Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532611
MD5:	50940cba9f55df1cb172952d0b03df56
SHA1:	933550875254bf6e565dd63005dfded7fda5ccfa
SHA256:	b6737bd5cb107768640e737f9837fed8455d603ae9f86834a968d71f140cea48
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 5724 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 50940CBA9F55DF1CB172952D0B03DF56)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0059C711 CryptVerifySignatureA,

0_2_0059C711

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1777686431.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmp

Source: unknown

DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D603F	0_2_003D603F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E0048	0_2_004E0048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8042	0_2_004A8042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00482045	0_2_00482045
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FC02D	0_2_003FC02D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D	0_2_003E402D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F802A	0_2_003F802A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A053	0_2_0046A053
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FA068	0_2_004FA068
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043407B	0_2_0043407B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DA00E	0_2_004DA00E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046801D	0_2_0046801D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DC02E	0_2_004DC02E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052C037	0_2_0052C037
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FE056	0_2_003FE056
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E804E	0_2_003E804E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FA04F	0_2_003FA04F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A60C2	0_2_004A60C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DE0C5	0_2_004DE0C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005160DD	0_2_005160DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E0C5	0_2_0048E0C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004500D6	0_2_004500D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C0E1	0_2_0049C0E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005060FA	0_2_005060FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC08A	0_2_004AC08A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E00F8	0_2_003E00F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00494086	0_2_00494086
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C092	0_2_0043C092
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D409B	0_2_004D409B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051008A	0_2_0051008A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004300A6	0_2_004300A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044A0AF	0_2_0044A0AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BE0A7	0_2_004BE0A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B40BB	0_2_004B40BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005180A0	0_2_005180A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D20B6	0_2_004D20B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00444141	0_2_00444141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E4144	0_2_004E4144
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050C15B	0_2_0050C15B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488154	0_2_00488154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4169	0_2_004C4169
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046E17E	0_2_0046E17E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FC10C	0_2_004FC10C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464101	0_2_00464101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044210A	0_2_0044210A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C117	0_2_0047C117
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EE118	0_2_004EE118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492125	0_2_00492125
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050E1D0	0_2_0050E1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004121C7	0_2_004121C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A01C4	0_2_004A01C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005361DD	0_2_005361DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E1DF	0_2_0040E1DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EC185	0_2_003EC185
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004701FC	0_2_004701FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A1FC	0_2_0040A1FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500193	0_2_00500193
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046018C	0_2_0046018C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004281AD	0_2_004281AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004801BF	0_2_004801BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D61B4	0_2_004D61B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474248	0_2_00474248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE25D	0_2_004CE25D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040625C	0_2_0040625C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040825C	0_2_0040825C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416268	0_2_00416268
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00438278	0_2_00438278
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC201	0_2_004AC201
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8215	0_2_004B8215
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418221	0_2_00418221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045822C	0_2_0045822C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E82CE	0_2_004E82CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CA2CC	0_2_004CA2CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004762CA	0_2_004762CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004222D5	0_2_004222D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C02E1	0_2_004C02E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D828A	0_2_004D828A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC2A0	0_2_004EC2A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004782A8	0_2_004782A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F22B9	0_2_004F22B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004562BA	0_2_004562BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043E342	0_2_0043E342
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052A34C	0_2_0052A34C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00438362	0_2_00438362
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00472364	0_2_00472364
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045236A	0_2_0045236A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00434316	0_2_00434316
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00496312	0_2_00496312
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050830B	0_2_0050830B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B6314	0_2_004B6314
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A232C	0_2_004A232C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004103C0	0_2_004103C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC3C6	0_2_004CC3C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004983C4	0_2_004983C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005123F1	0_2_005123F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E0397	0_2_003E0397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004943FA	0_2_004943FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F838B	0_2_003F838B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EA388	0_2_003EA388
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045E385	0_2_0045E385
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00442387	0_2_00442387
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00510397	0_2_00510397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BC381	0_2_004BC381
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F03F2	0_2_003F03F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420390	0_2_00420390
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00470393	0_2_00470393
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FC3E7	0_2_003FC3E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B0396	0_2_004B0396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA3A9	0_2_004EA3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EE3D3	0_2_003EE3D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004843A7	0_2_004843A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C3A9	0_2_0046C3A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044A44D	0_2_0044A44D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00448449	0_2_00448449
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00414452	0_2_00414452
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA45E	0_2_004AA45E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528449	0_2_00528449
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050644C	0_2_0050644C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00444459	0_2_00444459
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045446A	0_2_0045446A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E6477	0_2_004E6477
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F447A	0_2_003F447A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A401	0_2_0048A401
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042E40F	0_2_0042E40F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00450418	0_2_00450418
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051A433	0_2_0051A433
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00430428	0_2_00430428
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402430	0_2_00402430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050A421	0_2_0050A421
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00424431	0_2_00424431
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046243F	0_2_0046243F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E4C5	0_2_0048E4C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004924D8	0_2_004924D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C84EE	0_2_004C84EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D04E9	0_2_004D04E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004404E1	0_2_004404E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004164EE	0_2_004164EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F04F9	0_2_004F04F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DA4FE	0_2_003DA4FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D64F8	0_2_003D64F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FE487	0_2_004FE487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A49E	0_2_0046A49E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004824A9	0_2_004824A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FA4A8	0_2_004FA4A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FE4D7	0_2_003FE4D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A44BE	0_2_004A44BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CA559	0_2_004CA559
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FC55A	0_2_004FC55A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C56A	0_2_0047C56A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C657C	0_2_004C657C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047657C	0_2_0047657C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00524569	0_2_00524569
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E8502	0_2_003E8502
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E250E	0_2_004E250E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC50C	0_2_004EC50C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8508	0_2_004B8508
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C500	0_2_0049C500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00466511	0_2_00466511
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052250C	0_2_0052250C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4528	0_2_004C4528
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E452A	0_2_004E452A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA53B	0_2_004EA53B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047253E	0_2_0047253E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DE547	0_2_003DE547
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BE531	0_2_004BE531
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D65CE	0_2_004D65CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004805CE	0_2_004805CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EC5A5	0_2_003EC5A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E05D1	0_2_004E05D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004405EF	0_2_004405EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005145FD	0_2_005145FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004005FF	0_2_004005FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00422586	0_2_00422586
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A596	0_2_0045A596
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4592	0_2_004B4592
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041E5B3	0_2_0041E5B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C5B4	0_2_0048C5B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E644	0_2_0040E644
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051C654	0_2_0051C654
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043664F	0_2_0043664F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051E643	0_2_0051E643
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00428660	0_2_00428660
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00456671	0_2_00456671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C2679	0_2_004C2679
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041A604	0_2_0041A604
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D2619	0_2_004D2619
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F2664	0_2_003F2664
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00478619	0_2_00478619
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E2650	0_2_003E2650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051A63F	0_2_0051A63F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042C630	0_2_0042C630
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EA649	0_2_003EA649
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418639	0_2_00418639
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004586D2	0_2_004586D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004106DC	0_2_004106DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047A6D8	0_2_0047A6D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004306E9	0_2_004306E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004526E8	0_2_004526E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D86F8	0_2_003D86F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AE683	0_2_004AE683
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00534698	0_2_00534698
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00520682	0_2_00520682
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C69D	0_2_0049C69D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A26AB	0_2_004A26AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004746A4	0_2_004746A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A6A8	0_2_0040A6A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F06BF	0_2_004F06BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BA741	0_2_004BA741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EC721	0_2_003EC721
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A766	0_2_0048A766
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E766	0_2_0048E766
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052A767	0_2_0052A767
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040477E	0_2_0040477E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488700	0_2_00488700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044670F	0_2_0044670F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8712	0_2_004F8712
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B072A	0_2_004B072A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004447C4	0_2_004447C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DC7C4	0_2_004DC7C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC7C2	0_2_004CC7C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F07AC	0_2_003F07AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FA78F	0_2_003FA78F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00414781	0_2_00414781
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BC78C	0_2_004BC78C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044278E	0_2_0044278E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004987AF	0_2_004987AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C7AA	0_2_0046C7AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E47D3	0_2_003E47D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EE7C8	0_2_003EE7C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00466843	0_2_00466843
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F6857	0_2_004F6857
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DA851	0_2_004DA851
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051284D	0_2_0051284D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DA81F	0_2_003DA81F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00510874	0_2_00510874
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FA861	0_2_004FA861
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00502815	0_2_00502815
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A815	0_2_0040A815
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044A81D	0_2_0044A81D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E0865	0_2_003E0865
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C8C3	0_2_0040C8C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E88B4	0_2_003E88B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E48DE	0_2_004E48DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE8DE	0_2_004CE8DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C28EA	0_2_004C28EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FE898	0_2_003FE898
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A48FB	0_2_004A48FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D6881	0_2_003D6881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041A889	0_2_0041A889
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041C893	0_2_0041C893
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F88EB	0_2_003F88EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004628AE	0_2_004628AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B48B8	0_2_004B48B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D48B8	0_2_004D48B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F48B9	0_2_004F48B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A8B9	0_2_0046A8B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FE949	0_2_004FE949
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00486946	0_2_00486946
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500940	0_2_00500940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045295C	0_2_0045295C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528949	0_2_00528949
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045095B	0_2_0045095B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00522976	0_2_00522976
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041696D	0_2_0041696D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C90A	0_2_0047C90A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045891C	0_2_0045891C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052690D	0_2_0052690D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C924	0_2_0045C924
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8922	0_2_004A8922
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C6924	0_2_004C6924
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EE93E	0_2_004EE93E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048093B	0_2_0048093B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DE94A	0_2_003DE94A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004049C3	0_2_004049C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004269CB	0_2_004269CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005069C4	0_2_005069C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044C9DD	0_2_0044C9DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C49E7	0_2_004C49E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004709EB	0_2_004709EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004689E9	0_2_004689E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004369FC	0_2_004369FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BE9AF	0_2_004BE9AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DA9B3	0_2_004DA9B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004189BE	0_2_004189BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D0A48	0_2_004D0A48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E6A44	0_2_004E6A44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0A5E	0_2_004A0A5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EEA20	0_2_003EEA20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00514A61	0_2_00514A61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2A7C	0_2_004E2A7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CAA7F	0_2_004CAA7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F0A74	0_2_004F0A74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CEA71	0_2_004CEA71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EAA0F	0_2_004EAA0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045AA06	0_2_0045AA06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F2A7B	0_2_003F2A7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00434A0C	0_2_00434A0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B2A13	0_2_004B2A13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488A37	0_2_00488A37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B6AC9	0_2_004B6AC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00524AD8	0_2_00524AD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E2A97	0_2_003E2A97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00494AFF	0_2_00494AFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00512AE8	0_2_00512AE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048AAF5	0_2_0048AAF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D6A8E	0_2_004D6A8E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D6AF6	0_2_003D6AF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048EA84	0_2_0048EA84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00454A97	0_2_00454A97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418AA0	0_2_00418AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D2AAE	0_2_004D2AAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00536B51	0_2_00536B51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043EB40	0_2_0043EB40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F6B37	0_2_003F6B37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484B46	0_2_00484B46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E8B56	0_2_004E8B56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00508B73	0_2_00508B73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00498B67	0_2_00498B67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00526B12	0_2_00526B12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412B07	0_2_00412B07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00522B05	0_2_00522B05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050AB08	0_2_0050AB08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00448B1D	0_2_00448B1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AEB15	0_2_004AEB15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00400B27	0_2_00400B27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00510B22	0_2_00510B22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00518BD5	0_2_00518BD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041ABCC	0_2_0041ABCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408BD2	0_2_00408BD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420BD4	0_2_00420BD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F4BA7	0_2_003F4BA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AABEF	0_2_004AABEF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416BF0	0_2_00416BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EBF4	0_2_0040EBF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00438BFD	0_2_00438BFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044AB85	0_2_0044AB85
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E4BF5	0_2_003E4BF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046CB89	0_2_0046CB89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500B87	0_2_00500B87
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042EBA8	0_2_0042EBA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474BB8	0_2_00474BB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CC41	0_2_0040CC41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BAC48	0_2_004BAC48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DCC49	0_2_004DCC49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426C48	0_2_00426C48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00444C4B	0_2_00444C4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00452C50	0_2_00452C50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CCC54	0_2_004CCC54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FAC6F	0_2_004FAC6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DEC64	0_2_004DEC64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DCC63	0_2_003DCC63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00436C2C	0_2_00436C2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F8C41	0_2_003F8C41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00532CD0	0_2_00532CD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8CC4	0_2_004C8CC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042CCD2	0_2_0042CCD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EECE8	0_2_004EECE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050CCF7	0_2_0050CCF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040AC83	0_2_0040AC83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00466C80	0_2_00466C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003ECCF0	0_2_003ECCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404CA9	0_2_00404CA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528CBB	0_2_00528CBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00460CAD	0_2_00460CAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047CCB6	0_2_0047CCB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00516CA7	0_2_00516CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D8CC0	0_2_003D8CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BECB5	0_2_004BECB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E0CB1	0_2_004E0CB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045CD45	0_2_0045CD45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00504D59	0_2_00504D59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426D52	0_2_00426D52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4D53	0_2_004C4D53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DAD52	0_2_004DAD52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FED67	0_2_004FED67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EAD13	0_2_003EAD13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051ED12	0_2_0051ED12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E0D77	0_2_003E0D77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DCDD8	0_2_004DCDD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044CDD8	0_2_0044CDD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2DD0	0_2_004E2DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047EDFE	0_2_0047EDFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00470D84	0_2_00470D84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CED88	0_2_004CED88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00440D9F	0_2_00440D9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C6D91	0_2_004C6D91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043ADB3	0_2_0043ADB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EEDCA	0_2_003EEDCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00480E49	0_2_00480E49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00520E54	0_2_00520E54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8E41	0_2_004A8E41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049EE50	0_2_0049EE50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00432E5F	0_2_00432E5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00468E6F	0_2_00468E6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F2E10	0_2_003F2E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048EE73	0_2_0048EE73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00494E0E	0_2_00494E0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D8E1E	0_2_004D8E1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051CE09	0_2_0051CE09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E4E3E	0_2_004E4E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048AE3C	0_2_0048AE3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6E3C	0_2_004A6E3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EAE38	0_2_004EAE38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F6E46	0_2_003F6E46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045EE3C	0_2_0045EE3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426ECB	0_2_00426ECB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488EDD	0_2_00488EDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00502EC7	0_2_00502EC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051AEF7	0_2_0051AEF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E6E99	0_2_003E6E99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00458EF1	0_2_00458EF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00442EF3	0_2_00442EF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D4EF0	0_2_004D4EF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00512E93	0_2_00512E93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044AE9C	0_2_0044AE9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F2E90	0_2_004F2E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003DEED0	0_2_003DEED0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D0EBC	0_2_004D0EBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DEEBE	0_2_004DEEBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00506EAC	0_2_00506EAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412EBC	0_2_00412EBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E4F38	0_2_003E4F38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046EF41	0_2_0046EF41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8F43	0_2_004B8F43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B0F69	0_2_004B0F69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4F67	0_2_004B4F67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474F68	0_2_00474F68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051EF6A	0_2_0051EF6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00448F03	0_2_00448F03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BCF05	0_2_004BCF05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E8F1C	0_2_004E8F1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041EF15	0_2_0041EF15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047AF12	0_2_0047AF12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F8F5C	0_2_003F8F5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00524F2B	0_2_00524F2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00440F3E	0_2_00440F3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052AF28	0_2_0052AF28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C2F37	0_2_004C2F37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00478F38	0_2_00478F38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AAFCB	0_2_004AAFCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00430FD8	0_2_00430FD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00446FD8	0_2_00446FD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8FEE	0_2_004F8FEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00434FF0	0_2_00434FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406FF7	0_2_00406FF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043AFF9	0_2_0043AFF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00422FF9	0_2_00422FF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DEFF6	0_2_004DEFF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FAF8F	0_2_004FAF8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420F8C	0_2_00420F8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00400F9F	0_2_00400F9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464FB2	0_2_00464FB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F04A	0_2_0042F04A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00497040	0_2_00497040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F7059	0_2_004F7059
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BD05C	0_2_004BD05C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D9019	0_2_003D9019
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00467068	0_2_00467068
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409074	0_2_00409074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E907E	0_2_003E907E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044D025	0_2_0044D025
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00417025	0_2_00417025
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00517036	0_2_00517036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00483025	0_2_00483025
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00445036	0_2_00445036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00449036	0_2_00449036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004570C2	0_2_004570C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005290DD	0_2_005290DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004330DD	0_2_004330DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004510E6	0_2_004510E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004530F1	0_2_004530F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049B0F2	0_2_0049B0F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047F0F9	0_2_0047F0F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00511093	0_2_00511093
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A3081	0_2_004A3081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BF09C	0_2_004BF09C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401098	0_2_00401098
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B0AB	0_2_0040B0AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005190BF	0_2_005190BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045D0BE	0_2_0045D0BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050B0AB	0_2_0050B0AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049914D	0_2_0049914D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E314B	0_2_004E314B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040F147	0_2_0040F147
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C5146	0_2_004C5146
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A716D	0_2_004A716D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00443168	0_2_00443168
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00493167	0_2_00493167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B7165	0_2_004B7165
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F9103	0_2_003F9103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F110F	0_2_004F110F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AB10D	0_2_004AB10D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003ED176	0_2_003ED176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D1104	0_2_004D1104
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003EF173	0_2_003EF173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043D123	0_2_0043D123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049D125	0_2_0049D125
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046B133	0_2_0046B133
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F31BE	0_2_003F31BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E51B9	0_2_003E51B9

