 72ed5b71c2545c205ab8cbe99f6f73a08d986a5ac7adc1ab1efc79aa20031ead
Opcode Fuzzy Hash: 72618a828d0df82ba6b583712a9a55d74271f0163606473a3fa53dbb9b7f960a
Instruction Fuzzy Hash: 9CB138F7F1162507F3584878CD683A66583DBA0324F2F82389F9AAB7C6E87E5D051384

Function 0038E61E Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ed3fb124205a23b0358d3a201e7a658f95bcefecb4ca07dc9d6c724b331bb9b
Instruction ID: d7d58ef93934c0da594c8683569d187c6ef00bae69e40f49cd31b1a98f3ed678
Opcode Fuzzy Hash: 7ed3fb124205a23b0358d3a201e7a658f95bcefecb4ca07dc9d6c724b331bb9b
Instruction Fuzzy Hash: BCB19FF7F1122147F3944978CD583A26643EBD5314F2F82388E98AB7C9D9BE9D0A5384

Function 003A10A8 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59cf27f27238b8c3cf318e88edc0ae34a8b6e7d0538e1294496c21536ab8eedd
Instruction ID: 92bb05beeb46cc23f73e857c07170c3c3559ec1cd5cbf1084a2da2365133b8d1
Opcode Fuzzy Hash: 59cf27f27238b8c3cf318e88edc0ae34a8b6e7d0538e1294496c21536ab8eedd
Instruction Fuzzy Hash: F5B199B3F6052547F3584938CD683A26683DBD1320F2F423C8F59AB7C5E9BE9D065288

Function 0037E032 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809bc63d18295e4901cad12b788c68bc2629fd807e84b059c044e76b67c38fdb
Instruction ID: 3e14bd41ee11da702ba0bf2223bf09be26b6b65067cb4d3e86499c37b13e238f
Opcode Fuzzy Hash: 809bc63d18295e4901cad12b788c68bc2629fd807e84b059c044e76b67c38fdb
Instruction Fuzzy Hash: 3FB160B7F112214BF3584939CD683626683EBD5314F2F82788A8C6BBC5DC7E5D4A5384

Function 00438468 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a6bc574053832dff40b6d4fe35e6f5446bf18b56429b7c811513f60d2e9c62
Instruction ID: 75bc81bdf9156ee20bb06bd6f91ae992a15ee8e2d179be50cb84824b311b0f2a
Opcode Fuzzy Hash: 79a6bc574053832dff40b6d4fe35e6f5446bf18b56429b7c811513f60d2e9c62
Instruction Fuzzy Hash: 88B19DB3F1012447F3544939CC68362B682ABD5324F2F427D8E9CAB7C4D9BE9D0A52C4

Function 00412438 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da3384cef22eb0d09a91eb3aed1690084df741fab2d05533efc48c2a9f619266
Instruction ID: 7fa0bb5b2e2cd24e08919592197cc213f867b86155770fe0954476577a32827f
Opcode Fuzzy Hash: da3384cef22eb0d09a91eb3aed1690084df741fab2d05533efc48c2a9f619266
Instruction Fuzzy Hash: 8DB19FB3F112254BF3544978CC683A26683DBD5311F2F82788E89AB7C5DCBE9D495384

Function 0044C520 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ad89f0b2902539c4ce2c29397c0ca5cb28b551cd22b11d8878fe1a96071b25
Instruction ID: 2fbf60cf1a4fa3fdd5c3b8556f32e94a15459d20d51d6ec530d0c14638acc1cd
Opcode Fuzzy Hash: 70ad89f0b2902539c4ce2c29397c0ca5cb28b551cd22b11d8878fe1a96071b25
Instruction Fuzzy Hash: 03B17DB3F1022547F3544979CCA83626583DB95320F2F82788E58ABBC9D8BE5D0953C4

Function 00436231 Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cecea08533c8271331c4cea3be4e94f31639bbbc89bdb2a2d13a8d3178518ac6
Instruction ID: 1bb62853b7e82ce40b14f93ef22f265c59a21bd79ccfc4422b29769c38cec81f
Opcode Fuzzy Hash: cecea08533c8271331c4cea3be4e94f31639bbbc89bdb2a2d13a8d3178518ac6
Instruction Fuzzy Hash: 58B177B3F1162447F3444878CCA93A26243EBA5324F2F82798F596B7CADC7E5D0A5384

Function 0043E175 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f5c6a3c590222ecb03a0d2a4351742b1394e51791aa06a642aed8bb8a795685
Instruction ID: 69d32ca85f8232d43efcaa3af5944a9dea9b3ee7f9b470e4c773a503d0660978
Opcode Fuzzy Hash: 4f5c6a3c590222ecb03a0d2a4351742b1394e51791aa06a642aed8bb8a795685
Instruction Fuzzy Hash: DAB17CB3F5122547F35848B8CDA83A2658397D5324F2F82788E996B7C5DCBE5D0A13C4

Function 003A40C8 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5311de1801dffcc626782628c5e315dd99eafcf1f556bab055f3d67a22423920
Instruction ID: 55f4030bb235753bbc3a52be37fc3961b289d720cd70a330c5072df5b4f0f85c
Opcode Fuzzy Hash: 5311de1801dffcc626782628c5e315dd99eafcf1f556bab055f3d67a22423920
Instruction Fuzzy Hash: 1CB18DB3F1122547F3544839CCA83A26683DBD5324F2F82798E99AB7C9DC7E5D0A5384

Function 0034A1AA Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0d2e70f4575bdb4db08cb86fddc0f93384bd33e200a11a46a9a007d5362615e
Instruction ID: 4333bd9b5d0d8d386f6ef89e78878d03768c34edee6aa68f36910d01d25c9194
Opcode Fuzzy Hash: f0d2e70f4575bdb4db08cb86fddc0f93384bd33e200a11a46a9a007d5362615e
Instruction Fuzzy Hash: 50B1ADB3F5122507F3484929CC683A66683EBE1324F2F827D8E9A5B7C5DC7E5D0A5384

Function 004943D6 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a77e5a7ddda081c48183a21601c8b7ff84d06b0c1a47010044085f7605d2d5
Instruction ID: 8e79da004f4cc522639c1adb286d18646bde2dcfdf266d16a04c13de960fdd66
Opcode Fuzzy Hash: a5a77e5a7ddda081c48183a21601c8b7ff84d06b0c1a47010044085f7605d2d5
Instruction Fuzzy Hash: 0FB1ABF7F1062547F3540829CC693A26683EBD1314F2F82798E8DABBC5D87E8D0A5384

Function 0042E2E6 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 058f62f77708aec78823ad935d1dac7f217dffe68cb54e9d18ec48230e7fa956
Instruction ID: 1ff21363f4f19f804b5262a07601485a91f44d77c263cc8360b0ea9b450087be
Opcode Fuzzy Hash: 058f62f77708aec78823ad935d1dac7f217dffe68cb54e9d18ec48230e7fa956
Instruction Fuzzy Hash: EFB17AB3F2152047F3548879CD993A265839BD5324F2F82788E9CAB7C9D87E5D0A5388

Function 003A83B8 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9dc4182baa24baa8cf109876729da4e4adda7b3743d8b9869306c8bea1bc7d0
Instruction ID: e16ca1326c4571a38cf85566c83017b03c439c3b82fc57007fa06c70751faffe
Opcode Fuzzy Hash: b9dc4182baa24baa8cf109876729da4e4adda7b3743d8b9869306c8bea1bc7d0
Instruction Fuzzy Hash: 9FB14BA3F112254BF3544978CC683626683DBD5724F2F82789F89ABBC9D87E5D0913C4

Function 00490594 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e815da01f5fe2b4b2966a789f1713c03abb71b944952096fc5c6f7c7bbac8b97
Instruction ID: 251994b168a87cba1c69ff747a24d7bbeaf341e9e9833fb406b8d326baeda0c7
Opcode Fuzzy Hash: e815da01f5fe2b4b2966a789f1713c03abb71b944952096fc5c6f7c7bbac8b97
Instruction Fuzzy Hash: CCB16CB7F102244BF7444968DDA83626683DBD5320F2F82788F986B7C9DCBE5D0A4384

Function 004883BE Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 812dabdb1edf6697e1014f5d4b6eb8178e2800b4c8b50c24076711c9cea8703b
Instruction ID: bbdf47c96dc5045d3233734f2b6a279cc9a23014912039db0d50f4322313e7e6
Opcode Fuzzy Hash: 812dabdb1edf6697e1014f5d4b6eb8178e2800b4c8b50c24076711c9cea8703b
Instruction Fuzzy Hash: FFB143F7F1162547F3544868DCA836266839BE4324F2F82788F986B7C6EC7E5D065388

Function 003E9038 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd6a876843e66765a4a19783564fbcf562bef1fa508b12e65984f667ecbccdd9
Instruction ID: e6f6e7a500642068b0aff7e722c115e35abecafca176a7c9d4bfa940344e5b06
Opcode Fuzzy Hash: bd6a876843e66765a4a19783564fbcf562bef1fa508b12e65984f667ecbccdd9
Instruction Fuzzy Hash: B4A199B3F102254BF3544D79CCA83926683ABD5724F2F82788F98AB3C4D9BE5D064384

Function 003A90A2 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ce95224de21ef320e387812d2130a945e7e4b5c8677c9129820a0548ee2aff
Instruction ID: 4dd691f9cf38d7faa814054ba786bb3c590d883b79fe308e980365a15773ed90
Opcode Fuzzy Hash: 70ce95224de21ef320e387812d2130a945e7e4b5c8677c9129820a0548ee2aff
Instruction Fuzzy Hash: 5AB15EF7F516244BF3444829DD983A22583E7D5315F2F82788F886BBCAD8BE5D0A5384

Function 003CA0FD Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dde569698521d0e8d1e7977323be360cb432ea703597e13f445e61f972f101f
Instruction ID: fd67aa1eaf3892931265718edfd5852ff055e82dc8551f5dd715e5c47b076239
Opcode Fuzzy Hash: 1dde569698521d0e8d1e7977323be360cb432ea703597e13f445e61f972f101f
Instruction Fuzzy Hash: E7B17BB3F112254BF3044D68CCA83617683EBD5724F2F42389E989B3C5E9BE6D059384

Function 0039E4CB Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e31df5af76d82348915e4da0c79c48234ad258cb19a27fe1b6a8f917eeaf3c77
Instruction ID: 145b5d959252a8834dfab02141e56fb56687b8e84297753b47bc4fbcbc813762
Opcode Fuzzy Hash: e31df5af76d82348915e4da0c79c48234ad258cb19a27fe1b6a8f917eeaf3c77
Instruction Fuzzy Hash: 42B19DB3F1122547F3444E38CCA83A27653EB95310F2E82788E986B7C9D97E9D099384

Function 003D640B Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82369be5b6e527ce4cfc6c525edaee22a57040205c1af60bedd8c3b07412bdbe
Instruction ID: dfeea85989537248c611f6210f5d31a5b260979934250c379a1f6393b74380dc
Opcode Fuzzy Hash: 82369be5b6e527ce4cfc6c525edaee22a57040205c1af60bedd8c3b07412bdbe
Instruction Fuzzy Hash: 36B159B3F2162547F3944878CC583A261839BE5320F2F82798E9C6B7C5DC7E9D0A5384

Function 003FA00E Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9edc343d82aed345de911e5d7595da909646a718c3122425b1aa23a539460662
Instruction ID: 13bfce9d96b66a88a61ee6222584e69fd9025a02f95dcf1d13530207417ed029
Opcode Fuzzy Hash: 9edc343d82aed345de911e5d7595da909646a718c3122425b1aa23a539460662
Instruction Fuzzy Hash: CAA19EF3F516254BF3544928CC983A16683DBD5320F2F82788E8CABBC5D8BE5D0A5384

Function 0045414B Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ffa45822fa4d54b50689ab418ebd800ffbef4c3487e766e959b4951fd79ec8d
Instruction ID: b2653c15cd8453e54ceb8802b8a365a061eb1543b44f6e6d95bbd3010074bd9f
Opcode Fuzzy Hash: 9ffa45822fa4d54b50689ab418ebd800ffbef4c3487e766e959b4951fd79ec8d
Instruction Fuzzy Hash: 09A19BB3F5122547F3544D29CCA83A27683EBD5314F2F82788E886BBC9D97E5D0A5380