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00597706 appears 35 times

Source: file.exe, 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: kjdgxlpm ZLIB complexity 0.9950564581491306

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@1/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 1762304 > 1048576

Source: file.exe

Static PE information: Raw size of kjdgxlpm is bigger than: 0x100000 < 0x1a8200

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.3c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kjdgxlpm:EW;zrpyswpt:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1bc33b should be: 0x1b4b58

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: kjdgxlpm
Source: file.exe	Static PE information: section name: zrpyswpt
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE51C push 7189A9FCh; mov dword ptr [esp], ebx	0_2_003CF445
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE642 push edx; mov dword ptr [esp], 257D39B4h	0_2_003CE655
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE02F push 0B3CE854h; mov dword ptr [esp], ecx	0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE02F push esi; mov dword ptr [esp], edx	0_2_003CE212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D push 513829DCh; mov dword ptr [esp], esp	0_2_003E44DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D push edx; mov dword ptr [esp], ebp	0_2_003E44F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D push ebx; mov dword ptr [esp], edx	0_2_003E45C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D push 6903A980h; mov dword ptr [esp], edx	0_2_003E4600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D push ebp; mov dword ptr [esp], eax	0_2_003E460C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D push 3C67C826h; mov dword ptr [esp], ebx	0_2_003E4614
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D push edi; mov dword ptr [esp], eax	0_2_003E4677
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E402D push 7ADC02E4h; mov dword ptr [esp], edx	0_2_003E4697
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B2074 push eax; mov dword ptr [esp], 55CD8B7Ch	0_2_005B20A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B2074 push 4C2B8DF1h; mov dword ptr [esp], eax	0_2_005B20B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B2074 push 38C1C081h; mov dword ptr [esp], eax	0_2_005B20CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D206C push 72DEDBC3h; mov dword ptr [esp], esi	0_2_003D501A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE065 push 0B3CE854h; mov dword ptr [esp], ecx	0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE065 push esi; mov dword ptr [esp], edx	0_2_003CE212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE05A push 0B3CE854h; mov dword ptr [esp], ecx	0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE05A push esi; mov dword ptr [esp], edx	0_2_003CE212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062A01D push 69C09295h; mov dword ptr [esp], esi	0_2_0062A396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE0B6 push 0B3CE854h; mov dword ptr [esp], ecx	0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE0B6 push esi; mov dword ptr [esp], edx	0_2_003CE212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D20AC push esi; mov dword ptr [esp], edx	0_2_003D20C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE095 push 0B3CE854h; mov dword ptr [esp], ecx	0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE095 push esi; mov dword ptr [esp], edx	0_2_003CE212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE0F5 push 0B3CE854h; mov dword ptr [esp], ecx	0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CE0F5 push esi; mov dword ptr [esp], edx	0_2_003CE212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CC0F7 push 29BF4744h; ret	0_2_003CC0FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D40DA push edi; mov dword ptr [esp], 2F6D45B1h	0_2_003D467C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D40DA push 081046D5h; mov dword ptr [esp], ebx	0_2_003D4C6A

Source: file.exe	Static PE information: section name: entropy: 7.7507611266535665
Source: file.exe	Static PE information: section name: kjdgxlpm entropy: 7.953505006477482

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CE139 second address: 3CE13D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54022D second address: 54024D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007FB07CD8C2F6h 0x00000009 pop edx 0x0000000a jmp 00007FB07CD8C2FAh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54024D second address: 540253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 540253 second address: 54027B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C302h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jnl 00007FB07CD8C2F6h 0x00000013 jnp 00007FB07CD8C2F6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54052C second address: 54055D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D26122Fh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB07D261230h 0x00000012 jmp 00007FB07D26122Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5406DC second address: 5406EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB07CD8C2FEh 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 540849 second address: 54084E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54084E second address: 540867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB07CD8C302h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542A97 second address: 542AC9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB07D26122Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FB07D26122Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB07D261232h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542AC9 second address: 542ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542ACD second address: 542B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jmp 00007FB07D261234h 0x0000000d push 00000000h 0x0000000f jno 00007FB07D261227h 0x00000015 push 88D45D21h 0x0000001a pushad 0x0000001b jl 00007FB07D261228h 0x00000021 push esi 0x00000022 pop esi 0x00000023 push edi 0x00000024 js 00007FB07D261226h 0x0000002a pop edi 0x0000002b popad 0x0000002c add dword ptr [esp], 772BA35Fh 0x00000033 pushad 0x00000034 jmp 00007FB07D26122Bh 0x00000039 xor edx, dword ptr [ebp+122D29EBh] 0x0000003f popad 0x00000040 push 00000003h 0x00000042 xor edi, dword ptr [ebp+122D2A53h] 0x00000048 push 00000000h 0x0000004a movzx edi, dx 0x0000004d push 00000003h 0x0000004f sub dword ptr [ebp+122D1CA1h], ecx 0x00000055 jnl 00007FB07D26122Ch 0x0000005b mov ecx, dword ptr [ebp+122D1C37h] 0x00000061 push D7D9D898h 0x00000066 push edx 0x00000067 jmp 00007FB07D26122Ah 0x0000006c pop edx 0x0000006d xor dword ptr [esp], 17D9D898h 0x00000074 mov cl, bh 0x00000076 lea ebx, dword ptr [ebp+12448931h] 0x0000007c and ecx, dword ptr [ebp+122D1E13h] 0x00000082 xchg eax, ebx 0x00000083 pushad 0x00000084 push eax 0x00000085 push edx 0x00000086 jmp 00007FB07D261232h 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542BED second address: 542BF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FB07CD8C2F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542BF7 second address: 542C32 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, 4D25D2FAh 0x0000000e push 00000000h 0x00000010 jns 00007FB07D26122Ch 0x00000016 call 00007FB07D261229h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FB07D261232h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542C32 second address: 542C3C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542C3C second address: 542C6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07D26122Fh 0x00000008 jmp 00007FB07D26122Eh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007FB07D26122Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542C6A second address: 542C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542C6E second address: 542C90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261231h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edi 0x0000000e jne 00007FB07D26122Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542C90 second address: 542CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [eax] 0x00000007 pushad 0x00000008 pushad 0x00000009 jl 00007FB07CD8C2F6h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ecx 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c push ebx 0x0000001d pushad 0x0000001e popad 0x0000001f pop ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542CB4 second address: 542CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542CB8 second address: 542CFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop eax 0x0000000b sub dword ptr [ebp+122D2C4Eh], eax 0x00000011 pushad 0x00000012 xor dword ptr [ebp+122D19B8h], ebx 0x00000018 sub dword ptr [ebp+122D195Ch], eax 0x0000001e popad 0x0000001f push 00000003h 0x00000021 mov dword ptr [ebp+122D2F66h], eax 0x00000027 push 00000000h 0x00000029 mov dl, 3Dh 0x0000002b push 00000003h 0x0000002d stc 0x0000002e push 74555F59h 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542CFF second address: 542D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542D03 second address: 542D8A instructions: 0x00000000 rdtsc 0x00000002 js 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FB07CD8C301h 0x00000010 jo 00007FB07CD8C2F6h 0x00000016 popad 0x00000017 popad 0x00000018 add dword ptr [esp], 4BAAA0A7h 0x0000001f and esi, 06044C08h 0x00000025 mov dl, 91h 0x00000027 lea ebx, dword ptr [ebp+1244893Ah] 0x0000002d jmp 00007FB07CD8C305h 0x00000032 xchg eax, ebx 0x00000033 jmp 00007FB07CD8C309h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b ja 00007FB07CD8C30Ch 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542EEC second address: 542EF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542EF0 second address: 542EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542EF6 second address: 542F16 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB07D26122Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB07D26122Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542F16 second address: 542F7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07CD8C303h 0x00000008 jmp 00007FB07CD8C305h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jmp 00007FB07CD8C306h 0x00000019 pop eax 0x0000001a mov dword ptr [ebp+122D1C3Eh], ebx 0x00000020 lea ebx, dword ptr [ebp+12448945h] 0x00000026 sub dword ptr [ebp+122D1AADh], edx 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 jng 00007FB07CD8C2F6h 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 554634 second address: 554651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnc 00007FB07D26122Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push esi 0x0000000e pushad 0x0000000f ja 00007FB07D261226h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5377CD second address: 5377D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5377D1 second address: 5377FA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jl 00007FB07D261226h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB07D261239h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562459 second address: 5624B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jno 00007FB07CD8C2FCh 0x0000000b jnp 00007FB07CD8C30Fh 0x00000011 jmp 00007FB07CD8C309h 0x00000016 popad 0x00000017 je 00007FB07CD8C302h 0x0000001d js 00007FB07CD8C2FCh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562621 second address: 56265C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261238h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ebx 0x0000000d pop edi 0x0000000e ja 00007FB07D261255h 0x00000014 push esi 0x00000015 jmp 00007FB07D26122Eh 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56265C second address: 562662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562662 second address: 562666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562A84 second address: 562A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562BCB second address: 562BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562BCF second address: 562BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562BD6 second address: 562BE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007FB07D26122Eh 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562BE5 second address: 562C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB07CD8C308h 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562D80 second address: 562D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562D86 second address: 562D96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FB07CD8C2FAh 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562F6B second address: 562F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB07D26122Dh 0x0000000a jo 00007FB07D261232h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 562F85 second address: 562F8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556BED second address: 556BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556BF2 second address: 556C0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07CD8C303h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5630C4 second address: 5630D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 568090 second address: 568094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 568094 second address: 5680AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261233h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56E580 second address: 56E585 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56E844 second address: 56E893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pushad 0x00000007 jmp 00007FB07D261238h 0x0000000c jbe 00007FB07D26123Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB07D261234h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56E893 second address: 56E897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56E897 second address: 56E8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56ED07 second address: 56ED10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56ED10 second address: 56ED38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261232h 0x00000007 jmp 00007FB07D261232h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56EEDE second address: 56EEE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56EFF9 second address: 56F005 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB07D261226h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57259D second address: 5725AA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5725AA second address: 5725B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5725B6 second address: 5725BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5725BA second address: 5725C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5725C4 second address: 5725F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jnp 00007FB07CD8C309h 0x00000012 jg 00007FB07CD8C2F8h 0x00000018 popad 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5725F9 second address: 5725FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 572913 second address: 572917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 572AD4 second address: 572AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FB07D261226h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 572AE1 second address: 572AE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 572DAF second address: 572DCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261234h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FB07D26122Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 573214 second address: 57322D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57322D second address: 573231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 573300 second address: 573328 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FB07CD8C2F8h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB07CD8C301h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 573422 second address: 573426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57365E second address: 573668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB07CD8C2F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5758D3 second address: 5758D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5750D1 second address: 57510C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FB07CD8C307h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB07CD8C309h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5758D7 second address: 5758DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5758DD second address: 5758E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5758E3 second address: 5758E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578190 second address: 5781C1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB07CD8C300h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB07CD8C306h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5781C1 second address: 5781CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5781CA second address: 5781D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5781D0 second address: 578213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov esi, dword ptr [ebp+122D1E4Fh] 0x0000000d push 00000000h 0x0000000f sub edi, 3E5B33E7h 0x00000015 pushad 0x00000016 add dword ptr [ebp+12449E3Eh], edi 0x0000001c mov ecx, 2FA76C1Eh 0x00000021 popad 0x00000022 push 00000000h 0x00000024 push edi 0x00000025 jmp 00007FB07D261233h 0x0000002a pop esi 0x0000002b push eax 0x0000002c jo 00007FB07D26123Bh 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578D10 second address: 578D14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578D14 second address: 578DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jmp 00007FB07D261233h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FB07D261228h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push 00000000h 0x0000002a and edi, 712AA8DBh 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007FB07D261228h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c mov edi, dword ptr [ebp+1244A624h] 0x00000052 xchg eax, ebx 0x00000053 pushad 0x00000054 jp 00007FB07D261228h 0x0000005a push ebx 0x0000005b pop ebx 0x0000005c jmp 00007FB07D261233h 0x00000061 popad 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jnp 00007FB07D261228h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578A95 second address: 578A9F instructions: 0x00000000 rdtsc 0x00000002 js 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578A9F second address: 578AB8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007FB07D261226h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB07D26122Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578AB8 second address: 578ABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AC0C second address: 57AC28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB07D261236h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AC28 second address: 57AC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AC2C second address: 57AC30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57AC30 second address: 57AC55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007FB07CD8C309h 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57CF72 second address: 57CFC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push esi 0x0000000a jmp 00007FB07D26122Ch 0x0000000f pop ebx 0x00000010 push 00000000h 0x00000012 mov dword ptr [ebp+122D191Dh], eax 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007FB07D261228h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 pushad 0x00000035 mov ebx, 5CDA107Dh 0x0000003a mov edx, 3D10C3E4h 0x0000003f popad 0x00000040 xchg eax, esi 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57CFC8 second address: 57CFCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57CFCE second address: 57CFD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57DEE8 second address: 57DFAD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB07CD8C308h 0x0000000e nop 0x0000000f call 00007FB07CD8C307h 0x00000014 mov edi, dword ptr [ebp+122D1F38h] 0x0000001a pop ebx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007FB07CD8C2F8h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 0000001Ah 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 call 00007FB07CD8C308h 0x0000003c jne 00007FB07CD8C304h 0x00000042 pop edi 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007FB07CD8C2F8h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 00000016h 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f xchg eax, esi 0x00000060 jmp 00007FB07CD8C2FDh 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push ecx 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57DFAD second address: 57DFB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58006C second address: 58008C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C2FAh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jno 00007FB07CD8C2F6h 0x00000013 jg 00007FB07CD8C2F6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58008C second address: 5800A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261234h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5800A5 second address: 5800AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5800AA second address: 5800C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261234h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5800C4 second address: 5800D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FB07CD8C2FEh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5800D3 second address: 5800E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FB07D261243h 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5808B0 second address: 580925 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FB07CD8C2FDh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007FB07CD8C2F8h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D2EE3h], edi 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov bx, dx 0x00000042 mov eax, dword ptr [ebp+122D1275h] 0x00000048 pushad 0x00000049 mov dword ptr [ebp+122D1DD8h], esi 0x0000004f mov ecx, dword ptr [ebp+122D1CBFh] 0x00000055 popad 0x00000056 push FFFFFFFFh 0x00000058 sub bx, F22Dh 0x0000005d push eax 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 580925 second address: 580929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5836A0 second address: 5836BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07CD8C309h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 582952 second address: 5829B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jnp 00007FB07D26122Ah 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov di, B8E1h 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 clc 0x00000022 mov eax, dword ptr [ebp+122D11B1h] 0x00000028 mov edi, 6FF94F69h 0x0000002d jnp 00007FB07D26122Ch 0x00000033 push FFFFFFFFh 0x00000035 or bh, 0000004Dh 0x00000038 nop 0x00000039 pushad 0x0000003a push ecx 0x0000003b pushad 0x0000003c popad 0x0000003d pop ecx 0x0000003e jmp 00007FB07D26122Bh 0x00000043 popad 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jno 00007FB07D26122Ch 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5838F1 second address: 5838F6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5838F6 second address: 583903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 583903 second address: 583907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 585811 second address: 58586D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 sub bx, A88Dh 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007FB07D261228h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 sbb edi, 34705BAEh 0x0000002f push 00000000h 0x00000031 jg 00007FB07D261230h 0x00000037 jmp 00007FB07D26122Ah 0x0000003c mov bh, 94h 0x0000003e xchg eax, esi 0x0000003f pushad 0x00000040 jnc 00007FB07D261228h 0x00000046 push ebx 0x00000047 pop ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a jnc 00007FB07D261226h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58586D second address: 585883 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FB07CD8C2F8h 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5868CE second address: 5868E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261234h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5868E6 second address: 5868F5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 589962 second address: 589984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB07D261239h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 589984 second address: 5899F3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FB07CD8C30Dh 0x00000010 popad 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007FB07CD8C2F8h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c jnc 00007FB07CD8C2F8h 0x00000032 push 00000000h 0x00000034 xor edi, 45C2E781h 0x0000003a push 00000000h 0x0000003c mov ebx, dword ptr [ebp+122D2AAFh] 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushad 0x00000047 popad 0x00000048 ja 00007FB07CD8C2F6h 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5899F3 second address: 5899F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 586A71 second address: 586A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 586A75 second address: 586A9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261239h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FB07D261226h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 586A9C second address: 586AA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 586AA0 second address: 586AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 586AAA second address: 586AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 586AAE second address: 586B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FB07D261228h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push dword ptr fs:[00000000h] 0x00000029 add dword ptr [ebp+122D2870h], eax 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 jmp 00007FB07D26122Fh 0x0000003b mov eax, dword ptr [ebp+122D1479h] 0x00000041 jl 00007FB07D26123Ah 0x00000047 push FFFFFFFFh 0x00000049 push 00000000h 0x0000004b push edx 0x0000004c call 00007FB07D261228h 0x00000051 pop edx 0x00000052 mov dword ptr [esp+04h], edx 0x00000056 add dword ptr [esp+04h], 00000015h 0x0000005e inc edx 0x0000005f push edx 0x00000060 ret 0x00000061 pop edx 0x00000062 ret 0x00000063 push eax 0x00000064 jp 00007FB07D261234h 0x0000006a pushad 0x0000006b jc 00007FB07D261226h 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58AB6E second address: 58AB73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5859EB second address: 5859EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5859EF second address: 5859F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 585B02 second address: 585B06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 589B98 second address: 589B9D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 589C80 second address: 589C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 589C84 second address: 589C94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 595AE6 second address: 595AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 595AEA second address: 595AF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FB07CD8C2F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A6AA1 second address: 5A6AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB07D261226h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5A6AAB second address: 5A6AAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB5EE second address: 5AB5F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC045 second address: 5AC053 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jnp 00007FB07CD8C2F6h 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC1C2 second address: 5AC1E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FB07D261226h 0x00000009 jmp 00007FB07D261234h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC364 second address: 5AC381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C303h 0x00000007 jnp 00007FB07CD8C2F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC381 second address: 5AC38B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FB07D261226h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC38B second address: 5AC38F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B0DE9 second address: 5B0DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B0DEE second address: 5B0E02 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007FB07CD8C2F6h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FB07CD8C2F6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B10C2 second address: 5B10F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261239h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB07D261231h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B10F5 second address: 5B10F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B13DB second address: 5B140A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB07D261226h 0x0000000a jmp 00007FB07D26122Bh 0x0000000f popad 0x00000010 jmp 00007FB07D26122Ah 0x00000015 pushad 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B140A second address: 5B140E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B140E second address: 5B1424 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261232h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B1424 second address: 5B143A instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB07CD8C2FCh 0x00000008 jnp 00007FB07CD8C2F6h 0x0000000e js 00007FB07CD8C2FCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B182E second address: 5B183E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB07D261226h 0x00000008 jbe 00007FB07D261226h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B183E second address: 5B1844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B1844 second address: 5B1848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B1AF0 second address: 5B1AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B1AF7 second address: 5B1AFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B1AFE second address: 5B1B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FB07CD8C2F6h 0x0000000f je 00007FB07CD8C2F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B1DCD second address: 5B1DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB07D261226h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7E96 second address: 5B7EC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FB07CD8C2F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB07CD8C300h 0x00000011 jmp 00007FB07CD8C2FAh 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push edi 0x0000001c pop edi 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7EC8 second address: 5B7ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7ECE second address: 5B7ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F422 second address: 52F428 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F428 second address: 52F434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F434 second address: 52F438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F438 second address: 52F460 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C306h 0x00000007 jmp 00007FB07CD8C2FEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F460 second address: 52F465 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B6875 second address: 5B687B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B687B second address: 5B6894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261234h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B6A05 second address: 5B6A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FB07CD8C2F6h 0x00000009 jc 00007FB07CD8C2F6h 0x0000000f js 00007FB07CD8C2F6h 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB07CD8C308h 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B6A39 second address: 5B6A3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B6B88 second address: 5B6BAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FB07CD8C308h 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B6BAC second