Function 004421DD Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0074089014ef02b2c5bab2b1f7a038326bba172fe318192d74ebf8779b1a4bbb
Instruction ID: 6d6fbc18fdfa1a0e40e9fd303c2e2f66bfd14f05d6b76b3418227b6f5d70db48
Opcode Fuzzy Hash: 0074089014ef02b2c5bab2b1f7a038326bba172fe318192d74ebf8779b1a4bbb
Instruction Fuzzy Hash: 18A18EB3F1162107F3544978CDA8362A6839BD5314F2F82798F98AB7C9D8BE5D0A43C4

Function 003FE31F Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bebea4127dbfa79a71fea1850e28b7320ef36e3574320eee87ed55848853504b
Instruction ID: 570999e02cf0fbf298fa687163930bde0670787a1ee0cc40cc91fbdc4846ad18
Opcode Fuzzy Hash: bebea4127dbfa79a71fea1850e28b7320ef36e3574320eee87ed55848853504b
Instruction Fuzzy Hash: 4EA16BB7F1112547F3584928CC683A26683E7E4324F2F82788F89AB7C9D97E5D465384

Function 003F0444 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7fbfaead14b552668714c7028033160f35b3ec2433e650efdda38fd94a2fa5
Instruction ID: 36a85baa5de9da77be7fd82e5870a39d4f0467819d850a37b8a9491935fc65b3
Opcode Fuzzy Hash: 8d7fbfaead14b552668714c7028033160f35b3ec2433e650efdda38fd94a2fa5
Instruction Fuzzy Hash: FCA18FB3F1162447F3044D29CCA83A27683ABD5724F2F81788E89AB7C9D97E9D4653C4

Function 004830D0 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 670e1a55fadba7118e552a4ea2545e370c4b931de259f4eb29b946c4cd67fb6d
Instruction ID: 0bf8f250a9dd9e8b9d4168e7ca68bef0dd3db9f365f2c4735dfddd065c8be23d
Opcode Fuzzy Hash: 670e1a55fadba7118e552a4ea2545e370c4b931de259f4eb29b946c4cd67fb6d
Instruction Fuzzy Hash: 96A1CCF7F602214BF3544D39CDA83616682DBE1724F2F82788F99AB3C5D8BE5D094284

Function 00433031 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 573964197e8e2c8396e1634c39824e3cd8c3eef25a39130e08c22118ca5b5b92
Instruction ID: 60963a1baf7785a0f50dbfd01543ff53490e3640c661e3e964c6e554ca05237c
Opcode Fuzzy Hash: 573964197e8e2c8396e1634c39824e3cd8c3eef25a39130e08c22118ca5b5b92
Instruction Fuzzy Hash: 08A19CF7F5122147F3584968CCA83A266839BE5324F2F42788E9C6B7C5D8BE5D0653C4

Function 0049C371 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23d3cec5c689a2ef83e75ddb3884b76325450d205a0bb2c15b800ff3e8e0f700
Instruction ID: c5f717ecfdec3676490d134ea8050a0fad5b28ac54c89c51adba0604800fe52b
Opcode Fuzzy Hash: 23d3cec5c689a2ef83e75ddb3884b76325450d205a0bb2c15b800ff3e8e0f700
Instruction Fuzzy Hash: 0DA1CFB3F1162147F3444979CC983A166839BD5324F2F82788E8CAB7C9DCBE5D4A5384

Function 003740DF Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac0af44eb53ba291eb8480645e5bff1c54c29f6c87bd7f3876da635e52015735
Instruction ID: b64bf862042d6c21c760d5b7d4a74b3a1022dc04647f8a1edc172416a8224bb4
Opcode Fuzzy Hash: ac0af44eb53ba291eb8480645e5bff1c54c29f6c87bd7f3876da635e52015735
Instruction Fuzzy Hash: A3A127F3F1122547F3544879CDA83A265829BE5320F2F82788F9DABBC5D8BE5D0952C4

Function 0040E0B7 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45917e67ded7bdf2dfd09039683e4bbe3c3b10ccc09996bed13cef948829512e
Instruction ID: c013d948081d5aa43a360cd4651bb24816f911aea3165c3674727d754092553f
Opcode Fuzzy Hash: 45917e67ded7bdf2dfd09039683e4bbe3c3b10ccc09996bed13cef948829512e
Instruction Fuzzy Hash: 40A16CB3F1122547F3544D79CD983A1B693EBD5320F2F82388E88A77C9D9BE9D065284

Function 003E8075 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ffded357f5bed00116bd354892b049c6ed4971c7d41c12e1efa323284220545
Instruction ID: 1e8410208a36ef350de6584c989c258e4e3966590af39dfbc320da90ae9b4816
Opcode Fuzzy Hash: 6ffded357f5bed00116bd354892b049c6ed4971c7d41c12e1efa323284220545
Instruction Fuzzy Hash: E9A1AEB3F2022547F3584968CCA83A26643DBD5720F2F82788E8CAB7C5D97E9D4953C4

Function 0039E020 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db7ba585ce4fc9d54761629d2b42290a3cd7bb3f8dea38abb894c712fa00dac7
Instruction ID: 8f6c625bc82609540b4477a84426822b69d63fa8fb918650880b71bbd44e07d4
Opcode Fuzzy Hash: db7ba585ce4fc9d54761629d2b42290a3cd7bb3f8dea38abb894c712fa00dac7
Instruction Fuzzy Hash: ECA18BB3F1122547F3548D39CD983A26683E7D5320F2F82788E98AB7C9D87E9D465384

Function 003541E5 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47aa5af6e1b751a1d17c4e692a493fc0252ef9ee01beeac9ac527b3eef2d41d9
Instruction ID: 8657fb70151f37afe10944900aaf07981863e402187a3a7ebb6c96b34e86265a
Opcode Fuzzy Hash: 47aa5af6e1b751a1d17c4e692a493fc0252ef9ee01beeac9ac527b3eef2d41d9
Instruction Fuzzy Hash: B7A18FB3F1162147F3484D69CCA4362B283EBD5324F2F82389E59AB7C5D9BE9C495384

Function 003B7112 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f360f356f6793b56fb9b493a32fb4514a03c9f3f0cd82a27c8eeb7d7e748d54
Instruction ID: ed81e3555a3b0e2458032d884afeef3398457c0c59d0ce1af7e765b10e777af2
Opcode Fuzzy Hash: 3f360f356f6793b56fb9b493a32fb4514a03c9f3f0cd82a27c8eeb7d7e748d54
Instruction Fuzzy Hash: 0DA1AEB3F2162547F7444979CDA83A16683EBD5311F2F82388A889B7C9DCBE9D095384

Function 003684AD Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbd55ed8c19898909cacc258750e9d2b70bb752c00b77f8b2bf501ca5e774c72
Instruction ID: 9fbf7e1cd6a08a8278e0a51197f4ae39f031660a16541dc8813adc699735214d
Opcode Fuzzy Hash: cbd55ed8c19898909cacc258750e9d2b70bb752c00b77f8b2bf501ca5e774c72
Instruction Fuzzy Hash: 90A16DF3F5112547F3584939CCA83A22583DBE1315F2F82788F59AB7C9E87E5D0A5284

Function 0045A598 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e3fedfca59910956928e9cb06381b6539a655dba5bced0738fac5c24afef64
Instruction ID: 34ca5d580198bc6d58d2d75dcb911e72b35e58f8fb521a043e486ae88f407187
Opcode Fuzzy Hash: 29e3fedfca59910956928e9cb06381b6539a655dba5bced0738fac5c24afef64
Instruction Fuzzy Hash: B4A18FB3F5122247F3540928CCA83A26683DBD5724F3F82789E58AB7C5D97E9D0A53C4

Function 0043B13A Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6cc7a8ea3427834a4c1e5af67ab6c1be23eeafa5c5bc386efdbdebe376547e5
Instruction ID: dcb3afccb3ff2eaa056139580796c77da10a7847c2ae7b9e25155a42480343ab
Opcode Fuzzy Hash: d6cc7a8ea3427834a4c1e5af67ab6c1be23eeafa5c5bc386efdbdebe376547e5
Instruction Fuzzy Hash: B7A168F7F5062547F3040D79DCA83A16683D7A5724F2F82788E88AB7CAE87E5D065384

Function 00478246 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af67072d5a779cb7b97e1822628bbdd87288d359d78d756729fda641f03cefa0
Instruction ID: d68ca36af5b579114b1ec468a80b8b3b2db507a4811b37673ac68d14991c5172
Opcode Fuzzy Hash: af67072d5a779cb7b97e1822628bbdd87288d359d78d756729fda641f03cefa0
Instruction Fuzzy Hash: 47A17BF3F516254BF3584978CDA83A22582E795314F2F827C8F89AB3C5E87E5D095384

Function 00446374 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca0bfde8eded27e3034a54b9be637cfe90d718f51f81c5cce084a8f4ffddbf4d
Instruction ID: fb8736d0def4f07f175ae7ed965cdac663f9739341376d97f18f3dd96319ddc9
Opcode Fuzzy Hash: ca0bfde8eded27e3034a54b9be637cfe90d718f51f81c5cce084a8f4ffddbf4d
Instruction Fuzzy Hash: 1DA157B3F102214BF3544939CD683A26A839BD1324F2F42788E9CAB7C5D8BE5D4A53C4

Function 004583C5 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ddeb47224aa618df725c5111b401692633ca029565b3ead66785615981b7c5e
Instruction ID: cca3790c6ab10db49bc9470e69eedb9d895b540b767d24e61aa57f4d4578a9b2
Opcode Fuzzy Hash: 7ddeb47224aa618df725c5111b401692633ca029565b3ead66785615981b7c5e
Instruction Fuzzy Hash: 77A1AFB3F111254BF3484D69CC683A27293EBD5324F2F81788E49AB7C5D97E5D0A5384

Function 003A6493 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eca27a8e64eb432beebb4d56e0270f963f50bce6bb0a03e52f6245d8a113b07
Instruction ID: da3250e20f0752ecb7f3f4ea6c612d968caeb608a98b028f925e9a43001d6185
Opcode Fuzzy Hash: 3eca27a8e64eb432beebb4d56e0270f963f50bce6bb0a03e52f6245d8a113b07
Instruction Fuzzy Hash: 22A18EB7F1122547F3444978CCA83A26683DBD5720F2F82388E989B7C6DD7E9D0A5384

Function 003E512A Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3071658ea84333f4ef97f7f68ee0aea4eae702ea123c8bbbda3e0a40be579a1b
Instruction ID: facdc18639753bd63a30be8429a0c63d3a1a75e52643913fb5d6a6bd9cc5463a
Opcode Fuzzy Hash: 3071658ea84333f4ef97f7f68ee0aea4eae702ea123c8bbbda3e0a40be579a1b
Instruction Fuzzy Hash: C7A19FB3F1122547F3504979CC983A1A693E7D5324F2F82388E58AB7C6E9BE5E0953C0

Function 004623E8 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b834e8fbfb757f80790ea1d40498eceb95ff22460583f1b732801183ed59fe16
Instruction ID: 5feed2dcb4446bf5407656eab430420b070e56dad9c962a0e10f859158b0d179
Opcode Fuzzy Hash: b834e8fbfb757f80790ea1d40498eceb95ff22460583f1b732801183ed59fe16
Instruction Fuzzy Hash: 88A19AB3F5022547F3544975DDA83A26683DBD9310F2F82388E4CAB7C9D9BE5D0A52C4

Function 003E651B Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db7dd8fbe2a8a505a0973fe368fe91971fce612c149ca55756bfd73898945ad2
Instruction ID: 71dbfa7b1b7995c0d9662d99c341c46a75d88531ecd90506044cbafe02a39060
Opcode Fuzzy Hash: db7dd8fbe2a8a505a0973fe368fe91971fce612c149ca55756bfd73898945ad2
Instruction Fuzzy Hash: D7A16DB7F5162547F3544829CCA83A22583DBE4324F2F82788E9CAB7C9D87E5D0A53C4

Function 00440006 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c213e4e0c4e91315a0f9265bfc23d55605f004a6d202aa04efd96358fa6aaf6
Instruction ID: c3c0a67dc5357094464be3e0cf49275528461d61d2e1be115e87a4b135287b03
Opcode Fuzzy Hash: 4c213e4e0c4e91315a0f9265bfc23d55605f004a6d202aa04efd96358fa6aaf6
Instruction Fuzzy Hash: 23A17CB7F102254BF3544D68CCA83626683EB95310F2F82389E89AB7C5E97E5D0953C4

Function 00496268 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe2a2ab38d642875e3d438a25ee317ffd564c65d8cc7f8a059cf077fdc42dde
Instruction ID: de23a70f789071e08220b5064dde88e2857adba78795bfa86c1342dd7ab7df03
Opcode Fuzzy Hash: 1fe2a2ab38d642875e3d438a25ee317ffd564c65d8cc7f8a059cf077fdc42dde
Instruction Fuzzy Hash: D9A17AB3F1022547F3544D28CCA83A26683ABD5724F2F82788E8C6B7C5D97E6D4993C4

Function 0036A4A5 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a34f1c9b8824f0f219a8adbd149ae30ab8aac0491b423c77a0c46b6e6a19f629
Instruction ID: f9c9fdbc1948e3704a9c1bba8419e5fd3baacf90aa53bb516cb436e4f1c1a73a
Opcode Fuzzy Hash: a34f1c9b8824f0f219a8adbd149ae30ab8aac0491b423c77a0c46b6e6a19f629
Instruction Fuzzy Hash: C6A1AFB3E1153547F3500968CC583A2B292EBA5320F2F82788E9CBB7C5D97E9E0953C4

Function 00408659 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07aedc3f3cb2fa124d854132518fe9d0aefcd08accbd05775e26133d5bba3850
Instruction ID: f95ca1315785579a6c13a5b358ed16f6e73a6ccf2bb5596ad5a636130c5c4b72
Opcode Fuzzy Hash: 07aedc3f3cb2fa124d854132518fe9d0aefcd08accbd05775e26133d5bba3850
Instruction Fuzzy Hash: F0A148F3F1152507F3584839CD6836265839BA5320F2F82388E59ABBCADC7E9D0A5384

Function 0039507D Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ef5dfd16e666d08ecd1af84335c155afed19efa937833247f571ce52b7f99e4
Instruction ID: 783ba6455a914b554fd4880fd8d2bc3bf373ed2c1d9dc228a88d7688c934542c
Opcode Fuzzy Hash: 0ef5dfd16e666d08ecd1af84335c155afed19efa937833247f571ce52b7f99e4
Instruction Fuzzy Hash: B491ABB3F6052147F3584938CC683A16682DBD6324F2F827C8E89AB7C9D87E9D495384

Function 0048C080 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 813f968238844044802b5258818ebe3b72b0ca6305a63396cf5b1c2381f2fa23
Instruction ID: 61f4696cedfee1db3ed8266e575af8ac6e6f02232aadafa6e7b0f6a99df57b19
Opcode Fuzzy Hash: 813f968238844044802b5258818ebe3b72b0ca6305a63396cf5b1c2381f2fa23
Instruction Fuzzy Hash: A4A1ACB3F5122547F3444968CDA83A26683D7E5720F2F82388E5C6B7C9DCBE5D4A5384

Function 003902C1 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74ea6d69b828cbd826007c6bedaddbafad0f0f25ecad6a89628c07633802d9b0
Instruction ID: 199b52121eb549fc483608c06677f48d344d8c8d8bd251699ec3134283e10d49
Opcode Fuzzy Hash: 74ea6d69b828cbd826007c6bedaddbafad0f0f25ecad6a89628c07633802d9b0
Instruction Fuzzy Hash: 7EA189B3F1122547F3544968CC683A27693ABE1324F3F42388A8D6B7C5E97E9D0A53C4

Function 00424172 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46a7935c4f28042dddf04b9a3220a1c1559b028885cf41e089e568a5a85ebb03
Instruction ID: 51a44f1d201c6357e3f6d3b39463f90626cc7ef62f4f33c1bb0d1fd0c08ef836
Opcode Fuzzy Hash: 46a7935c4f28042dddf04b9a3220a1c1559b028885cf41e089e568a5a85ebb03
Instruction Fuzzy Hash: 53A179B7F112254BF3844978CC683626683E7D5314F2F81788E88AB7C9D87E9E0A53C4

Function 00419116 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3ac8d992f02ac83cf4b2022890cad6ae746c22a7946f4fa9a3a5c203bad0e3
Instruction ID: 98673dd42b99fd24911f70c6c203ce4d2955db03233a036a4edc452323d27076
Opcode Fuzzy Hash: bd3ac8d992f02ac83cf4b2022890cad6ae746c22a7946f4fa9a3a5c203bad0e3
Instruction Fuzzy Hash: D6A19CB7F102254BF3984978CDA83A23653EBD5304F2F81788E496B7C5D8BE5E4A5384

Function 004981EE Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 991a2ab9631e9aea6b379360fd67dd3d73b3cef5442968f01cc9ee6290377a1d
Instruction ID: 65a8e9e23460c4016208a39bcc6133a3999175fbd4b383dd101b433149bdd9fa
Opcode Fuzzy Hash: 991a2ab9631e9aea6b379360fd67dd3d73b3cef5442968f01cc9ee6290377a1d
Instruction Fuzzy Hash: 4E9169F3F1152507F3544939DD6836266839BE1718F2F82788E49AB7CAEC7E5D0A4384

Function 004950D5 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a9f295b06a9f880a17fd6fb0a9f8c4c5d28ef7f87d9c6b83fd62b8cde27660
Instruction ID: 8a701cf5390a6fa4acfd4dc69b098df83d32db2e383818f65891ba200f5ebbf6
Opcode Fuzzy Hash: 24a9f295b06a9f880a17fd6fb0a9f8c4c5d28ef7f87d9c6b83fd62b8cde27660
Instruction Fuzzy Hash: C9919BB3F1162547F3544928CDA83A26683ABD5324F2F82788E9C6B7C5ED7E5D0A43C4

Function 00484268 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a471a19c0f62f0ccb615d492a4517e89569f1c4349e8bf4e3e12fb3f3556dc5d
Instruction ID: c10b7a6f92a39f8664b0ad8ee491cedbc991f4cd81bc12621b415473152e19e4
Opcode Fuzzy Hash: a471a19c0f62f0ccb615d492a4517e89569f1c4349e8bf4e3e12fb3f3556dc5d
Instruction Fuzzy Hash: EB9134F7F5122547F3444879CCA83A26683A7A4318F2F82788F896B7C6D87E5D4A43C4

Function 0044E455 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97056873b71c13ba17c2c1fff93d5d7117d882713dcce43a4dc496aada35178a
Instruction ID: a0178869e7be7ec1e7df1fab9d4d0c7eab742134ea327448083e8681908e3224
Opcode Fuzzy Hash: 97056873b71c13ba17c2c1fff93d5d7117d882713dcce43a4dc496aada35178a
Instruction Fuzzy Hash: 789138B3F512254BF3944978CD993926583A791320F2F82798F9CABBC6DC7E5D0A1284

Function 0037233C Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61668e3472f39520418dfa7003f75abd6f5982d882362683bfae9df7cc2f7004
Instruction ID: e0bd5624227b5100b16797138deac5be93a9ef1dbfed959c1ca07f99a1a0905b
Opcode Fuzzy Hash: 61668e3472f39520418dfa7003f75abd6f5982d882362683bfae9df7cc2f7004
Instruction Fuzzy Hash: 2E918CB3F6122547F3544D68CCA83A27283EBD5310F2F82788E896B7C5D9BE5E495384

Function 00402330 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2256c1e34eab400d2f8c0d3cf0ec3f4040a83e09da81fec637c91a7e935c00b3
Instruction ID: 2e942da07c54e6fdb32910ee454e772793b0d0c93b17fb55cb15f725cb080215
Opcode Fuzzy Hash: 2256c1e34eab400d2f8c0d3cf0ec3f4040a83e09da81fec637c91a7e935c00b3
Instruction Fuzzy Hash: 9E915AB7F1112447F3104E28DCA83A1B693ABD5724F2F82788E8C2B7C5E97E5E059384

Function 0042C166 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1588dc68633a9feb1f45145c8a2d10b61621bc9f4170affc4609eb5be97776c
Instruction ID: e5062a294a3ee900bf1db0c40af37f77bfc09baad438b0ef104585052823b066
Opcode Fuzzy Hash: a1588dc68633a9feb1f45145c8a2d10b61621bc9f4170affc4609eb5be97776c
Instruction Fuzzy Hash: 679160B3F1162547F3544979CCA83626583E7D5720F2F82788E98AB7C9D8BE9E0943C4

Function 0046C5F9 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b807aa3b2751ea082b0fd7cbd4cb412cf6f4e8c8f7aa74e97470772ea419262c
Instruction ID: 6279296670f0bb806523e7d27f59c6b375a9bc6caa2184b5d5f00b5dc8659e92
Opcode Fuzzy Hash: b807aa3b2751ea082b0fd7cbd4cb412cf6f4e8c8f7aa74e97470772ea419262c
Instruction Fuzzy Hash: 479168B3F612244BF3544929CC983A27643A7D4324F2F82788E8C6B7C9D97E5E0A57C4

Function 00430366 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dc26d340df43ac6f0d05f0b9c0085c4367a05b99d950e058e33de72586912b5
Instruction ID: 54dbb9dd78331df49d8e5d6b434ad548d4d538853a2ee7afe56d3e21fdc1b5a2
Opcode Fuzzy Hash: 2dc26d340df43ac6f0d05f0b9c0085c4367a05b99d950e058e33de72586912b5
Instruction Fuzzy Hash: A5917DF3F5122107F3544878CDA83A16583DBE5314F2F82788F596BBCAD8BE5D4A5284

Function 0036437E Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80d2c7d59c9f295fb62255f330fcf8fa3c534979426410d253003fd93d370cac
Instruction ID: 55d81ac16362210bb71f764b7ab891a73502dde94c2c417a1477a5c308c48c22
Opcode Fuzzy Hash: 80d2c7d59c9f295fb62255f330fcf8fa3c534979426410d253003fd93d370cac
Instruction Fuzzy Hash: 66917AB3F1122547F3544928DC693A26683E7D5324F2F82788E8CABBC5D97E9D0A53C4

Function 0044046A Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cc3bb7b2994bf33dcc4e6b26ff53ad39e1c8d99be0fbab3a584ec89387f9690
Instruction ID: c982fa161d8363de3d5accaf93553fca7bc5b5c963746f8e34230e234075140f
Opcode Fuzzy Hash: 0cc3bb7b2994bf33dcc4e6b26ff53ad39e1c8d99be0fbab3a584ec89387f9690
Instruction Fuzzy Hash: CD9168F3F5122507F3544978CD983A266839BA4321F2F82788F8C6B7C5D97E5D4A5384

Function 0035E2E6 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ad61bd0d878646a1702406bffa6684043de644311f8dc7544a8b67b12219138
Instruction ID: b8be21e21e2516966043db856ac4d5212882ba6f868ce7c9520cb06c7116344f
Opcode Fuzzy Hash: 4ad61bd0d878646a1702406bffa6684043de644311f8dc7544a8b67b12219138
Instruction Fuzzy Hash: E7916BB3F1022547F3584939CCA83A26583EBD1324F2F82788E996B7C5D87E5E4A5384

Function 0039C381 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48747b48c85468735cf47269cf8c8ea315f3a6870b47dda81323a291ffecf3c7
Instruction ID: f8dfeaaf815d5d6c38090a109f3254bf0872da61ffd9412b69aabb9230c5a384
Opcode Fuzzy Hash: 48747b48c85468735cf47269cf8c8ea315f3a6870b47dda81323a291ffecf3c7
Instruction Fuzzy Hash: D1918EF7F112154BF3144939CD683A12683DBD5324F2F82788B89ABBC9D87E9D4A5384

Function 003A5143 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1113de1f098d2da3e873d5336b8082f53723fcf04e6c3ceff2e09af0fa0b3b4d
Instruction ID: 796d066a2a622b293d834d0d6d6611599c1082d2ef068261981fb86ec44fd5a8
Opcode Fuzzy Hash: 1113de1f098d2da3e873d5336b8082f53723fcf04e6c3ceff2e09af0fa0b3b4d
Instruction Fuzzy Hash: AE918DF3F5022147F3544978CD583A166829B95324F2F82788E8C7BBC9E97E5D4A53C4

Function 004263AD Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 890745449a62fb1fab6807e0e9cac78146089dadf4c6169f277159f297427978
Instruction ID: 25595904683e4c36fb7c32c025ea705a917f994ffa20ab294e6a821602eee045
Opcode Fuzzy Hash: 890745449a62fb1fab6807e0e9cac78146089dadf4c6169f277159f297427978
Instruction Fuzzy Hash: 899180B3F6162547F3444D78CC693A22583D795720F2F42388EA99B7C5DC7E9D095384