address: 5B6BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7166 second address: 5B716A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B716A second address: 5B7170 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7170 second address: 5B718A instructions: 0x00000000 rdtsc 0x00000002 js 00007FB07CD8C2F8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FB07CD8C312h 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007FB07CD8C2F6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B740E second address: 5B7414 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7414 second address: 5B742D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB07CD8C305h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B76A5 second address: 5B76CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261232h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB07D26122Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B76CB second address: 5B76D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B76D3 second address: 5B76D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B76D7 second address: 5B7704 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007FB07CD8C2F6h 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ecx 0x00000016 jnp 00007FB07CD8C310h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7704 second address: 5B771F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261234h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B771F second address: 5B7725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55772B second address: 55775D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB07D261233h 0x0000000a jmp 00007FB07D261236h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55775D second address: 557767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB07CD8C2F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7D1A second address: 5B7D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B64BD second address: 5B64EF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FB07CD8C2FEh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB07CD8C304h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B64EF second address: 5B64FC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B64FC second address: 5B6500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B6500 second address: 5B6523 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB07D261226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jns 00007FB07D261226h 0x00000011 jmp 00007FB07D261230h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B6523 second address: 5B652E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB07CD8C2F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B652E second address: 5B6539 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FB07D261226h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BA748 second address: 5BA76B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB07CD8C2F6h 0x00000008 jmp 00007FB07CD8C309h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BA76B second address: 5BA78A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261235h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BDD5B second address: 5BDD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C300h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BDD6F second address: 5BDD74 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534250 second address: 534256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 570F8D second address: 570F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 570F93 second address: 570F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 570F98 second address: 570FB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07D261236h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 570FB3 second address: 570FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB07CD8C2FFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571506 second address: 571542 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07D261235h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FB07D26122Fh 0x00000017 popad 0x00000018 pop eax 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571542 second address: 571573 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C300h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jmp 00007FB07CD8C306h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571573 second address: 571579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571579 second address: 57158D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FB07CD8C2F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571698 second address: 5716A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5716A6 second address: 5716B8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FB07CD8C2F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5716B8 second address: 5716E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D26122Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, esi 0x0000000b sbb di, 2B40h 0x00000010 mov edi, edx 0x00000012 push eax 0x00000013 pushad 0x00000014 jmp 00007FB07D26122Fh 0x00000019 jnl 00007FB07D26122Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571866 second address: 57186A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57186A second address: 571874 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57196E second address: 571994 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C308h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FB07CD8C2F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571994 second address: 5719BB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB07D261226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b nop 0x0000000c movsx edx, cx 0x0000000f push 00000004h 0x00000011 sub dh, 00000037h 0x00000014 and dx, 6CA1h 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB07D26122Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571DA2 second address: 571DFD instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jns 00007FB07CD8C2F6h 0x00000013 popad 0x00000014 popad 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FB07CD8C2F8h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 push 0000001Eh 0x00000032 movsx edx, ax 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FB07CD8C308h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57196A second address: 57196E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57209E second address: 572103 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FB07CD8C306h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jns 00007FB07CD8C2FEh 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 jp 00007FB07CD8C2FCh 0x0000001e pushad 0x0000001f push edi 0x00000020 pop edi 0x00000021 jc 00007FB07CD8C2F6h 0x00000027 popad 0x00000028 popad 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FB07CD8C307h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 572103 second address: 572109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5721C8 second address: 5721E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB07CD8C302h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5721E2 second address: 5721E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57228C second address: 572290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 572290 second address: 5722AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261237h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5722AB second address: 55772B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007FB07CD8C2F6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007FB07CD8C309h 0x00000012 call dword ptr [ebp+122D1871h] 0x00000018 pushad 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6B19 second address: 5C6B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007FB07D26122Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6B30 second address: 5C6B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6C98 second address: 5C6CBE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB07D261226h 0x00000008 jmp 00007FB07D261238h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6CBE second address: 5C6CC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6CC2 second address: 5C6CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6CC8 second address: 5C6CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6CD4 second address: 5C6CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB07D261226h 0x0000000a popad 0x0000000b jmp 00007FB07D261238h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6CF7 second address: 5C6D32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07CD8C309h 0x00000008 jbe 00007FB07CD8C2F6h 0x0000000e jc 00007FB07CD8C2F6h 0x00000014 jmp 00007FB07CD8C2FAh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jnp 00007FB07CD8C2F6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6EAB second address: 5C6EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6EB1 second address: 5C6EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007FB07CD8C2FFh 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 jne 00007FB07CD8C2F6h 0x0000001b popad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6EDA second address: 5C6EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C706D second address: 5C7075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C7379 second address: 5C737F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C737F second address: 5C7384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C7384 second address: 5C73B9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB07D26123Eh 0x00000008 jmp 00007FB07D261238h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jno 00007FB07D26122Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C73B9 second address: 5C73BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C73BD second address: 5C73C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C9B4F second address: 5C9B85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007FB07CD8C2FBh 0x0000000f jmp 00007FB07CD8C306h 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D2692 second address: 5D26AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007FB07D26122Eh 0x0000000b jne 00007FB07D261226h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D26AE second address: 5D26B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D26B4 second address: 5D26CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB07D261231h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D8EE4 second address: 5D8F2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FFh 0x00000007 jmp 00007FB07CD8C307h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FB07CD8C307h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D8F2A second address: 5D8F33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D8F33 second address: 5D8F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D8F37 second address: 5D8F55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB07D261238h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D8F55 second address: 5D8F68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FB07CD8C2FCh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9361 second address: 5D9367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9367 second address: 5D9374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007FB07CD8C2F8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9374 second address: 5D937A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D937A second address: 5D93B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C302h 0x00000007 jbe 00007FB07CD8C2F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007FB07CD8C2FEh 0x00000015 jne 00007FB07CD8C2F6h 0x0000001b push eax 0x0000001c pop eax 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push eax 0x00000020 jmp 00007FB07CD8C2FAh 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D94EC second address: 5D94FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D26122Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D94FB second address: 5D950E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D950E second address: 5D9514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9514 second address: 5D9532 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB07CD8C2F6h 0x00000008 jmp 00007FB07CD8C304h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571BA3 second address: 571C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 sub di, 6911h 0x0000000b adc cx, 3CD6h 0x00000010 mov ebx, dword ptr [ebp+12476BF0h] 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FB07D261228h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 push ecx 0x00000031 or dword ptr [ebp+122D19B8h], esi 0x00000037 pop edx 0x00000038 pushad 0x00000039 mov dword ptr [ebp+122D2C4Eh], ebx 0x0000003f mov ax, F844h 0x00000043 popad 0x00000044 add eax, ebx 0x00000046 mov dx, cx 0x00000049 nop 0x0000004a jns 00007FB07D261232h 0x00000050 push eax 0x00000051 jc 00007FB07D261230h 0x00000057 pushad 0x00000058 pushad 0x00000059 popad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 571C0E second address: 571C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 jmp 00007FB07CD8C308h 0x0000000b push 00000004h 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FB07CD8C2F8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dh, 3Ch 0x00000029 or dword ptr [ebp+122D196Ch], ecx 0x0000002f nop 0x00000030 jmp 00007FB07CD8C2FCh 0x00000035 push eax 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 js 00007FB07CD8C2F6h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D97C0 second address: 5D97CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D97CA second address: 5D97D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB07CD8C2F6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D97D7 second address: 5D97DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9957 second address: 5D996B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D996B second address: 5D996F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DA368 second address: 5DA377 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FB07CD8C2F6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DDADC second address: 5DDAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jg 00007FB07D261226h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DDAE9 second address: 5DDAEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DDAEF second address: 5DDAF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DDC56 second address: 5DDC5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5042 second address: 5E5046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5901 second address: 5E5905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5905 second address: 5E590F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E590F second address: 5E5913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5913 second address: 5E5917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5917 second address: 5E5928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FB07CD8C2FEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5928 second address: 5E592E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E592E second address: 5E5934 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5934 second address: 5E5938 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5BD6 second address: 5E5BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5BE3 second address: 5E5BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5F01 second address: 5E5F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5F05 second address: 5E5F31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB07D261230h 0x0000000b jl 00007FB07D26122Eh 0x00000011 jns 00007FB07D261226h 0x00000017 pushad 0x00000018 popad 0x00000019 jc 00007FB07D26122Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5F31 second address: 5E5F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB07CD8C304h 0x0000000d jnl 00007FB07CD8C2F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E64DF second address: 5E64E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6766 second address: 5E676F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E676F second address: 5E678E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261236h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E678E second address: 5E67A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C300h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E67A2 second address: 5E67A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E67A6 second address: 5E67CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C309h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FB07CD8C2F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E98B2 second address: 5E98B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F14CE second address: 5F14D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F14D2 second address: 5F14D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F14D6 second address: 5F14EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007FB07CD8C2F6h 0x0000000d jnl 00007FB07CD8C2F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F166D second address: 5F1673 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F1673 second address: 5F1679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F1679 second address: 5F167D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F167D second address: 5F1681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F1681 second address: 5F1687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F19CA second address: 5F19E7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB07CD8C2F6h 0x00000008 jmp 00007FB07CD8C303h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F1FD5 second address: 5F1FD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F1FD9 second address: 5F2020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB07CD8C309h 0x0000000b popad 0x0000000c jl 00007FB07CD8C338h 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007FB07CD8C2F6h 0x0000001a jmp 00007FB07CD8C309h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB2C5 second address: 5FB2C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB2C9 second address: 5FB2CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB2CD second address: 5FB2D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB54E second address: 5FB567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB07CD8C300h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB567 second address: 5FB5B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jnc 00007FB07D261226h 0x0000000d jmp 00007FB07D261236h 0x00000012 pop esi 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b jmp 00007FB07D26122Ah 0x00000020 push eax 0x00000021 push edx 0x00000022 jc 00007FB07D261226h 0x00000028 jmp 00007FB07D26122Fh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB6E2 second address: 5FB6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FB07CD8C2FFh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB6F6 second address: 5FB743 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007FB07D261233h 0x0000000c jmp 00007FB07D26122Eh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB07D261230h 0x00000019 jmp 00007FB07D261232h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB8B8 second address: 5FB8BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB8BC second address: 5FB8C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB8C5 second address: 5FB8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FB07CD8C2FEh 0x00000012 jng 00007FB07CD8C2FCh 0x00000018 jl 00007FB07CD8C2F6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB8EB second address: 5FB8F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB8F1 second address: 5FB8FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB8FB second address: 5FB8FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FC0A2 second address: 5FC0A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FC0A6 second address: 5FC0B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FA87A second address: 5FA888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jns 00007FB07CD8C2F6h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6008AF second address: 6008B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6008B7 second address: 6008BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604A64 second address: 604A68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604A68 second address: 604A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604A6E second address: 604A7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D26122Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604A7F second address: 604A83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604A83 second address: 604A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 611F5C second address: 611F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C303h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6141E4 second address: 6141F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FB07D26122Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6141F4 second address: 61421D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB07CD8C301h 0x0000000c jmp 00007FB07CD8C301h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61421D second address: 614224 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 614224 second address: 61422C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 613C81 second address: 613C8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 ja 00007FB07D261226h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 613E12 second address: 613E1E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnp 00007FB07CD8C2F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 613E1E second address: 613E2C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007FB07D261226h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626A06 second address: 626A0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628BEA second address: 628C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007FB07D26122Fh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628A9D second address: 628AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628AA3 second address: 628AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628AA8 second address: 628AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62F928 second address: 62F934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62FD7B second address: 62FD8D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FB07CD8C2F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62FD8D second address: 62FD96 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 630004 second address: 63000B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63000B second address: 630011 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 630011 second address: 630015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 630015 second address: 630045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jns 00007FB07D261226h 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 je 00007FB07D26124Ch 0x00000016 jmp 00007FB07D261232h 0x0000001b push eax 0x0000001c push edx 0x0000001d ja 00007FB07D261226h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 630045 second address: 63004B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6301F9 second address: 6301FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6301FD second address: 630201 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 630B3A second address: 630B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB07D261226h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 630B44 second address: 630B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6335A9 second address: 6335AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 633711 second address: 633716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 633716 second address: 63371B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63371B second address: 633723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D445 second address: 63D44B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D44B second address: 63D44F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D44F second address: 63D461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D26122Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D461 second address: 63D46D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB07CD8C2FEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63EA46 second address: 63EA55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FE20 second address: 64FE40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jne 00007FB07CD8C2FEh 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007FB07CD8C2F8h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FE40 second address: 64FE50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB07D26122Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FE50 second address: 64FE64 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB07CD8C2F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FB07CD8C2F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FA21 second address: 64FA3F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB07D261234h 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FA3F second address: 64FA51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jp 00007FB07CD8C2F8h 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6593AF second address: 6593C7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB07D261226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB07D26122Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6593C7 second address: 6593DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C303h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6593DE second address: 659419 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261239h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e jmp 00007FB07D261230h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007FB07D261226h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658B4F second address: 658B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658E23 second address: 658E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658E27 second address: 658E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658F94 second address: 658FA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D26122Dh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658FA6 second address: 658FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658FAC second address: 658FB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65CAA2 second address: 65CAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB07CD8C2F6h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65CAB0 second address: 65CAB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66088C second address: 660890 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 660890 second address: 66089C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66324B second address: 66324F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C7C5 second address: 65C7D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D26122Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C7D6 second address: 65C7DB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C936 second address: 65C93C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C93C second address: 65C940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65C940 second address: 65C944 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65D99D second address: 65D9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C2FCh 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FB07CD8C301h 0x00000010 popad 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65D9C6 second address: 65D9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe

Special instruction interceptor: First address: 60A52C instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4ED0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5180000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003CE02F rdtsc

0_2_003CE02F

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 3864

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_005A18B6 GetSystemInfo,VirtualAlloc,

0_2_005A18B6

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003CE02F rdtsc

0_2_003CE02F

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: kIProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0059B853 GetSystemTime,GetFileTime,

0_2_0059B853

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\Desktop\file.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\Desktop\file.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Bypass User Account Control	261 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	261 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	24 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
15.164.165.52.in-addr.arpa	0%	Virustotal		Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
15.164.165.52.in-addr.arpa	unknown	unknown	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532611
Start date and time:	2024-10-13 18:33:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/1@1/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtProtectVirtualMemory calls found.

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.932995764527113
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'762'304 bytes
MD5:	50940cba9f55df1cb172952d0b03df56
SHA1:	933550875254bf6e565dd63005dfded7fda5ccfa
SHA256:	b6737bd5cb107768640e737f9837fed8455d603ae9f86834a968d71f140cea48
SHA512:	c425d3a02c0ce610816947752236311de19c4d5a5f63e21f6e6c1df2a32ccd5223bd71ebb2ad000432be4b13b0bd21c450995149997370237a61693ad8701d8a
SSDEEP:	24576:HlHIGdCOiyqnnR/pM25xaXBOrGxQ+0CcaCY/0dXsqd7+Hj7fRdlMuzc6m6wxmOD1:lXCfHJpN5OOZ/D20dXhinfHiAmEO6I
TLSH:	6E8533058BF4C6B0C92A4E3EDBB36E55D7F7366540EBAA2A1BCC60065DC4368D733909
File Content Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............E.. ...`....@.. ........................F.....;.....`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x85c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:	0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB07D03255Ah
cmpps xmm3, dqword ptr [edx], 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FB07D034555h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8055	0x69	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x59c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x81f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x2000	0x4000	0x1200	5e0d1ecf7531317dcb76ae53177f0a86	False	0.9299045138888888	data	7.7507611266535665	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6000	0x59c	0x600	aae15e30898a02f09cc86ed48aa06b09	False	0.4140625	data	4.036947054771808	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x8000	0x2000	0x200	ec9cb51e8cb4ea49a56ee3cf434fb69e	False	0.1484375	data	0.9342685949460681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0xa000	0x2a6000	0x200	85d246b83eb52aef88a1e5c5a52abb9b	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
kjdgxlpm	0x2b0000	0x1aa000	0x1a8200	a33064638d8c3e2e06f84e1b74a3bd99	False	0.9950564581491306	data	7.953505006477482	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
zrpyswpt	0x45a000	0x2000	0x400	09ab075f7f8e59f96a2579df31c4b15c	False	0.734375	data	5.8030557157370755	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x45c000	0x4000	0x2200	e9d82c86d7202630e5919c082cbc78e7	False	0.06387867647058823	DOS executable (COM)	0.7012969678670562	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x6090	0x30c	data			0.42948717948717946
RT_MANIFEST	0x63ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
kernel32.dll	lstrcpy

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 18:34:35.682202101 CEST	53	65020	162.159.36.2	192.168.2.4
Oct 13, 2024 18:34:36.164891958 CEST	50065	53	192.168.2.4	1.1.1.1
Oct 13, 2024 18:34:36.172317028 CEST	53	50065	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 13, 2024 18:34:36.164891958 CEST	192.168.2.4	1.1.1.1	0xe6ab	Standard query (0)	15.164.165.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 13, 2024 18:34:36.172317028 CEST	1.1.1.1	192.168.2.4	0xe6ab	Name error (3)	15.164.165.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

Target ID:	0
Start time:	12:34:07
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x3c0000
File size:	1'762'304 bytes
MD5 hash:	50940CBA9F55DF1CB172952D0B03DF56
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	3.4%
Signature Coverage:	3.9%
Total number of Nodes:	358
Total number of Limit Nodes:	23

Executed Functions

Function 005A18B6 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,-11F05FEC), ref: 005A18C2
VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 005A1923

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: 6bf239a332458f3b4a764591cfbadd590e0c15cfaa06bfb51bb7e38caf81dbe5
Instruction ID: 245dd9bc3dedd6ba29903c52dc8c7d4f9cf80fb57f508bab91491e6b0c847437
Opcode Fuzzy Hash: 6bf239a332458f3b4a764591cfbadd590e0c15cfaa06bfb51bb7e38caf81dbe5
Instruction Fuzzy Hash: 4341EFB2D44606AAE33DDF608845F9EBBECFB48751F000066A203DE586E67095D48BE4

Function 00598DD9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?), ref: 00598EEA
LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 00598EFE

Strings

.exe, xrefs: 00598E45
.dll, xrefs: 00598E21
1002, xrefs: 00598EB4

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: .dll$.exe$1002
API String ID: 1029625771-847511843
Opcode ID: 525deaa00e556464f4f037d9fe46ee635416a2300599c3226902abb9be898b61
Instruction ID: 69906bf9a83d8a820665c1341291e1cf776a4169d70f6c44b084490daf483cbd
Opcode Fuzzy Hash: 525deaa00e556464f4f037d9fe46ee635416a2300599c3226902abb9be898b61
Instruction Fuzzy Hash: 7231EE3240820AFFDF25AF60D919ABE3F79FF5A350F10451AF80296121CB319DA0EB64

Function 005992DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00599271,?,00000000,00000000), ref: 0059939C
GetModuleHandleA.KERNEL32(00000000,?,?,?,00599271,?,00000000,00000000), ref: 005993AA

Strings

.dll, xrefs: 00599312

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: HandleModule
String ID: .dll
API String ID: 4139908857-2738580789
Opcode ID: e688dc5b8456316f9fe0c0a6d31afb870f492c8279aff3630d55127bc7d280eb
Instruction ID: e4cf3b9082142c4a2046867423694a11c271f9337fc943f99e09991dc211027d
Opcode Fuzzy Hash: e688dc5b8456316f9fe0c0a6d31afb870f492c8279aff3630d55127bc7d280eb
Instruction Fuzzy Hash: 19115B3021560AEEEF319F69C80D7A87E79FF89345F044A2AF801884D1C7B999E0DA95

Function 0059BC39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(011212A4,-11F05FEC), ref: 0059BCB2
GetFileAttributesA.KERNEL32(00000000,-11F05FEC), ref: 0059BCC0

Strings

@, xrefs: 0059BC65

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2726393805
Opcode ID: 790610affecff35f3cb023436f6b2df357e7f26e6233a4acf01633ebe0984457
Instruction ID: 6a0cd406dcc78a1d13c21510953ee534bc874849b39596b481681b87b5e90541
Opcode Fuzzy Hash: 790610affecff35f3cb023436f6b2df357e7f26e6233a4acf01633ebe0984457
Instruction Fuzzy Hash: 20018C7050820BFAFF21AF64EB4DB9DBE74BF58344F204465E5066A191CBB09E91EB44

Function 00597CB9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddExtensionA.KERNELBASE(?,00000000), ref: 00597D1B

Strings

\\?\, xrefs: 00597D76

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: ExtensionPath
String ID: \\?\
API String ID: 158807944-4282027825
Opcode ID: 06fd1a1ee4c49ac4e4cdf804f77a058356e62e54f98d9a8340f42af1f715f4e7
Instruction ID: 0123940e49cf4dea52e683953dae4e8d227e2b64bbeeaa764db4629ee6156d5b
Opcode Fuzzy Hash: 06fd1a1ee4c49ac4e4cdf804f77a058356e62e54f98d9a8340f42af1f715f4e7
Instruction Fuzzy Hash: 9231153561420EBFDF22DF95C90AF9E7ABAFF4D704F0000A2B900A5060D3729964DB54