Function 003C5028 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0e61f110a34ae73979ed0e3fd9d9e603f64951d085a9a47700a98c5968adc0b
Instruction ID: 71b60c8708dcef30f2a2f82b91a8eb6457d87a9ce9a7137c37a387a814221a5b
Opcode Fuzzy Hash: f0e61f110a34ae73979ed0e3fd9d9e603f64951d085a9a47700a98c5968adc0b
Instruction Fuzzy Hash: 37919DB3F512254BF3544974CDA83A26683DB95314F2F82388F896B7C6E8BE5D0A53C4

Function 004523F9 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b66eb1d914ca6a41175a638821f9966ae5a19505cfe551acbe31b3a80019672
Instruction ID: d33d779299b197dd58c2714c3a8ef09a4cd332cc18f38c2f41cc3baf596574d4
Opcode Fuzzy Hash: 9b66eb1d914ca6a41175a638821f9966ae5a19505cfe551acbe31b3a80019672
Instruction Fuzzy Hash: FD9138B3F1022547F3544D69CC983A2B693AB95320F2F82788E8C6B7C4E97E5D4993C4

Function 003CC596 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f9b8fe91676553a942f8e285dc67912ddf5d573f64443ba9cfa1f90de917f7
Instruction ID: 97456ac8ae95b97cf7595ada73a9e1824afcd474a7809f82179add43a0fd077b
Opcode Fuzzy Hash: 22f9b8fe91676553a942f8e285dc67912ddf5d573f64443ba9cfa1f90de917f7
Instruction Fuzzy Hash: 72918AB3F1122547F3544D68CDA83A2A683EBD1721F2F82788E896B7C5D97E5D0A53C0

Function 003AD0F4 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8f19d6031ee10dc9f5b80e69236e0981376de42dd1bb91bdb2b860332f5fef8
Instruction ID: e512cf7c9cbc78f6a3f4ad369187b770dd635b384b3aed88530f220298c7723b
Opcode Fuzzy Hash: b8f19d6031ee10dc9f5b80e69236e0981376de42dd1bb91bdb2b860332f5fef8
Instruction Fuzzy Hash: C0919DB3F502254BF3144D29CCA83A17683EBD1314F2F42388E89AB7C5D97EAE065384

Function 0048E1B5 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c121528613824d61b6bb333fc589103ce85d42c2a3258575e32f2fc9052c10a
Instruction ID: ac00a39bc5a74814649c9e9cd877e920955c58c4b6b7277fe462460d094673ee
Opcode Fuzzy Hash: 5c121528613824d61b6bb333fc589103ce85d42c2a3258575e32f2fc9052c10a
Instruction Fuzzy Hash: D39189B3F106214BF3544D28CC683A27683ABD9320F2F82788E996B7C5D97E5D0A53C4

Function 003F2274 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44cbde9bbc57228ba69c98946b87041351ba1c07dceff2437128a49d112a3ecc
Instruction ID: 79c1cd82726fed44c03bfc78fe1a9dce439acdb2caf5c129120eea153aa2b2b7
Opcode Fuzzy Hash: 44cbde9bbc57228ba69c98946b87041351ba1c07dceff2437128a49d112a3ecc
Instruction Fuzzy Hash: 569169B3F1122547F3544939CCA83A26692ABD5320F2F82788E5C6BBC8DD7E5D0A53C4

Function 003A607F Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27a8f3452541694ece8e7488a08bea2b484f375409381db1c0aae4ebbb54b7e9
Instruction ID: 926172edfcb2de681c32759e18742273cd61d07aea0be76beb89da30497163cc
Opcode Fuzzy Hash: 27a8f3452541694ece8e7488a08bea2b484f375409381db1c0aae4ebbb54b7e9
Instruction Fuzzy Hash: 2291A0B3F1162647F3444978CD983A26683DBE5320F3F82389E589B7C9DDBE9D065284

Function 0040A3C7 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f787c0dbd7989ec8dc22d7186ded7ea3e0593d0d8e256b808dc43dc09a63cd4
Instruction ID: c4d7b7045e352cd448845da014e5103bc3c5357925b430226004c0531a0b2720
Opcode Fuzzy Hash: 8f787c0dbd7989ec8dc22d7186ded7ea3e0593d0d8e256b808dc43dc09a63cd4
Instruction Fuzzy Hash: CA916BB3F1122147F3144969CCA83A2B693ABD9320F3F42798E986B7C5DDBE5D065384

Function 003C655D Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be090d5f154ddbbb297a18799e2f5be050e6851a5be26d68f95ef75a13d2877d
Instruction ID: fd066a0a41e95d1bc1c5de724adfc02dac4f43633c8071812555528d79aa7c54
Opcode Fuzzy Hash: be090d5f154ddbbb297a18799e2f5be050e6851a5be26d68f95ef75a13d2877d
Instruction Fuzzy Hash: E1918AF3F1122547F3544928CCA83A176939BE5320F2F82788E8DABBC5D97E5D4A5384

Function 0048F13A Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b091ec095ee858bc7bf54ded125c96e7009cae41a8d4645c988eafa48ce8ebd6
Instruction ID: f0862a03082bc5bb5accc5ce1324b895af11230d20750eb0b51767f9146cb501
Opcode Fuzzy Hash: b091ec095ee858bc7bf54ded125c96e7009cae41a8d4645c988eafa48ce8ebd6
Instruction Fuzzy Hash: BA918CB3F206244BF3484978CD693A27682EBD5310F2F82788E996B7C5D87E6D0953C4

Function 00388293 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7966f64458d27da5b7797d98318ad1ef9cb771f4e778219a17ac1d584b26174
Instruction ID: 8fc99992d5f8ac878bc64cb590ae3f7d58814810fa9438974c3b9e956390a9b4
Opcode Fuzzy Hash: f7966f64458d27da5b7797d98318ad1ef9cb771f4e778219a17ac1d584b26174
Instruction Fuzzy Hash: 5C817BB3F1112147F7084939CD683A66683DBD1714F2F82388B5AABBC9DD7E9D0A4384

Function 00366246 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f338da2a012ee73201c70e4f63bc89ac65281ecf0e342f34bf4bd12ddd853636
Instruction ID: fe49c8a6aaac8beb91e54acab260139a2d63004695b8196eab327cb032e26cbb
Opcode Fuzzy Hash: f338da2a012ee73201c70e4f63bc89ac65281ecf0e342f34bf4bd12ddd853636
Instruction Fuzzy Hash: EE919CB3F212254BF3544E68CCA93A17253EBD5324F2F82788E986B3C5D97E6D095384

Function 003DC3BA Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 139c77b9765a438388bce8f183ff3e72788adfe07cbbe4e7a00dbb4e74c64f4d
Instruction ID: d0b9c9f6cc98a2b186858415714b6ba7b2272807ddfef1fbf0079c1d257cb5c0
Opcode Fuzzy Hash: 139c77b9765a438388bce8f183ff3e72788adfe07cbbe4e7a00dbb4e74c64f4d
Instruction Fuzzy Hash: C5917AB7F2162547F3540928CC643A2A283ABE5320F2F41798E8C6B7C5E97F9D4993C4

Function 0047A077 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fb181db6bacea209c1f76e93a3fc91ff52042c43889b611cfb0833cda9254c4
Instruction ID: fd2c6467c4f34cb2dca565355f9c9f7da0bddb0d33385a31e49c3eb19c394584
Opcode Fuzzy Hash: 8fb181db6bacea209c1f76e93a3fc91ff52042c43889b611cfb0833cda9254c4
Instruction Fuzzy Hash: 519189F3F1162547F3544928CC683A16683EBE1324F2F82388E9DAB7C5E97E9E455384

Function 00397008 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa97c6ebf17f8866eabc90acf3c8f2a817553aa2bcf43807f0e1ae70d3465312
Instruction ID: 5bb9e8f4c5ca7e9b932df345e304df9d1eefff914325b519418619ff59e5eea9
Opcode Fuzzy Hash: fa97c6ebf17f8866eabc90acf3c8f2a817553aa2bcf43807f0e1ae70d3465312
Instruction Fuzzy Hash: 9081AFB3F1122547F3500968CC583617692EBD6710F2F42789E9CAB7C5D97E9D0953C0

Function 00408252 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8be28485fe8ba7c14b7addcc99927c467e67e55c77dec65d1b44b7787d3ff35
Instruction ID: 2b0195f30360f8647e0e50a7fb66cc1e0ef9434755cbfd0d28ade1c489db5ea4
Opcode Fuzzy Hash: c8be28485fe8ba7c14b7addcc99927c467e67e55c77dec65d1b44b7787d3ff35
Instruction Fuzzy Hash: B3915CB3F122254BF3444D68CC983A16283EBD5324F3F42788E586B7C5E97E5E595384

Function 003560CE Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c711b7f823c2bbea93c87c16c4820f016d923521227df0e071a3eb28b3c482
Instruction ID: dcc811c3716122eca66f60d4eea055bafbdd306319c56d9dfbc4c95e84fa98e2
Opcode Fuzzy Hash: 93c711b7f823c2bbea93c87c16c4820f016d923521227df0e071a3eb28b3c482
Instruction Fuzzy Hash: 5A915AF3F1022547F3444968DCA83A26693EB95710F2B81788F89ABBC9D97E5D0A53C4

Function 0041D169 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736578f57f64cfa8f37ea6625528047869d63eaef9b9de9373e2f5a975f53298
Instruction ID: ed751edb2d6694e6820e50fbcf85c9a89d5c871fc2be6305bddd5f5804a863f8
Opcode Fuzzy Hash: 736578f57f64cfa8f37ea6625528047869d63eaef9b9de9373e2f5a975f53298
Instruction Fuzzy Hash: 8691BDB3F1022547F3484978DCA83B23682DB96324F2F427C8A596B7C5DD7E6D4A9384

Function 0042211A Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0905932e3b8a902d1e12178e7452addfb61fe703ce816f0a8d1abe3072af9721
Instruction ID: 38d0a902ef1a9571598f03bf32d7a016b777255e2edbe7ff7e0db991691b57bc
Opcode Fuzzy Hash: 0905932e3b8a902d1e12178e7452addfb61fe703ce816f0a8d1abe3072af9721
Instruction Fuzzy Hash: 58915DB7F2212547F3404929CC683A17243EBE5325F3F82798A986B7C5D97E6D0A5384

Function 00428013 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d728bf72945445c522ddfbc1cf0b7d5b44eaf72cce411f6675230ddcc1c371f
Instruction ID: d08049079fcfffa435ec5514eae5b7501b5e3fd71e931981be499c1a1ec0b2a3
Opcode Fuzzy Hash: 8d728bf72945445c522ddfbc1cf0b7d5b44eaf72cce411f6675230ddcc1c371f
Instruction Fuzzy Hash: 43819DB3F1022547F3544C79CDA83A26683EBE1714F2F82388E996B7C5D8BE5D091384

Function 0034628F Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6543b87fb884b93c89aa17e34e8b65fe20d2a43ac81c106b1bf652265556ed12
Instruction ID: fe196955b1ac3568aaed49f42332f21decd1897848c42c107e18e97eab68e57f
Opcode Fuzzy Hash: 6543b87fb884b93c89aa17e34e8b65fe20d2a43ac81c106b1bf652265556ed12
Instruction Fuzzy Hash: F6917AB3F111150BF3584939CD683A26683ABD5324F2F82788A8D5B7C9EC7E9D4A5384

Function 003703E1 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a9d67723645ea45c55412bdb5020a0599aae5ac31c0e077678a5aad8ae43d6
Instruction ID: 4539a0b3638056d876bd3186ed137db3de790338826ab20aa3548047726605c8
Opcode Fuzzy Hash: 89a9d67723645ea45c55412bdb5020a0599aae5ac31c0e077678a5aad8ae43d6
Instruction Fuzzy Hash: B29178F3F212254BF3544D28CC983A17643EBE5321F2F81788E886B7C9D97E6D099284

Function 00434483 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f74dc109a51845bd619275c77c681ddc42c471008d3d9a941b5772cbe8dedfa6
Instruction ID: d483e75166d015a01915d7a03a4bf1cec7dd0fbd25e3ed59af3adbfbd3a287df
Opcode Fuzzy Hash: f74dc109a51845bd619275c77c681ddc42c471008d3d9a941b5772cbe8dedfa6
Instruction Fuzzy Hash: 65914AB3F112254BF3544929CCA83A17293EBD5720F2F42788E986B7C5D97E9E0653C4