Function 04ED0D41 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04ED0DCD

Strings

/|, xrefs: 04ED0D6A

Memory Dump Source

Source File: 00000000.00000002.1913247916.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ed0000_file.jbxd

Similarity

API ID: ManagerOpen
String ID: /|
API String ID: 1889721586-3868058007
Opcode ID: f5f02c120bcbfb703975901581dad522fe6c5bb6f678e6c548bbee72442981ae
Instruction ID: dccb59a6c605129d6bbcbac0a707b55742f944df06664dba2c4ebbbe677c3643
Opcode Fuzzy Hash: f5f02c120bcbfb703975901581dad522fe6c5bb6f678e6c548bbee72442981ae
Instruction Fuzzy Hash: 872135B6C002099FDB50CF99D885ADEFBF4EB88324F14826AD909BB204D774A541CBA5

Function 04ED0D48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04ED0DCD

Strings

/|, xrefs: 04ED0D6A

Memory Dump Source

Source File: 00000000.00000002.1913247916.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ed0000_file.jbxd

Similarity

API ID: ManagerOpen
String ID: /|
API String ID: 1889721586-3868058007
Opcode ID: fa84c2af393c5ad25797df8f6cbf773346e64f62c37efe71d8b538a1a686a839
Instruction ID: 3db57a2aad844b2512256cf38f673e508ccd3f1d7f44d069ae7204d6a730bc04
Opcode Fuzzy Hash: fa84c2af393c5ad25797df8f6cbf773346e64f62c37efe71d8b538a1a686a839
Instruction Fuzzy Hash: B02124B6C002199FCB50CF9AD885BDEFBF5EF88324F14815AD909BB204D774A541CBA5

Function 04ED1509 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32(?,?,?), ref: 04ED1580

Strings

/|, xrefs: 04ED152F

Memory Dump Source

Source File: 00000000.00000002.1913247916.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ed0000_file.jbxd

Similarity

API ID: ControlService
String ID: /|
API String ID: 253159669-3868058007
Opcode ID: d44ea3d672b620c7dab306e955e253e40215c90eca8762e5ad2d2234e9227c98
Instruction ID: ba042882e64f2c9c96749f6dcede2282dbae603580209079a150ab0278690f4f
Opcode Fuzzy Hash: d44ea3d672b620c7dab306e955e253e40215c90eca8762e5ad2d2234e9227c98
Instruction Fuzzy Hash: E92114B5D002499FDB10CF9AD585BDEFBF4EB48324F10802AE519A7241D378AA44CFA5

Function 04ED1510 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ControlService.ADVAPI32(?,?,?), ref: 04ED1580

Strings

/|, xrefs: 04ED152F

Memory Dump Source

Source File: 00000000.00000002.1913247916.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ed0000_file.jbxd

Similarity

API ID: ControlService
String ID: /|
API String ID: 253159669-3868058007
Opcode ID: 77fa8db035079000836c81036f63bfa59311424f1dbc99670db87818a0c407bf
Instruction ID: ea17170c0d9d6480745f4028cd870470bf7c10467437348770ca8f11ce01deff
Opcode Fuzzy Hash: 77fa8db035079000836c81036f63bfa59311424f1dbc99670db87818a0c407bf
Instruction Fuzzy Hash: BE1114B1D002498FDB10CF9AC585BDEFBF4EB48320F10802AE518A3240D378A644CFA5

Function 04ED1301 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04ED1367

Strings

/|, xrefs: 04ED1322

Memory Dump Source

Source File: 00000000.00000002.1913247916.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ed0000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID: /|
API String ID: 2216092060-3868058007
Opcode ID: b6fa3244eb1721e819b3f406a33e355860c7d283a1d9603f609dfb2ea18cb922
Instruction ID: ad755efa076dfaf5921da1ce89375b2fcfa707f647a318757a1dfa661e51139e
Opcode Fuzzy Hash: b6fa3244eb1721e819b3f406a33e355860c7d283a1d9603f609dfb2ea18cb922
Instruction Fuzzy Hash: 061128B1800249CFDB10DF9AD585BEEFBF4EF48324F24846AD558A3640D778A545CFA1

Function 04ED1308 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04ED1367

Strings

/|, xrefs: 04ED1322

Memory Dump Source

Source File: 00000000.00000002.1913247916.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ed0000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID: /|
API String ID: 2216092060-3868058007
Opcode ID: dae110c4a0e6c6f7c5a2974b7fb6f6a2df732f8ec75af42aa1905119479c1e27
Instruction ID: fe428c2267cfa8d71320ebcb826d94b525a2ebc53e63a5b9271f5c4bb1d78521
Opcode Fuzzy Hash: dae110c4a0e6c6f7c5a2974b7fb6f6a2df732f8ec75af42aa1905119479c1e27
Instruction Fuzzy Hash: 031133B1800349CFDB10CF9AC945BEEFBF8EB48324F24846AD558A3640C778A944CFA5

Function 005993C8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00597706: GetCurrentThreadId.KERNEL32 ref: 00597715
Part of subcall function 00597706: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00597758

GetModuleHandleExA.KERNELBASE(?,?,?), ref: 0059942C

Strings

.dll, xrefs: 005993E9

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CurrentHandleModuleSleepThread
String ID: .dll
API String ID: 683542999-2738580789
Opcode ID: 692f2b1db50d165928c9b42a4f52a3877ecfe9d0353124f43cf17dc2e023b4a7
Instruction ID: a9eeffcd9d97916e10a5a346460831345ce25d2c03b6627dcc033647dbea468c
Opcode Fuzzy Hash: 692f2b1db50d165928c9b42a4f52a3877ecfe9d0353124f43cf17dc2e023b4a7
Instruction Fuzzy Hash: D3F0307610820AAFDF119FA8CA8AB6A7FA5FF5C310F508129FD0889152D731C862DB61

Function 0059BE55 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(011212A4,?,?,-11F05FEC,?,?,?,-11F05FEC,?), ref: 0059BF07

Part of subcall function 0059BE07: IsBadWritePtr.KERNEL32(?,00000004), ref: 0059BE15

CreateFileA.KERNEL32(?,?,?,-11F05FEC,?,?,?,-11F05FEC,?), ref: 0059BF27

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CreateFile$Write
String ID:
API String ID: 1125675974-0
Opcode ID: be6ff606f6143e36692372ec02ee159d2e858b486f6dd2de70abd9651ef7872f
Instruction ID: 7fd5a137d262ebaf904f62f62e720948c50ad01dc3449ec1b39b37b5fa776b80
Opcode Fuzzy Hash: be6ff606f6143e36692372ec02ee159d2e858b486f6dd2de70abd9651ef7872f
Instruction Fuzzy Hash: 9711D77110410AFBFF229F94EE09BEE3E7ABF48344F144515FA0564061C77689B1EB55

Function 0059B7C1 Relevance: 3.0, APIs: 2, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 00597706: GetCurrentThreadId.KERNEL32 ref: 00597715
Part of subcall function 00597706: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00597758

GetCurrentProcess.KERNEL32(-11F05FEC), ref: 0059B7CE
DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0059B834

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: Current$DuplicateHandleProcessSleepThread
String ID:
API String ID: 2846201637-0
Opcode ID: 26890a40572e6c7f3c576d192a6bb84d80ad0e7fba21c676e0edfab877202c00
Instruction ID: 7b8e95db626e1373163b93b41b589b0e8c804ba3b6ee6dd1eb4054953e352aaf
Opcode Fuzzy Hash: 26890a40572e6c7f3c576d192a6bb84d80ad0e7fba21c676e0edfab877202c00
Instruction Fuzzy Hash: 8401F63210514AFBAF22AFA4EE49C9E3F6AFF9C754B108916F90590011C732C062EB61

Function 00597706 Relevance: 3.0, APIs: 2, Instructions: 33sleepthreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00597715
Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00597758

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CurrentSleepThread
String ID:
API String ID: 1164918020-0
Opcode ID: 2c59ffbdacb8c5653d6c96a04d47bc5098ea27bd220717880d27e26384b53a61
Instruction ID: 6aaf4cd023b0be3a9e72052034dc093f4549b89c6ae0b79f7e68ac840d563008
Opcode Fuzzy Hash: 2c59ffbdacb8c5653d6c96a04d47bc5098ea27bd220717880d27e26384b53a61
Instruction Fuzzy Hash: 5EF0E93110920DEFDF219FA0C54875EBAB4FF8D31AF30017AD10145150E7741949D7C1

Function 005A22E2 Relevance: 1.6, APIs: 1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09965638d8f6a5cab1fcf94bd2abb356e720cfcdc95f1869e71d51e513ea16c3
Instruction ID: 714d6caf526bb18072dd65c22e94727634a47914d9f7655d7e0cbf39fd1e4189
Opcode Fuzzy Hash: 09965638d8f6a5cab1fcf94bd2abb356e720cfcdc95f1869e71d51e513ea16c3
Instruction Fuzzy Hash: 23417C71904205EFDF35CF18D846BAE7FA1FF57310F248896E942AA992C339AC90DB51

Function 00599E40 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 00599EF5

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e50b9a4e9615308856cb99af7cbcee74b0a1ae2655a451b9fa3c7a8ec2f75b6c
Instruction ID: 574725b3ab2cf3903945109a8d2ce58b606c71c8d641420c571645ab3d0f6e46
Opcode Fuzzy Hash: e50b9a4e9615308856cb99af7cbcee74b0a1ae2655a451b9fa3c7a8ec2f75b6c
Instruction Fuzzy Hash: 01318B71904209BEEF219FA9DC49F9EBBB8FF48314F20816AF504AA191D3719A51CB10

Function 0059965C Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 005996DE

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5eca6a181a86b61025f8fac29be904c5fc2308946bd6c6a18cc3e5c2d002bfa5
Instruction ID: a99ff6106eabb43eb457b66ad1c26f01ffc683c2c918fa1c9f662d0701e1f949
Opcode Fuzzy Hash: 5eca6a181a86b61025f8fac29be904c5fc2308946bd6c6a18cc3e5c2d002bfa5
Instruction Fuzzy Hash: 8B31A271640305BEEF309FA8DC4AF99BBB8FF49724F204259F614AE1D1C7B1A5918B14

Function 005A202F Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,?), ref: 005A20DC

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: a01d7d48668ca373af34d0c4a44f569953565d439e72c9e562ea02fcfda07005
Instruction ID: a622817cc0f51682594c17e61c82311cac6c5da44bff525c8b81450ec254c25f
Opcode Fuzzy Hash: a01d7d48668ca373af34d0c4a44f569953565d439e72c9e562ea02fcfda07005
Instruction Fuzzy Hash: 4C11C871A052299FEB308A1C8C8ABEE7F7CFF17750F104495EA05A7045D7749EC1CAA6

Function 0059C98D Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00597706: GetCurrentThreadId.KERNEL32 ref: 00597715
Part of subcall function 00597706: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00597758

MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-11F05FEC), ref: 0059CA14

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CurrentFileSleepThreadView
String ID:
API String ID: 2270672837-0
Opcode ID: fd18112e96ec4849a66cd8f55327dc86760fc71b7e229cf8dacef941b5ca681d
Instruction ID: 98b16d4969583675f1d07c757c8b83cce4bd013e653f6d296ffc466d659f7bf2
Opcode Fuzzy Hash: fd18112e96ec4849a66cd8f55327dc86760fc71b7e229cf8dacef941b5ca681d
Instruction Fuzzy Hash: 51116D7210410BEBCF22AFA4DD4ADAE3E6AFF99340B044512FA1255421C73694B2EBA1