Function 00352456 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63bb652af61b055d7fc595c9c97b0f9f451a75a29c5d802e9be10185ad2e9833
Instruction ID: 8bde32d3f96be5a914071dfec5e3210f8ad51eb7bb0816ff117cad4a968ba1d6
Opcode Fuzzy Hash: 63bb652af61b055d7fc595c9c97b0f9f451a75a29c5d802e9be10185ad2e9833
Instruction Fuzzy Hash: 57917BB7F112264BF3440E28CD683A17693EBD1314F3F42788A986B7C5E97E9D195384

Function 003E10AE Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c7305a9f026ffbcabf528a02758227d0b8359fac2854a4ab8a8ae7afa16c3d5
Instruction ID: 17abf821804e19fa04a102968977f90f4e86c3838bef71b6930df3ed2fc43bcb
Opcode Fuzzy Hash: 7c7305a9f026ffbcabf528a02758227d0b8359fac2854a4ab8a8ae7afa16c3d5
Instruction Fuzzy Hash: BF818CB3F5122547F3440928CDA83616683ABE5720F3F82398E9D6B7C5ED7E5D0A4384

Function 00470286 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21d7a127077d3ce6b34c70f7e1b3eaf1ce2b12a4da58d908da78be74dfe19193
Instruction ID: bb2f5e303ceb811896f9f6375aba7dd426178b670717a817ed73fea4bfe2fa68
Opcode Fuzzy Hash: 21d7a127077d3ce6b34c70f7e1b3eaf1ce2b12a4da58d908da78be74dfe19193
Instruction Fuzzy Hash: E881AFB3F112254BF3044E28CCA43A17293EBD6720F2E42789E595B3C5E97E6D09A384

Function 0041428E Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abfbc63857ef3e9d092d5e73b710bd5439ccf6bed2fb4ea58a2912bbc113f227
Instruction ID: 01abf2cc35d97964674337eec2f3e2650c2db3cd9abcacd98ce17bacf996ef04
Opcode Fuzzy Hash: abfbc63857ef3e9d092d5e73b710bd5439ccf6bed2fb4ea58a2912bbc113f227
Instruction Fuzzy Hash: 21917CF3F1122547F3444928CCA83A17283EBE5310F2F82788B999B7C5E97E5D495384

Function 0049A309 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e8a4eac2a8e209cdcaf592cb455db2e37b42418de68489e5ab36ec002e2538d
Instruction ID: 9f1f0c4f7f0c736b0d417df4dd21ea8acd64a2741251e8a1ece5e2d8bfdb4e56
Opcode Fuzzy Hash: 0e8a4eac2a8e209cdcaf592cb455db2e37b42418de68489e5ab36ec002e2538d
Instruction Fuzzy Hash: ED8158B3F1112547F3504929CC583A26683ABD5724F3F82788E9C6B7C5ED7E5E0652C8

Function 0042A40D Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba344f95079489caafa182d12c4317a585409dc2c5d8b3551da3c9e6bdb9a9ef
Instruction ID: 6d3e16b9cf7f0467184ceaa94bbbd4354f0bb0d0e27229891bb6606fe4cb6199
Opcode Fuzzy Hash: ba344f95079489caafa182d12c4317a585409dc2c5d8b3551da3c9e6bdb9a9ef
Instruction Fuzzy Hash: 3C818DB3F1122147F3444D69CC983A26683ABD5314F2F82798E886B7C5EDBE5D4A5384

Function 0041E400 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9556094eee35cad07ef48819babe5262b20fa4dc4e00ece2c62fbad32301e05e
Instruction ID: 86f5b023a52a558ee25955b7e529c4848127029cb20326a7e3ff8f76d40222f3
Opcode Fuzzy Hash: 9556094eee35cad07ef48819babe5262b20fa4dc4e00ece2c62fbad32301e05e
Instruction Fuzzy Hash: F98159F3F502254BF3544979CD683A266839BE1310F2F82788E986B7C9D8BE5D4953C4

Function 0044E0C2 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df989b5121d824926cd4547cf358a817b83850274f83b7888cb2a7b79492e40b
Instruction ID: 832552c7a1563874b46c8a03a9b4fe84f0870547fbccbe9b056f1baed808c45c
Opcode Fuzzy Hash: df989b5121d824926cd4547cf358a817b83850274f83b7888cb2a7b79492e40b
Instruction Fuzzy Hash: 25819EB3F502254BF3544E79CC983A27693EB96310F2F41788E886B7C5D97E5D095384

Function 0043A299 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3358d3e6c743801f756e5e871a0b1d87713c03d4c8a68ee85495b3e2436d424
Instruction ID: 46d3bc564b02be9bc123286648755cf2e1b72904eeee6bdcdc377c03f94c3dd6
Opcode Fuzzy Hash: e3358d3e6c743801f756e5e871a0b1d87713c03d4c8a68ee85495b3e2436d424
Instruction Fuzzy Hash: 2A81ADB7F6122547F3540928DCA83A17283D7E5320F2F42798E98AB3C2E9BF9D055384

Function 0040C5C8 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b48f3c61dda217a23756d5859be95d267c00aaa19979f10e85b828acc7ef61
Instruction ID: b33dd837f1e0962cb930a9c0468d741976b9480e7e79203671cd52837e292b8a
Opcode Fuzzy Hash: 61b48f3c61dda217a23756d5859be95d267c00aaa19979f10e85b828acc7ef61
Instruction Fuzzy Hash: 2C818EF7F116254BF3504878DD683616583DBE5324F2F82398E9CABBC9E87D8D0A5284

Function 004185AF Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4f7a7cca3d70b418eafa958845509772f614ce8730d5baa78db2a94b905cc9
Instruction ID: 32bd095ce51e3bdd025a3acecafff2c41a4fb4834e571a5dada0ac6088fead9a
Opcode Fuzzy Hash: 3e4f7a7cca3d70b418eafa958845509772f614ce8730d5baa78db2a94b905cc9
Instruction Fuzzy Hash: EC816DB3F5062447F7444879DCA83A2618397D5324F2F81788F49AB7CAD8BE9D4A53C4

Function 00396365 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1873958bf6369965b9f6466ff619dba889c8a7ceafd3b3e5a6f9957ef92a856f
Instruction ID: 52b5a4b33f30522e593ddde0ea0640cf488e69b3f0885a562bc55fb2da40fc97
Opcode Fuzzy Hash: 1873958bf6369965b9f6466ff619dba889c8a7ceafd3b3e5a6f9957ef92a856f
Instruction Fuzzy Hash: 45817CB3F1022147F3644D79CCA83A16683A7D5324F2F82789E9CAB7C5D87E9D4A5284

Function 003771AD Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f8c0c7af72e481d8879d0fdc3643a2c1e4c9593312ada852ae6bd90f5a80013
Instruction ID: ddad08fd8c4aa21492067118732e9b70baedc0aa9c82d8a3ed58b42c2659ecef
Opcode Fuzzy Hash: 9f8c0c7af72e481d8879d0fdc3643a2c1e4c9593312ada852ae6bd90f5a80013
Instruction Fuzzy Hash: 93817CB7F102244BF3444D29CC983627283DBE5310F2F81799E89AB7C5D87E5D0A5384

Function 003EA297 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e6666de4e09ab318aa4b5b43a3f7748d80dd31cd60e90aa2c38617a31348ca6
Instruction ID: 0a15d0306ea12c38e633aa4e014374aeb3d4d579766582ddc10625c36e6226c8
Opcode Fuzzy Hash: 4e6666de4e09ab318aa4b5b43a3f7748d80dd31cd60e90aa2c38617a31348ca6
Instruction Fuzzy Hash: 40817EB3F1122547F3544929CCA83A27643EBD5311F2F81788E886B7C9D97E5D4653C4

Function 003C243A Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90db332e08c5e1762e132890d7b7c0b4b0763f7e8e3a857c1148a62b5a720d8b
Instruction ID: 7f152b7cd8928e6c9158047dbab8ce4de7f32d96907dabe32a8b1964d33e8219
Opcode Fuzzy Hash: 90db332e08c5e1762e132890d7b7c0b4b0763f7e8e3a857c1148a62b5a720d8b
Instruction Fuzzy Hash: B481BBB7F102254BF3544E28CC683A27243EB95714F2F827C8E896B7C5D97E6E099384

Function 004004C4 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 363cf34be633c1010447385ccac10d193a38e688766849de201823c27e49f679
Instruction ID: 3f1e229c885e6abda917bf07c957697fdf4fcc5ff1bc16cafaa9c93523e24273
Opcode Fuzzy Hash: 363cf34be633c1010447385ccac10d193a38e688766849de201823c27e49f679
Instruction Fuzzy Hash: EF8156B3F1122147F3584978CDA83626683ABD5324F2F82788EAC6B7C5D97E5D0A53C4

Function 00470650 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8295f91abe139c612e619fd913109276f41d7dc0ade577f1d0fec6427d2a01e
Instruction ID: 52b8cd06bde9780111488c9ed4487448adc1e320c0be93f96fc3365e9ff82168
Opcode Fuzzy Hash: e8295f91abe139c612e619fd913109276f41d7dc0ade577f1d0fec6427d2a01e
Instruction Fuzzy Hash: 568167B3F1112447F3584938CCA83A26683ABD5324F2F827D8E996B3C4DDBE5D4A4384

Function 0043106C Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43cccae483d75a74140a4265a7b5b613e9ff668266fbf3f21628cae4cfb1a1d1
Instruction ID: 72f545e29e63102eebed90311d22ba12da72b99f97087cc45442a61ab95d1ea1
Opcode Fuzzy Hash: 43cccae483d75a74140a4265a7b5b613e9ff668266fbf3f21628cae4cfb1a1d1
Instruction Fuzzy Hash: 33716AB3F101254BF3644D79CC643A2A283ABE5324F2F82788E98AB7C5D97E5D4653C4

Function 003745C7 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8288bb145a9ef417e29b9a509cc0ff3b7afb12227a1af1c05009d528c9d8e3b6
Instruction ID: 51d2422ef6e50cf2be1bfdabfd105432949aa0ed4c21119c01c5acb6c067d57a
Opcode Fuzzy Hash: 8288bb145a9ef417e29b9a509cc0ff3b7afb12227a1af1c05009d528c9d8e3b6
Instruction Fuzzy Hash: 7B718CF3F1122547F3544928DCA83A26283DBD5315F2F82788E49AB7C9ED7E9D065384

Function 003DA386 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 928d4e2f4f5780955eebe9af3fe108030202082da3f4df655b1b6111c7007ba2
Instruction ID: edbed6b3f503012c76bad430e60d2fd672ca10e9b6c8a4852591b3e9ed6ff2c2
Opcode Fuzzy Hash: 928d4e2f4f5780955eebe9af3fe108030202082da3f4df655b1b6111c7007ba2
Instruction Fuzzy Hash: 4B718AF7F6162547F3504968CCA83A262839BD5325F2F82788E8C6B7C5D87E5E0A53C4

Function 003A03A3 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d963e7d689fc60abe3b6ee7d091ffcb041f276c2e1638cd9b562be70e88593
Instruction ID: d4d310536425a8a998a5fe10ee64abe206ee813623683aa42cc9eb8e4a4ee385
Opcode Fuzzy Hash: e0d963e7d689fc60abe3b6ee7d091ffcb041f276c2e1638cd9b562be70e88593
Instruction Fuzzy Hash: 62717EB3F202254BF3144D78CCA83A17692EB95720F2F827C8E99AB7C5D97E5D095384

Function 003D4270 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13f7f45e8aab17fe10b81723da1e1f434becaf9da6f6652bf002736ea3052b03
Instruction ID: 74fb094cecc3159b64215637bc7f37583905006aae429f1254f533a34428f60e
Opcode Fuzzy Hash: 13f7f45e8aab17fe10b81723da1e1f434becaf9da6f6652bf002736ea3052b03
Instruction Fuzzy Hash: 837169B3E1122547F3904D69CC983527693AB95324F2F82788E8C6B7C5D97F6D0953C4

Function 0047E3C9 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621841ad88b99293c99f55e6873ca912f554f2a586d0dbad1cf1048891e853fb
Instruction ID: 440ff84ca9af9c99a4164271ec9554d909d22e68b90da97005770a66740208b7
Opcode Fuzzy Hash: 621841ad88b99293c99f55e6873ca912f554f2a586d0dbad1cf1048891e853fb
Instruction Fuzzy Hash: 2271B3B3F112254BF3504E78CD983A17692EB95314F2F4178CE48AB7C5DA7E6E099384