Function 0059C775 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CurrentSleepThread
String ID:
API String ID: 1164918020-0
Opcode ID: 937ee12f37a7c2738a42ed892ef7da841a7994168ad40680e78c3d61a0121755
Instruction ID: 1e6f25ddf52bff94b42d0da498b93b821e6098557fc6c41333708be2041913ed
Opcode Fuzzy Hash: 937ee12f37a7c2738a42ed892ef7da841a7994168ad40680e78c3d61a0121755
Instruction Fuzzy Hash: B211293250420AEFCF12AFA4C94DE9E7F79FF88344F108429F90296161D735CA62EB61

Function 0059C059 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00597706: GetCurrentThreadId.KERNEL32 ref: 00597715
Part of subcall function 00597706: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00597758

ReadFile.KERNELBASE(?,00000000,?,00000400,?,-11F05FEC,?,?,00599D88,?,?,00000400,?,00000000,?,00000000), ref: 0059C0C5

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CurrentFileReadSleepThread
String ID:
API String ID: 1253362762-0
Opcode ID: 642783bd51c16bb4fba8c05487a4055a67fca427a2377c8edc8bfa3ca7bf8977
Instruction ID: 9bb786221f947092ba7ab063024e73d2490c9ec65fbb9b1d203f73fc6c6c761c
Opcode Fuzzy Hash: 642783bd51c16bb4fba8c05487a4055a67fca427a2377c8edc8bfa3ca7bf8977
Instruction Fuzzy Hash: 4BF0EC3610414AEFCF129F94CC4DE9E3F6AFF88350F004412FA0559121D732C4A1EB61

Function 0059903C Relevance: 1.5, APIs: 1, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(005987F2,005987F2), ref: 00599087

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: 8254c5b42ac082206528514d52e6dbc6bae0b854efb536a7a2c03d70c3799195
Instruction ID: 28a62a3d8e4e9e6b9b96ea76edff67f9982045d2ea3a40ae0c52f6c30583d3a0
Opcode Fuzzy Hash: 8254c5b42ac082206528514d52e6dbc6bae0b854efb536a7a2c03d70c3799195
Instruction Fuzzy Hash: E6E09235204107BACF213FB8CC4E89D3F65BFD9390B148426FC1644062CF31C066E621

Function 005978D7 Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(?,?), ref: 0059793B

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: 1e7db369ca55d41d5c2e8fab7bb081405f5b59abd8c4b7832cffe9884b912150
Instruction ID: 2e3e9f49501852454eafbd6db4267610b0c38b6ee3c5547f72359c7cf214b3bf
Opcode Fuzzy Hash: 1e7db369ca55d41d5c2e8fab7bb081405f5b59abd8c4b7832cffe9884b912150
Instruction Fuzzy Hash: DC01D632A1411EFFDF219FA5CC08E9EBF7AFF48780F0001A2A904A4460D7329661DB64

Function 005A1C59 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,005A1C55,?,?,005A195B,?,?,005A195B,?,?,005A195B), ref: 005A1C79

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d47f84d4b397a0742d078e0868c9be221f59ee88d9423b93794f8a3d9ac28621
Instruction ID: c7de253f50f6c0129e8fc2eb94849bc6712089456b72b849a572a095c5926fac
Opcode Fuzzy Hash: d47f84d4b397a0742d078e0868c9be221f59ee88d9423b93794f8a3d9ac28621
Instruction Fuzzy Hash: 41F081B1900705EFD7268F54C905B9DBFE4FF4A761F108065E44B9B655E3B298C08B98

Function 0059A45A Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 00597706: GetCurrentThreadId.KERNEL32 ref: 00597715
Part of subcall function 00597706: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00597758

CloseHandle.KERNELBASE(00599E1D,-11F05FEC,?,?,00599E1D,?), ref: 0059A498

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CloseCurrentHandleSleepThread
String ID:
API String ID: 4003616898-0
Opcode ID: 097b03478145f7ab5c7fb3ef34c54f1aeccf9fd0918c21ad05a5e0877ad38007
Instruction ID: 68c7702925355893fc727c45a6e8e65f5cb43885a43961c401eba583ef45c70e
Opcode Fuzzy Hash: 097b03478145f7ab5c7fb3ef34c54f1aeccf9fd0918c21ad05a5e0877ad38007
Instruction Fuzzy Hash: 4DE0867220800BBBCE117BB8D88DE4E3F28FFC9754B104523B40595046DA65C092C3B7

Function 003CE51C Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 003CE52A

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 123d69a1f0131594f5c72e76bcfda79f0406ddfb56663635ec1052810df43dcf
Instruction ID: 5aefca0679e0e6bf82c8d6a09102e1e0b708364577d5923ad676c1605bb0cc52
Opcode Fuzzy Hash: 123d69a1f0131594f5c72e76bcfda79f0406ddfb56663635ec1052810df43dcf
Instruction Fuzzy Hash: 34F0A5B450CA049FD705AF29888967DBBE4FF58311F414A2CE8E5D6760D7314CA0CB46

Function 003CE642 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 003CE648

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a4cb8e3b402f7c647a913aee8195d7eb00008937e52ef669135da5b4a7bbc835
Instruction ID: 38a20549aeb11068e3aa6dcbbbfce25acad02c7bd1c9d719648042961d7e46c9
Opcode Fuzzy Hash: a4cb8e3b402f7c647a913aee8195d7eb00008937e52ef669135da5b4a7bbc835
Instruction Fuzzy Hash: 1CC002B0048A09AFD7446F1494887BDBEF8EF18701F12081DE8C596A50E6315C90DB56

Function 0059951F Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,005975A5,?,?), ref: 00599525

Memory Dump Source

Source File: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0c29a8c4b734755fb3621778b9bccf5a4da7d31d50acfbc948097712025eba6c
Instruction ID: 9b6c740e7d324e537f0f4a71607cef7b7517fd24ade28aaa6412185b28c8f60d
Opcode Fuzzy Hash: 0c29a8c4b734755fb3621778b9bccf5a4da7d31d50acfbc948097712025eba6c
Instruction Fuzzy Hash: 8FB09231001509BFCF42BFA5DC0AC4DBF69FF9A398B108120F909480218B7BE9B19B94

Non-executed Functions

Function 005361DD Relevance: 8.9, Strings: 6, Instructions: 1368COMMON

Download Yara Rule

Strings

r]:, xrefs: 00536284
7_W, xrefs: 005362BA
H=?N, xrefs: 0053633D
Q2Y, xrefs: 00536234
Q_+, xrefs: 0053620B
%@-, xrefs: 005364F7

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: 7_W$%@-$H=?N$Q2Y$Q_+$r]:
API String ID: 0-290443719
Opcode ID: 9e67e03f47756983886704f17fe22d19fc9e841560a81cc248ca73c5286c9a4f
Instruction ID: 278ceefd105473b0bc0c71d85ec722c42da9c3bd715e62b56ba916884f69b4fa
Opcode Fuzzy Hash: 9e67e03f47756983886704f17fe22d19fc9e841560a81cc248ca73c5286c9a4f
Instruction Fuzzy Hash: D5921CF3A086109FE304AE2DDC8567ABBE9EFD4720F1A853DEAC4C7744E63558418693

Function 003EA649 Relevance: 3.0, Strings: 2, Instructions: 467COMMON

Download Yara Rule

Strings

Jsgo, xrefs: 003EAAE3
W}_, xrefs: 003EAAFC

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: Jsgo$W}_
API String ID: 0-2991449355
Opcode ID: d6cf25ad2628b4428a95b3c5104daf138398a9d9e62c8a9b95c3aa5858500427
Instruction ID: a55aacc0e3ad3586911879c0864208287358ae235cdcb72e567cfb2d8dc30809
Opcode Fuzzy Hash: d6cf25ad2628b4428a95b3c5104daf138398a9d9e62c8a9b95c3aa5858500427
Instruction Fuzzy Hash: A2E1ABB3F106144BF3484D39DD98366B683DBD4320F2B823C9E98A77C9E97E9C094285

Function 003CE02F Relevance: 2.6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

Strings

8#{_, xrefs: 003CF4FF
V, xrefs: 003CE1E1

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: 8#{_$V
API String ID: 0-2008296128
Opcode ID: f454777201c1c3c43d60b585a41eabcb5ca9ffb937c61781bee11642d2970ed9
Instruction ID: ad2d2a097642f90aea06a86e7672c6f2c47418119594d900f4c920871c66c846
Opcode Fuzzy Hash: f454777201c1c3c43d60b585a41eabcb5ca9ffb937c61781bee11642d2970ed9
Instruction Fuzzy Hash: 0541E7B240825D9FD7168F21D804AFF3BA9EB42320F25852EDC42C7E42E6B20D15DB58

Function 0050C15B Relevance: 1.8, Strings: 1, Instructions: 528COMMON

Download Yara Rule

Strings

\ous, xrefs: 0050C782

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: \ous
API String ID: 0-2018528814
Opcode ID: 42b9111bb05bc941744cc2617587ddc10134d5a2a53dc6174279fd6e75bd2ceb
Instruction ID: 0a0e164d3858f80a0d2b3a92aa9550e0746d144049b2a8e9c9de528cf5fcfe3f
Opcode Fuzzy Hash: 42b9111bb05bc941744cc2617587ddc10134d5a2a53dc6174279fd6e75bd2ceb
Instruction Fuzzy Hash: 1402AAF3F216244BF3544939DD993A67682DB94320F2F823D8E89AB7C4D87E5C0A42C4

Function 0050A421 Relevance: 1.8, Strings: 1, Instructions: 501COMMON

Download Yara Rule

Strings

y9, xrefs: 0050A98C

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: y9
API String ID: 0-4111066438
Opcode ID: ddb045e08aacda9c9f2aebb466702fe58e74a2af4fbefcec105cb8823b984d92
Instruction ID: 8fdd84ae16386ab657630fdf9623bdf724500e87edcf4150c2f68ef7c62b028d
Opcode Fuzzy Hash: ddb045e08aacda9c9f2aebb466702fe58e74a2af4fbefcec105cb8823b984d92
Instruction Fuzzy Hash: F7F1B0B3E156244BF3148D39DC98366B692EBD4320F2F823C9E98977C5D97E9D094384

Function 0041E5B3 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

bLw, xrefs: 0041EA7C

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: bLw
API String ID: 0-3068749459
Opcode ID: 8be64343867687745ed72adb036f9b26ae4eb3a3b07ba8e8fa717ada2868472b
Instruction ID: 43b7c34a79a1b86ef1ebe289b0b2251657398aff0402a9372357a2268a519b01
Opcode Fuzzy Hash: 8be64343867687745ed72adb036f9b26ae4eb3a3b07ba8e8fa717ada2868472b
Instruction Fuzzy Hash: BBE1D2F3E042248BF3545E29DC98366B692EB94320F2B463DCE896B7C4DA7E5C058785

Function 004E6477 Relevance: 1.7, Strings: 1, Instructions: 414COMMON

Download Yara Rule

Strings

5<r, xrefs: 004E69E9

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: 5<r
API String ID: 0-3288813538
Opcode ID: cf699b376a9ebb38f2d488f8f187ce4aa61386c1f28b8f8d71a312b0d49a0be4
Instruction ID: e3357f3977fccb702028d04cd3aaae4178166ade8d2a021d4e67707e0326b0a2
Opcode Fuzzy Hash: cf699b376a9ebb38f2d488f8f187ce4aa61386c1f28b8f8d71a312b0d49a0be4
Instruction Fuzzy Hash: 92D1B3B3F142104BF3484E29DD9537AB6D3EBD4320F2A823DDA89977C4D93E590A8785