Function 003D2571 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65b244d6c5131c09266faeffec4343871189b3afb803929b9c1e5de7ad8c05f5
Instruction ID: c391ae75031bef17272c0c72f6cbed9bbcf330b0391ee9eacfc681ee04fc47d3
Opcode Fuzzy Hash: 65b244d6c5131c09266faeffec4343871189b3afb803929b9c1e5de7ad8c05f5
Instruction Fuzzy Hash: B1718CB7F116254BF3504C78CD983A166839BE5314F2F82788E8C6B7C5E8BE9D4A5384

Function 003E43C7 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d3f1ac1af5f00264beabf33d3ff39ff33ed4cb376223368e58768cc41925e4e
Instruction ID: 0939227c3f0a3fc6b9c8d3dd66907061cc03c3770f92bca7ef2845e718ade096
Opcode Fuzzy Hash: 7d3f1ac1af5f00264beabf33d3ff39ff33ed4cb376223368e58768cc41925e4e
Instruction Fuzzy Hash: 31719EB3F112244BF3444925DC643A2B293EBD6324F2F82788E586B7C5DD7E6E465384

Function 00460644 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cc97fec855b5583940292ab043cff1cbd5ffce138e29789f002cd58722402a6
Instruction ID: 521df65ff10cae84eb0d7a92ccf4d067347d90ae3e51ce287822865565ded978
Opcode Fuzzy Hash: 6cc97fec855b5583940292ab043cff1cbd5ffce138e29789f002cd58722402a6
Instruction Fuzzy Hash: E57191B3F111154BF3504D29CCA83627683EBD5711F2F82788A985B7C9DD7E6D0A5384

Function 003F8607 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59c543e078dd802332953fed0943267ce5694dd114ae4abb40b5be4450644895
Instruction ID: 6902c8264b0c2649885b40c36fe64aa07df9c8e74df9d7fca6bc04ab72ca087e
Opcode Fuzzy Hash: 59c543e078dd802332953fed0943267ce5694dd114ae4abb40b5be4450644895
Instruction Fuzzy Hash: 29719DF7F116244BF3404929CC983922283EBE5715F2F81788E889B7C9ED7E9D0A5384

Function 00490250 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e6476a1fc4893c9cab05b6a4f1818760afe2d03c79df2c654016ffba81d7168
Instruction ID: 54d887a3a7568d61f64dfedb9f3994fda4c9d0a9e013f6fbc88ae8954d7b9708
Opcode Fuzzy Hash: 6e6476a1fc4893c9cab05b6a4f1818760afe2d03c79df2c654016ffba81d7168
Instruction Fuzzy Hash: B8714BB3F1022547F3544D38CCA83626693ABD5724F2F82789E88AB7C5D97E9D0A53C4

Function 003D5008 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9f2280e50f3dffa1ff7a3a0d74ca0b0eac6296f33a9d329d6a99db9c461b954
Instruction ID: 3a7887f9c50f8e13f056f6ccf3be1279aefbc54965cbe84901be74bb7ff119cd
Opcode Fuzzy Hash: d9f2280e50f3dffa1ff7a3a0d74ca0b0eac6296f33a9d329d6a99db9c461b954
Instruction Fuzzy Hash: A3719CB3F102254BF3584D78CD683627683DBD5314F2F81788E89AB7C5D97E5D0A5284

Function 0038A1C2 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063b3e22665480fc2f6906848d13b84f331b1ae35bdc3833e923def23c16e17d
Instruction ID: 018d3f854870b160364a44a2af41a73da2e8bde4bb7cf625baa0c6012d03172c
Opcode Fuzzy Hash: 063b3e22665480fc2f6906848d13b84f331b1ae35bdc3833e923def23c16e17d
Instruction Fuzzy Hash: 69718CB3F116254BF3444E68CCA83A27693EBD5314F2F82788E885B7C5D97EAD095384

Function 003EE393 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 684a58dfc6bc339f137cea7daa75bc6d01ce670c7f61eb19097ea50dfa49192b
Instruction ID: e7c43b680f1aa6d87913ce0e36f0c427a7493eb76ed658844a91dd76bed75519
Opcode Fuzzy Hash: 684a58dfc6bc339f137cea7daa75bc6d01ce670c7f61eb19097ea50dfa49192b
Instruction Fuzzy Hash: 37718AB3F502254BF3584925DC683A17683ABD5324F2F827C8E896B7C0D97E5E0A5384

Function 0048B099 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ded14faa5adaadb819f96d57f9f39b643225887534b5261c71158be7fb34b63
Instruction ID: b58527b5b5617df8529a500a359da3cd867fd1b4b73f15cbb39d80c4dd65d530
Opcode Fuzzy Hash: 6ded14faa5adaadb819f96d57f9f39b643225887534b5261c71158be7fb34b63
Instruction Fuzzy Hash: CE718EB3F606254BF3544D28CC983A17692EB95320F2F42788E9CAB7C5D97E6E095384

Function 0039A2A0 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f948b0ee5e2197c1488c6fdd8b2d1ef875636d4702339fbe4e9be28e918af18
Instruction ID: 4604da2d1ac73d23974537e06bd7b82ad5e05acb65936978d4fafe79beb89b19
Opcode Fuzzy Hash: 3f948b0ee5e2197c1488c6fdd8b2d1ef875636d4702339fbe4e9be28e918af18
Instruction Fuzzy Hash: 5971ADB3F216254BF3540D68CCA43A17293EBD5720F2F82788E986B7C5E97E5E095384

Function 004105A3 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8188a21bd2117bd554d94b32924a8ac4f21859618fc5b01b492ff0ce7d84fd99
Instruction ID: 71734239e236dd7bf123d505f02388880007deba2fe521321b0c61f0e13f7690
Opcode Fuzzy Hash: 8188a21bd2117bd554d94b32924a8ac4f21859618fc5b01b492ff0ce7d84fd99
Instruction Fuzzy Hash: 8B7189B3F112254BF3444D69CCA83A2B693D795320F2F82788E986B7C9D9BE5D0653C4

Function 0038C0A1 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a0fa000ae128ec9bce58dbc7a391011a9f68e93eec141e506dfa5d7fdc95f71
Instruction ID: f7f848657b65e532ce6d0aa4247f271c4417de941797c0c79ddb11c870ada834
Opcode Fuzzy Hash: 2a0fa000ae128ec9bce58dbc7a391011a9f68e93eec141e506dfa5d7fdc95f71
Instruction Fuzzy Hash: 8D7199F7F216254BF3544828DDA83627683D7D4324F2F82788E48AB7CAD97E5E054384

Function 00373123 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 563f2d38a8e1eb3f4667dff74b044b9774cafef8cb474d5d9b838b9b57dea283
Instruction ID: f03f07481a0f1beff170b471b0f9481f3b7dad96c2bb7a0f5007dd48eb8db65a
Opcode Fuzzy Hash: 563f2d38a8e1eb3f4667dff74b044b9774cafef8cb474d5d9b838b9b57dea283
Instruction Fuzzy Hash: 2D718BB7F1122547F3544D68DC98352A683ABD5320F2F82388E9CAB7C5D97E9D4A43C4

Function 00362107 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9014122de4b8e024c1e71e69f530d60d2dedc258171194b5adfb60ed4b781371
Instruction ID: 56862dfaad44f5789a81e75b61e695f0acc6173a29cd36245c3a1bca143cbd1c
Opcode Fuzzy Hash: 9014122de4b8e024c1e71e69f530d60d2dedc258171194b5adfb60ed4b781371
Instruction Fuzzy Hash: D861B0B7F1122147F3544939CCA83626683EBD5324F2F42389E98AB7C5DDBE9D0A5384

Function 0041026E Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7642fa56d2750047296aaa7696bda6960b2c937407e0acdb5cde3b05267e22
Instruction ID: fb49168d8b1938e3c3a229bccf6e55a67788e9d452c054c7d0679ccc32c8acfe
Opcode Fuzzy Hash: 7a7642fa56d2750047296aaa7696bda6960b2c937407e0acdb5cde3b05267e22
Instruction Fuzzy Hash: 0E7138B3F1022547F3544D29CC683A17692EBA5720F2F827C8E98AB3C5D97E5D4953C4

Function 0039447D Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc5d0b1ecba0b7852efc3749f68833d09993583844e52b85734272f2ad549b67
Instruction ID: 0616d2cecbc6a7ce9a2eedc515b20ed4af1e501929e94ff5028067586da6a8d4
Opcode Fuzzy Hash: dc5d0b1ecba0b7852efc3749f68833d09993583844e52b85734272f2ad549b67
Instruction Fuzzy Hash: 27717BB3F111248BF3544E29CCA43A17293EBD5315F2F81788A896B7C9D97F6D0A9384

Function 00394119 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23cb18f4192e2f17a02f375a7c84bced2e91c37be269e4d3dbb478fd58d0aba4
Instruction ID: 28907b2ca3732f40ba4ef2cfa74b6882699df82a13d91deb7ea8145660995a7f
Opcode Fuzzy Hash: 23cb18f4192e2f17a02f375a7c84bced2e91c37be269e4d3dbb478fd58d0aba4
Instruction Fuzzy Hash: 9A617AB7F1022547F3540A68CDA83A17692DB95320F2F42788E8D6B7C5D9BF5E0953C4

Function 003502FA Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc5fa7435100fcbd9cd5adce084f76bc5ee8d3247715242f35827361daeedac2
Instruction ID: 2a17836b3d51ed73c66c8732504b634f0ca01098c891533598c27a2e737d4a7d
Opcode Fuzzy Hash: cc5fa7435100fcbd9cd5adce084f76bc5ee8d3247715242f35827361daeedac2
Instruction Fuzzy Hash: 9A717CB7F206254BF3444928CDA83A17653EBD5314F2F827C8E89AB3C4D97E9D0A5384

Function 0038C40C Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0cd7053de794f945b30bfdd8c8e06f5cac01d337ebbf78fb18aba28401f307b
Instruction ID: 17c9447cbefe17a61b2722c2f7d054c8fadff04039e3105ea8fd74ddb61e09d0
Opcode Fuzzy Hash: e0cd7053de794f945b30bfdd8c8e06f5cac01d337ebbf78fb18aba28401f307b
Instruction Fuzzy Hash: 8D616BB3F5112543F3544829CC683A26683E7D1721F2F82388E999BBC9DD7E9D4A5384

Function 0045C61F Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 126f66edeb7e0c6bfbddc71b30a0e4572e008bf0db5bfa685989db33c9871753
Instruction ID: 24bbb9b70295f9232ed666f4f180e23fef2c32fd87370e194c5f6feb207d073b
Opcode Fuzzy Hash: 126f66edeb7e0c6bfbddc71b30a0e4572e008bf0db5bfa685989db33c9871753
Instruction Fuzzy Hash: 2B718AB3F5022547F7544968CCA83A26693EBA5320F2F82788E8C6B7C5E97E5D0953C4

Function 0042608D Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf0a98c5dd8551bc5962b22e6d3d4a47bea645c088fdd8395a26efe3af948ba
Instruction ID: c190e950ef66f1a64fc72155bfd99353e793e18bd4cc72cc9f52c03bf76ef352
Opcode Fuzzy Hash: ebf0a98c5dd8551bc5962b22e6d3d4a47bea645c088fdd8395a26efe3af948ba
Instruction Fuzzy Hash: 326189B7F1122147F3444D34CC683A27683ABD5324F2F82788E986B7C9D97E5E4A5384

Function 0048700B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7f2b9eb01353d07684d6eb833e1c3e98b11189cc1358b382f3eb6a19469b72a
Instruction ID: 01e9ba6ca6ad153a2a8e4963049dbbb71e5f4b0974f6c3ff538d39761fd60f86
Opcode Fuzzy Hash: a7f2b9eb01353d07684d6eb833e1c3e98b11189cc1358b382f3eb6a19469b72a
Instruction Fuzzy Hash: 46618CB3F212254BF3140D38CDA83A17693EBD5314F2F82789A989B7C5D97E9E095384

Function 0045313C Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2a5c09c7515c10b80880451fdef2381ea4d1270caee4149f717217c0024d294
Instruction ID: 9f61d275e3035dbe921f963bbd326bd7969b7fded32261fe639a5bafc7c2aff2
Opcode Fuzzy Hash: f2a5c09c7515c10b80880451fdef2381ea4d1270caee4149f717217c0024d294
Instruction Fuzzy Hash: 90618BB3F2122447F3444D28CCA83A27253EBD5321F2F82798A595B7C9DD7EAD4A5384