Function 0047F0F9 Relevance: 1.6, Strings: 1, Instructions: 399COMMON

Download Yara Rule

Strings

}LKe, xrefs: 0047F681

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: }LKe
API String ID: 0-4022653152
Opcode ID: b234137aff6f44a4a1e3c62daf618d2fb2aa04b0703385baa2c51f8cf91eb959
Instruction ID: 16b4b902d37aaefa574accae088ea5ac7bac2207b17d907a0f6d51083621349a
Opcode Fuzzy Hash: b234137aff6f44a4a1e3c62daf618d2fb2aa04b0703385baa2c51f8cf91eb959
Instruction Fuzzy Hash: 31D1F4B3F042148BF3144E28DC94366B692EB94320F2F863CDE889B3C5DA7E5D499785

Function 0040A1FC Relevance: 1.6, Strings: 1, Instructions: 379COMMON

Download Yara Rule

Strings

A+w, xrefs: 0040A5AB

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: A+w
API String ID: 0-4022600221
Opcode ID: f0c834775d8b7fd2ce10dd5b2e1bf6c0efb3595173ed393dd20ee0473f3e156d
Instruction ID: a7dfc0bfe148d0591f0b59831472f211a76e360bcc460eee5933260892e763ab
Opcode Fuzzy Hash: f0c834775d8b7fd2ce10dd5b2e1bf6c0efb3595173ed393dd20ee0473f3e156d
Instruction Fuzzy Hash: 77D1BFB3F112244BF3544969DC983A27683DBD4324F2F82788F58AB7C9D87E5D0A5384

Function 004A01C4 Relevance: 1.6, Strings: 1, Instructions: 331COMMON

Download Yara Rule

Strings

:, xrefs: 004A02F5

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: :
API String ID: 0-336475711
Opcode ID: 31bf2c0360933ec2ec96fb1b86b223590818749021d2b4e0303a1e2692a8b340
Instruction ID: 1198b555c599e633e3a85594f3e9ae504fb49c9640d97e9a596d09628062f816
Opcode Fuzzy Hash: 31bf2c0360933ec2ec96fb1b86b223590818749021d2b4e0303a1e2692a8b340
Instruction Fuzzy Hash: B4B19CB3F215254BF3884878CD593A2668397D5324F2F82788F1DAB7C5D87E9D0A5388

Function 004530F1 Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

\x9K, xrefs: 00453347

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: \x9K
API String ID: 0-368526156
Opcode ID: 2618352039b4c298bd8396b244633f5d0ab94597cf186bffad77953eeedeb56f
Instruction ID: aa94ae257da1fc5ecf626276286248f11a451328cdf26396db5d7f7da6bb8800
Opcode Fuzzy Hash: 2618352039b4c298bd8396b244633f5d0ab94597cf186bffad77953eeedeb56f
Instruction Fuzzy Hash: CBA18EB3F1112547F3544939CCA83A26583DBD5324F2F82788E5DABBCAD87E6D0A5384

Function 0045E385 Relevance: 1.5, Strings: 1, Instructions: 297COMMON

Download Yara Rule

Strings

4, xrefs: 0045E4A4

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: e14fe6b81bd544cd871c7f013eb0c4dcf4e842866eef695f2bb90431d4614aea
Instruction ID: e0713d494de6787c3880c6e0b53de3ed895b1668a28ac28a84ad7be196d2d18a
Opcode Fuzzy Hash: e14fe6b81bd544cd871c7f013eb0c4dcf4e842866eef695f2bb90431d4614aea
Instruction Fuzzy Hash: C1A1A3B3F602254BF7844D28CD983A27643DBD5311F2F82398E199B7C9D9BE9D0A5384

Function 003D603F Relevance: 1.5, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

!, xrefs: 003D624C

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 4c9bcd9e3b43c042aa24e59a3f9174aea71770963c45ea4dd9b8531706ccc139
Instruction ID: 36bb5f695f3c16202377e0a3d5889b641529e0464b353383acb682f04df787c0
Opcode Fuzzy Hash: 4c9bcd9e3b43c042aa24e59a3f9174aea71770963c45ea4dd9b8531706ccc139
Instruction Fuzzy Hash: B8A180F3F1162547F3944868CC583A165839BE5320F2F82788E5CAB7C6D9BE9D0A5384

Function 004D2619 Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

}, xrefs: 004D2749

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-4239843852
Opcode ID: fd65210884d9c10cf484a5613be4c395b7a11d2caab9c1609912ea7cff2ed270
Instruction ID: 0c5afb79dc375721d6ce1144c84dfcec41f14c2f64449091c28c042c5b040825
Opcode Fuzzy Hash: fd65210884d9c10cf484a5613be4c395b7a11d2caab9c1609912ea7cff2ed270
Instruction Fuzzy Hash: 88A18EB3F5112547F3484D39CD683A26683DBD5310F2F82798E09AB7C9D97E9D0A9384

Function 004A716D Relevance: 1.5, Strings: 1, Instructions: 275COMMON

Download Yara Rule

Strings

g, xrefs: 004A7246

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: g
API String ID: 0-30677878
Opcode ID: ab279d53ce13da9b713dba78fc9a32f92baaf652b9fbf3dd795ba3e60b98f27a
Instruction ID: cbaae8b16312a01a50dddb31302d9c927d1375981cbafd98539c413f0db6e18b
Opcode Fuzzy Hash: ab279d53ce13da9b713dba78fc9a32f92baaf652b9fbf3dd795ba3e60b98f27a
Instruction Fuzzy Hash: 19A18BB3F1152447F3544928CC683A2B692DBA1321F2F82788E5C7B7C5E9BE5D4953C4

Function 004C84EE Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

Zl?5, xrefs: 004C8723

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: Zl?5
API String ID: 0-3394563201
Opcode ID: af5c2422f12a3c3e6e5b668a0452c16f5cc3338f256857a083ea16dfe1549b8e
Instruction ID: 421126ae46538279b6c567ee206d3e8ea6bc37d65d4a124921156878074990a6
Opcode Fuzzy Hash: af5c2422f12a3c3e6e5b668a0452c16f5cc3338f256857a083ea16dfe1549b8e
Instruction Fuzzy Hash: 429158F7F1122507F3944879CCA836265839BE5325F2F82388F59ABBC9DC7E5D0A5284

Function 0051A63F Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,rN, xrefs: 0051A756

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: ,rN
API String ID: 0-2523253009
Opcode ID: 3cff5de8bd79a6df6f61329e0e58e44abe7dff90adc4a30ee68ae3ab0e17c877
Instruction ID: 0ef601f7911ca88eb16faab8dd548db603be4df97d580b9ee9d44619ce5b132c
Opcode Fuzzy Hash: 3cff5de8bd79a6df6f61329e0e58e44abe7dff90adc4a30ee68ae3ab0e17c877
Instruction Fuzzy Hash: 69914CB3F1162547F3548929CC543A2B283EBE5315F2F81788A4CAB7C9ED7E9D0A5384

Function 003E2650 Relevance: 1.5, Strings: 1, Instructions: 258COMMON

Download Yara Rule

Strings

z, xrefs: 003E275E

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: z
API String ID: 0-1657960367
Opcode ID: 7ac632cc21550a44a8f21bd6b0cc6bf6f01a24ad553f5ee7e86d48b2ffaa676f
Instruction ID: e8795373c2b02620198330d29fb7422d54d13396b6638e216050e6f48f9f1c8b
Opcode Fuzzy Hash: 7ac632cc21550a44a8f21bd6b0cc6bf6f01a24ad553f5ee7e86d48b2ffaa676f
Instruction Fuzzy Hash: 9E9177F3F1222547F3484928CC683A26693DBA5325F2F823C8E596B7C5ED7E9D095384

Function 0047253E Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

!=k, xrefs: 004727ED

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: !=k
API String ID: 0-4020888799
Opcode ID: 1a0b448e09c503cc041ab5d0098835008b3be1d98357df05626d3a02c4a7d5e4
Instruction ID: 00e89e992297cb2a17b1ac77c3d72b55cff7efd215c100ac94c43ce3835f98a9
Opcode Fuzzy Hash: 1a0b448e09c503cc041ab5d0098835008b3be1d98357df05626d3a02c4a7d5e4
Instruction Fuzzy Hash: 098152B3F1162147F3584929CCA836665839BD5324F2F83798F6C6BBC9D8BE5D0A42C4

Function 004AA45E Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

}, xrefs: 004AA5AC

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-4239843852
Opcode ID: aeb5bd191c34d8ac742d83af82e9e756a2419ee4e676f67e2d62c28604b5e4e3
Instruction ID: 83dae252e76d2a896970b3a1fe075321bc822f25bc61551dd98b34e1a8990a17
Opcode Fuzzy Hash: aeb5bd191c34d8ac742d83af82e9e756a2419ee4e676f67e2d62c28604b5e4e3
Instruction Fuzzy Hash: 008169B3F515254BF3544938CCA83A265839BE1324F2F82788F5D6B7C9D87E5D0A6384

Function 0049D125 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

9, xrefs: 0049D20C

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 95dc5365b2fa1a48084c108f93a49271f6bd4ec402558040b88bf287a668353d
Instruction ID: 81ba11df75f4f3740822c91b828510afe55d5c0b32bdfed79652182562d1b8f4
Opcode Fuzzy Hash: 95dc5365b2fa1a48084c108f93a49271f6bd4ec402558040b88bf287a668353d
Instruction Fuzzy Hash: F28168B7E0112547F3A44D29CC683A2B683A7D5320F2F82788E5C6B7C5E97E5D4A53C4

Function 00418639 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

a, xrefs: 004186D6

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: d47b86b3ed10fe0cc9480bf61029a7a446fba1eb5e5aed8fa187f445b684dec6
Instruction ID: c3b80eabed70b9ec0747c3d6e91e23cb776a6af6668607b5ab65cb9d60ac5f95
Opcode Fuzzy Hash: d47b86b3ed10fe0cc9480bf61029a7a446fba1eb5e5aed8fa187f445b684dec6
Instruction Fuzzy Hash: F68180B3F116254BF3504E29CC943A27693DB95310F2F82788E48AB7C5DD7EAD0A9384

Function 0043C092 Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

m, xrefs: 0043C0F0

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: m
API String ID: 0-3775001192
Opcode ID: 760edfec92cca386c07e122c0db9650e92813ad75892fa7a050d2f6f000f1f04
Instruction ID: 2e35b885a65c5370a3039bc74817f62eaf40a794c5d521519a6c914d7090b461
Opcode Fuzzy Hash: 760edfec92cca386c07e122c0db9650e92813ad75892fa7a050d2f6f000f1f04
Instruction Fuzzy Hash: 8A71DFB3F011258BF3444968CCA43A27693DB95320F2F82788E586B7C8DD7E6D099384

Function 0048A401 Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

fgkp, xrefs: 0048A4BD

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: fgkp
API String ID: 0-2761779510
Opcode ID: d0b531d97449220089c45bab91071bec58ed98ad8fa3a3df15194e46844cb2e9
Instruction ID: 1e100a720d1a8c88f6f3d0476a9175d038b2947d359a415b2344a8763012daad
Opcode Fuzzy Hash: d0b531d97449220089c45bab91071bec58ed98ad8fa3a3df15194e46844cb2e9
Instruction Fuzzy Hash: D371BDB3E1112447F3544D28CC683627693EB85321F2F82788E896BBC8DD7E6D0A57C4

Function 003F802A Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

/, xrefs: 003F80FA

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: c7ce969ac886cdd93d9d5ef8da07962df3936ff0c510718e1c1d01bf750454b2
Instruction ID: 572aaa0a2dbe433c6884b3ec182f4266c400742251d8300596f3830cdc0eed21
Opcode Fuzzy Hash: c7ce969ac886cdd93d9d5ef8da07962df3936ff0c510718e1c1d01bf750454b2
Instruction Fuzzy Hash: 5D7189B3F512254BF7444A29CC983A67693DBC1310F2F81788E486BBC9D97E6D0A9784

Function 00414452 Relevance: 1.5, Strings: 1, Instructions: 210