Function 003B84D0 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e07aeca136b79eaa1ee1d6ff89a79e2f8f5f8fd0c0a7a88ca1f1829091ed80ea
Instruction ID: 567500527278c6d49640bc779cdf96e99019f676f23b1224cf433e242928dde4
Opcode Fuzzy Hash: e07aeca136b79eaa1ee1d6ff89a79e2f8f5f8fd0c0a7a88ca1f1829091ed80ea
Instruction Fuzzy Hash: 5C6156B7F5122547F3444928CD683A27683A7D1324F2F82388E896B7C9DD7E9D0A53C4

Function 0034A6A7 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20636aba51d90c5608b87fd8eab459c488c0511698753d4c644029242596ce7e
Instruction ID: b981ce7d2baa6ec035a698f62f9c6481172d44122597594adaed4db22baa3676
Opcode Fuzzy Hash: 20636aba51d90c5608b87fd8eab459c488c0511698753d4c644029242596ce7e
Instruction Fuzzy Hash: 9961C2B3F612254BF3544D68CCA83B17642EB95320F2F423C8E59AB7C5D97E5E095384

Function 004070C8 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05128082365c83bfcdf03aa787bf22e1ff0aeeb132ec3d2e5dbc480864206989
Instruction ID: 6559840c091cdf078687d9494ecaabbbea0f95ec7cf29d35d0c805b4e3516422
Opcode Fuzzy Hash: 05128082365c83bfcdf03aa787bf22e1ff0aeeb132ec3d2e5dbc480864206989
Instruction Fuzzy Hash: BB61A0B3F606254BF3444928CCA93A17693EBE6310F2F41788E88AB7C5D97E9D0953C4

Function 004966DC Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8fb83e83d70c37e1917f562fb51bf22b5dcf6bafdc931765e7b50c71a3b4f26
Instruction ID: ef612e421a6be8dd487d2d3f55bafb71447a76925a909162b590bc83cb63518a
Opcode Fuzzy Hash: d8fb83e83d70c37e1917f562fb51bf22b5dcf6bafdc931765e7b50c71a3b4f26
Instruction Fuzzy Hash: B9615AB3F512244BF3544D68CC643A2B693EBD1720F3F81798A88677C4D9BE6E099384

Function 0046A120 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 810703ee57baa9bb4e66125d9de373645e1b5e7d37b04e282fa51acdd3d91500
Instruction ID: b5d50d61458a279be75a8c096ddbc434b0310a9f95394cfd949a90f4648e1b8b
Opcode Fuzzy Hash: 810703ee57baa9bb4e66125d9de373645e1b5e7d37b04e282fa51acdd3d91500
Instruction Fuzzy Hash: 61617FB3F211244BF3544E28CC583627293EBD5711F1F86788E98AB7C8D97EAD495384

Function 00347156 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc83d844960529285b54b79728c94f5efa8c92d4aa257346540d338d0f4df3c
Instruction ID: 6dba9ea1e4ba770672acf44c1ef3a60aef5c7a8eb1c5d9e8ae2d40e2b7d4826e
Opcode Fuzzy Hash: 1dc83d844960529285b54b79728c94f5efa8c92d4aa257346540d338d0f4df3c
Instruction Fuzzy Hash: 01614CF7F1122547F3544929DCA83A66683A7D1324F3F82388E9C2B7C9D97E5E0A5384

Function 0045C34D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d5dd53c8a61c33ea0f4e5a7f31ebd6c4c61763b3b73fa1b5285bc46e6ff24c6
Instruction ID: c1b21fcaeaf0ba661c118d9772a07b74f6061c2a268559deb5f83c43b79ea24f
Opcode Fuzzy Hash: 5d5dd53c8a61c33ea0f4e5a7f31ebd6c4c61763b3b73fa1b5285bc46e6ff24c6
Instruction Fuzzy Hash: FE613DB7F111254BF3444E29CCA83617753EBD5310F2F82788A886B7C8D97E6E0A9784

Function 00396079 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d0d0fa295435adf0675984197c54fac8ac5d6677e722fdc09a5881ba75a6baf
Instruction ID: e7594af00d32da5893725618296b98bdf4f190958903284ca5c36f2b7bb72dd0
Opcode Fuzzy Hash: 9d0d0fa295435adf0675984197c54fac8ac5d6677e722fdc09a5881ba75a6baf
Instruction Fuzzy Hash: F5517AB3F6162147F3480939CCA83A16583D7D5320F2F82798E99A77D5DCBE5E0A5284

Function 003B665A Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3638055ebb800a5e2970eb6c5feeb2fb5036cbcadad9c8c1230ab9ce61154cb1
Instruction ID: 0b0486164e742e79856f98a77dcc1a1e9b384c3d469f1b03f62cc1ec083351ac
Opcode Fuzzy Hash: 3638055ebb800a5e2970eb6c5feeb2fb5036cbcadad9c8c1230ab9ce61154cb1
Instruction Fuzzy Hash: B0615BB3F102244BF3584A29CC643A17292EBD6710F2F817D9E896B3D4DD7EAE095784

Function 0042A116 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79140c0b4009364dac0a23a53fd96bc1a590743772ead8e7beda050caa489e22
Instruction ID: 95a07630806f26e2eaa100a08e1ac6146337c48032345861c2861941e98c6a52
Opcode Fuzzy Hash: 79140c0b4009364dac0a23a53fd96bc1a590743772ead8e7beda050caa489e22
Instruction Fuzzy Hash: 1451ADF7F2162107F3584864CC693A2A683DBE5324F2F82788F59AB7C5D87E9D0952C4

Function 003B22C7 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c3125181bd997ba1464840cf1f8d26bd7a539f333506b21ae6bfc2f418886aa
Instruction ID: b40887bef62c09ae2facd87913a5fa271905947267253e739d318110d6732a2e
Opcode Fuzzy Hash: 4c3125181bd997ba1464840cf1f8d26bd7a539f333506b21ae6bfc2f418886aa
Instruction Fuzzy Hash: 6D517DB3F1122647F3604E28CC543A17293EB95720F2F82789E886B3C5D97E5E4993C8

Function 004545E8 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90a90ad434f29f3f310190002e5114f216600e9601afdef390d3cba86b3d2d9b
Instruction ID: d249a17d388cf8e68510aa4e9bd8792ff442337937c84f2fa599b3182045b149
Opcode Fuzzy Hash: 90a90ad434f29f3f310190002e5114f216600e9601afdef390d3cba86b3d2d9b
Instruction Fuzzy Hash: 1E518DB7F1022547F3444E28CCA83A17392EB95714F2F417C8E896B3C5EA7E6D499384

Function 003F626F Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38a5ec6f5c4ff1c23ebd339f8f33318f46415970b3548834ca2bcb0298625994
Instruction ID: 1f2f357ac8608eb7850fe58a34e16ef985594ba7e27031c3dfb6eeed5c48601a
Opcode Fuzzy Hash: 38a5ec6f5c4ff1c23ebd339f8f33318f46415970b3548834ca2bcb0298625994
Instruction Fuzzy Hash: D4519EB7F2112547F7544D28CCA43A17283EBD6720F2F42798A899B3C5D97E6D095384

Function 0048A5F5 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 757994fe5c4ce91ab96d9a8697754a2d073ecbed7c0c73394604be792fa57e1d
Instruction ID: f03a132ec82230bb098f2876aba9f9e2e9c5a70f8d47014a78170eebfb77024a
Opcode Fuzzy Hash: 757994fe5c4ce91ab96d9a8697754a2d073ecbed7c0c73394604be792fa57e1d
Instruction Fuzzy Hash: A351C0B7F412264BF3444938CCA93A27653EB91310F2F41398E896B3C5D9BE9E0953C4

Function 0038505D Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50f2761a6b06b521ffcd2869628923fcae76d0a32e439b16e58f98283cc3fa97
Instruction ID: f01cf267da451f0e305495800194731d6e6c656aad063e5e9df854554169220b
Opcode Fuzzy Hash: 50f2761a6b06b521ffcd2869628923fcae76d0a32e439b16e58f98283cc3fa97
Instruction Fuzzy Hash: D55167B3F202254BF3544D78CC983A17693EBD5710F2B81788E886B7C5D9BE6E499384

Function 003EF1BE Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da15101cd82140c088408d3b3082306bec17d899f2b1eb048d1247b557b9ad2
Instruction ID: accbff29881c75c10378d8d7ff88a27e7d097852cbec55642ac6906ad75fd338
Opcode Fuzzy Hash: 8da15101cd82140c088408d3b3082306bec17d899f2b1eb048d1247b557b9ad2
Instruction Fuzzy Hash: 9751BFF7F106254BF3440879CD683A565839BE0314F2F82398F8D6B7CAD8BE5E4A5284

Function 003B826E Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89b30382bcc96c8359976304fb9c400e55b89b5cfb33fd9e6fe2a37a898d16b7
Instruction ID: e017275371523c8a2105bf98b9346bfbc28b74db68c216f7458c948e28286812
Opcode Fuzzy Hash: 89b30382bcc96c8359976304fb9c400e55b89b5cfb33fd9e6fe2a37a898d16b7
Instruction Fuzzy Hash: 17413BF3A0C2105BE3586D19EC8477AB7E9DBC8320F16453DEA9897784D939180082C9

Function 003F4578 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1090605f949abf9ee667649896b837912c79b54c5676b067bc0e660bef6123e
Instruction ID: 6b6b3267ece656f52f876ac4a23a9b02b0fc23f572e9f2949062b3d6f110e4b0
Opcode Fuzzy Hash: e1090605f949abf9ee667649896b837912c79b54c5676b067bc0e660bef6123e
Instruction Fuzzy Hash: DF4145B3F1022147F7984928C9693766683ABD1320F2F823E8F9A2B7C5DC7E5D095384

Function 003A81BB Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13109b02c5c2fdf3ae201b1546884cff4be4468bdc6c68ad6fc644ebf4f9082e
Instruction ID: c260e01663dc964f22dc167f24e482ec046883c62e5e0b649334871d9fd27181
Opcode Fuzzy Hash: 13109b02c5c2fdf3ae201b1546884cff4be4468bdc6c68ad6fc644ebf4f9082e
Instruction Fuzzy Hash: E8415CB3F1122547F3604968CC943A162839BD2324F3F83749EAC6B7C5D87E6D4652C4

Function 0045C177 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a683e764e8b3abe3a2ad71a7682c46ff65cd97a6c680780b687ca84b1d39adc6
Instruction ID: aac229d5b7e58bbbb7194188ba516f55d3eee45bbb273d53b1ced9bc97a7c8c9
Opcode Fuzzy Hash: a683e764e8b3abe3a2ad71a7682c46ff65cd97a6c680780b687ca84b1d39adc6
Instruction Fuzzy Hash: 5F316AB7F1163047F3544964DCA93526242ABD6321F2F82B98E9C3B7C6E97E5D0A43C4

Function 0039C1BB Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a29439208da205ce45a222d281683257aa11abcb0402ea95175906065a52b02
Instruction ID: d90cf7f3674deea191f5989b2fded499c78efca9444d68cf8a3da8b7ec925691
Opcode Fuzzy Hash: 0a29439208da205ce45a222d281683257aa11abcb0402ea95175906065a52b02
Instruction Fuzzy Hash: F73148B3F5163103F36848B9C9693A6998397C5324F2F82398F5A6B7C4CCBE4C0612C4

Function 0044E2CE Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6ba56f07e3b9c2fd1e1cba1ab5acb11c67523ff04170e5ed2c9cc89a5aa9982
Instruction ID: 8d89a2d62a16fd25536dd79de0b99954de03576db53a91e44864f28a1a9f1cf8
Opcode Fuzzy Hash: b6ba56f07e3b9c2fd1e1cba1ab5acb11c67523ff04170e5ed2c9cc89a5aa9982
Instruction Fuzzy Hash: 37313EB3F5122547F3444979CD983A266939BD5310F2F8278CE48ABBC9DC7E5E0A5384

Function 00372181 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01058422db703e7a108f95ad67af2e2fbca59c865a14d47a2eb1fa29496b0ddf
Instruction ID: 84f9b293ad1bed0743b67a2a019ea4414668b197c76342a1ec6a1e4e07baa5e8
Opcode Fuzzy Hash: 01058422db703e7a108f95ad67af2e2fbca59c865a14d47a2eb1fa29496b0ddf
Instruction Fuzzy Hash: 2F3147B7F1252503F3944829DC6836261838BD5324F3F81798B8D6B7C6EC7E9D0A1384

Function 00404163 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d807e6a63dd2198e9470c1d33e8e4a22dd73a885fc5996a9922207cb7c0783
Instruction ID: 5e85862c35da0f0348a21faa01ba59430ea4330dd2bc08222cf45e23c85a5183
Opcode Fuzzy Hash: 78d807e6a63dd2198e9470c1d33e8e4a22dd73a885fc5996a9922207cb7c0783
Instruction Fuzzy Hash: 2D319EB3F1062507F3588929CCA93A56283DBD5315F2F82398B9D9B7C5EC7E9D061280

Function 0046C45A Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00581e80aa686f5461b651bb0879e8b7a4a8853708609f131687bc64a58e2186
Instruction ID: 95fc8ba3d8f8347b854dbf4551ef77dcec1878c07ce1328ffc3c4f937a2e2da5
Opcode Fuzzy Hash: 00581e80aa686f5461b651bb0879e8b7a4a8853708609f131687bc64a58e2186
Instruction Fuzzy Hash: 833147B3F5162547F3484879CDA93A165839BE1324F2F823D8B9A6B7C9DCBE5C091280

Function 00390142 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c2786c01e1c76138887e7cefb54763326d7186f970517bb0f659a3fe5ec9a5
Instruction ID: eccd64ddd89857b2cd050923e6afc8adcfb29c145b78d7e656c40f9682ccbb89
Opcode Fuzzy Hash: c0c2786c01e1c76138887e7cefb54763326d7186f970517bb0f659a3fe5ec9a5
Instruction Fuzzy Hash: 67312AB7F6063547F3500829CD9835165429BE5720F2F86788E9CABBC5DC7E9C0952C0

Function 00418402 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4973f8e06805e2f0f9b399b82f127ed328af9dba75b076aee4b1bba2c2daaa39
Instruction ID: d5bac62e812239fd23e34cdc35337683061c8b9ac6cc44feffdcfca0d2184093
Opcode Fuzzy Hash: 4973f8e06805e2f0f9b399b82f127ed328af9dba75b076aee4b1bba2c2daaa39
Instruction Fuzzy Hash: F5315CF7F1162147F3544839CD6836229439BE5724F2F82798EAD5B7C6EC7E590A1280

Function 0034821E Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d01791415534c52bf7ee25ab0f3af8dc8a36b7c7a405e62c99df4a54864504d
Instruction ID: d9e8ac5d6b5bb7cc21973750810c2338849a49983b497b99d3522a2416af46d6
Opcode Fuzzy Hash: 2d01791415534c52bf7ee25ab0f3af8dc8a36b7c7a405e62c99df4a54864504d
Instruction Fuzzy Hash: 963155B7F9163607F36408B8DD9839195829BE5324F2F83798E5C677C6D8AE4D0922C0

Function 00442517 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb000a87dc70f43759426781e8135ff731879cfc47b44edbeb05e123baeed81f
Instruction ID: 82bcb34c8f390e0b95935396fedb9bd5af13a90b74f11e26ac02c5e1b24454cc
Opcode Fuzzy Hash: cb000a87dc70f43759426781e8135ff731879cfc47b44edbeb05e123baeed81f
Instruction Fuzzy Hash: BE316DB3F6162147F3A808B8CD98362A542DB95324F2F87388F68E77C5D8AD9D0913C4

Function 004665BF Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c70843152dde4ad4d5ad19bfa7c4cff3e3eb6e872db59e1a6727733e3dc5ef4
Instruction ID: e3cd544a6e3dc6dd4350195885460707605142e1b4607e75a9224e5cd8d860d5
Opcode Fuzzy Hash: 7c70843152dde4ad4d5ad19bfa7c4cff3e3eb6e872db59e1a6727733e3dc5ef4
Instruction Fuzzy Hash: A3315CB7F5022147F35408B8DDA9352A58297E5329F2F823D8E5CA77C5DCBE5C050280

Function 0047454D Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9446d268b0ac5e59a25234fc808690b2eb234de3b22b9a9033a2c889f02e9373
Instruction ID: d718a989b8dd52a77974deafa50078d6b1bd0d48686752cbb87ead7c5d47ea86
Opcode Fuzzy Hash: 9446d268b0ac5e59a25234fc808690b2eb234de3b22b9a9033a2c889f02e9373
Instruction Fuzzy Hash: D1316DE3F512250BF3584878CDA83B615439BD1724F2F82398B8D5BBC8DC7D8D0A1288

Function 003DD061 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ae154b81275f0d8769700b7f67c79b23afcd4f427540d8e9f5e199883c4bb04
Instruction ID: 3e5301dc80d8a0865ca1c4a6695d173dc070dac68c8c678c0a443b872c657570
Opcode Fuzzy Hash: 6ae154b81275f0d8769700b7f67c79b23afcd4f427540d8e9f5e199883c4bb04
Instruction Fuzzy Hash: E2315CF7E5162647F3884878DDA83B55542DBA0324F2F82384F5DA77C6EC7D8D091284

Function 004646DF Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700ad589762acfbc50e0b992eaddca69b3a5bc059984f080264bb51cc207f985
Instruction ID: 9492c23beb4ce80d0a943000a7a01b5421e67e8f1ff070f2166ed00c616f5802
Opcode Fuzzy Hash: 700ad589762acfbc50e0b992eaddca69b3a5bc059984f080264bb51cc207f985
Instruction Fuzzy Hash: 1B3183F7F616260BF38808B4CDA9362658397E1325F3F82394F5DA72C6ECBD48091280

Function 0038F04C Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8170ed0e02e5692aa3ce5466c2a5dbd736cd0da0a42af2d5136383772227a815
Instruction ID: 381d38fe26f65d6897cd9a8ce9b6ceb2674d36f377d560262fbc77019bedef1c
Opcode Fuzzy Hash: 8170ed0e02e5692aa3ce5466c2a5dbd736cd0da0a42af2d5136383772227a815
Instruction Fuzzy Hash: 35315CB3F512250BF3844839CE693A6158297D5320F2F82798F5E6BAC5CCBD5E4A5284

Function 0044D026 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 365124df326d74a2facfca46074c40b78061a0d9a9224aacc282a3674fba5bd6
Instruction ID: 6d2b00c6ba0fc062ac2dff9d2ea1698b49a5612003f2532e074a7b15a7e0e03b
Opcode Fuzzy Hash: 365124df326d74a2facfca46074c40b78061a0d9a9224aacc282a3674fba5bd6
Instruction Fuzzy Hash: FD210CB7F216260BF3684879CD9836254839BE1324F2F83798F5C67AC5D87D5D095284

Function 0045658C Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4be4ce4515c2130008c842d08348d7f420cf3e973ef1903cb758b60d71c2fc0
Instruction ID: af852413b427f35760d45769f9a4f2efd4f5f820074ba489e2529f9fc3a83750
Opcode Fuzzy Hash: b4be4ce4515c2130008c842d08348d7f420cf3e973ef1903cb758b60d71c2fc0
Instruction Fuzzy Hash: 752179F7F116204BF3540839DCA9362258397A5324F2F42798FADA7BC2ECBE0C050284

Function 003A446E Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 706e4f4b0e413ceb3cbec66ff6f7ead6baf98a2b73c8be73820539a13d61bf6a
Instruction ID: 0ce83fd9bc6cda31885457bf83e1eaad38b6c56269ff8ce72b7ef2e796d559fb
Opcode Fuzzy Hash: 706e4f4b0e413ceb3cbec66ff6f7ead6baf98a2b73c8be73820539a13d61bf6a
Instruction Fuzzy Hash: 5A214CB7E5022547F3944879CDA93626582E7D1724F2B8239CF99AB7C9DC7D8D0A13C0

Function 004785A0 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 084f89eadbc8c5f86dfb66f083225ca2359fd33c45555a91a0153cb139b475d1
Instruction ID: 0da5cfd86e94ada89acc2cb2bd2917c184d7da8620801fd6da82fb3f66c26720
Opcode Fuzzy Hash: 084f89eadbc8c5f86dfb66f083225ca2359fd33c45555a91a0153cb139b475d1
Instruction Fuzzy Hash: 522130F7F516250BF3984879CEA93661883E794354F2F82398F8EA76C5DC7D4A091384

Function 00462218 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73480220163afb8880c89343f582edee36f75c84ae99db6411df6440dd3e9b01
Instruction ID: acfc18b55a4025101cf17cfe1a2b3efc12683fb8ca4ea97db135df53659e3537
Opcode Fuzzy Hash: 73480220163afb8880c89343f582edee36f75c84ae99db6411df6440dd3e9b01
Instruction Fuzzy Hash: 6421E4F7E1162007F3984829DD69366558397E1324F2F82798F5D6BBC9DC7E4D060288

Function 0037C2A6 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76e49bae0df9a9c51bc297f88b8e0de02303fdcf00149a427ace2b4852422355
Instruction ID: 95ac746db655f53a729ab69cdd566d41434849ee3bf596c11dd10ad39fe279d9
Opcode Fuzzy Hash: 76e49bae0df9a9c51bc297f88b8e0de02303fdcf00149a427ace2b4852422355
Instruction Fuzzy Hash: 8B218EB7F6162647F3444874CD583966243A7D5325F2F82788E9CABBCAD87E9D0A13C0

Function 003D0364 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51cb3ed9e16da1418c0c5efe886f46af82e11e17aaca3a508c3995703e7569cd
Instruction ID: 80a8c8e891b5e8b4f570b13da3879e64145d00dd25977273054f57cb540d9e16
Opcode Fuzzy Hash: 51cb3ed9e16da1418c0c5efe886f46af82e11e17aaca3a508c3995703e7569cd
Instruction Fuzzy Hash: 1C217CF7F2292247F3544835CC2536221839BE6725F3F83789B6CAB7D5E87C890A0284

Function 003862D5 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef525208f8b11fbdae73b7e7ebef1aaa736cf5a492d11bc2ab3a70eae58e8d37
Instruction ID: 5fa359d058ddb71fc860e2d4fb11f837b54ca9965ef84204c3037a2387f8578b
Opcode Fuzzy Hash: ef525208f8b11fbdae73b7e7ebef1aaa736cf5a492d11bc2ab3a70eae58e8d37
Instruction Fuzzy Hash: 501182F3F906254BF3504878CC943622582DBD6320F2F8279DE989B7C4D87D8D0A6385

Function 00510148 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0050CAC5: GetCurrentThreadId.KERNEL32 ref: 0050CAD4

Part of subcall function 005111C6: IsBadWritePtr.KERNEL32(?,00000004), ref: 005111D4

wsprintfA.USER32 ref: 0051018E
LoadImageA.USER32(?,?,?,?,?,?), ref: 00510252

Strings

%8x, xrefs: 00510189, 0051018C
%8x, xrefs: 0051021C, 0051024F

Memory Dump Source

Source File: 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00330000, based on PE: true

Associated: 00000000.00000002.2320880437.0000000000330000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321045190.0000000000336000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.000000000033A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005D3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321072608.00000000005E2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321408421.00000000005E3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321586538.000000000078A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2321605976.000000000078C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_330000_file.jbxd

Similarity

API ID: CurrentImageLoadThreadWritewsprintf
String ID: %8x$%8x
API String ID: 439219941-2046107164
Opcode ID: c4c03d5892930a757edec28c24916df673e9fb7bf7f0de57a1fbf75c3b9d66ce
Instruction ID: 4a8a1b34c84a6e42dd03c2bad8808a7ef60f6a49908fb6504f75425e9fda237f
Opcode Fuzzy Hash: c4c03d5892930a757edec28c24916df673e9fb7bf7f0de57a1fbf75c3b9d66ce
Instruction Fuzzy Hash: 7931153590010ABBDF11DF94DD09EEEBF75FF89300F108525FA11A61A0C771AAA1DB60

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: file.exePID: 5804, Parent PID: 1028

General

Windows Analysis Report
file.exe

Function 0051A6E3 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Function 0050E198 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Function 0050E69E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Function 00510FF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Function 0050D078 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Function 0050E787 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Function 00511214 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Function 00510B80 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Function 0051B10F Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Function 0050F1FF Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Function 0050EA1B Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Function 0051AE5C Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 04D30D42 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Function 04D30D48 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON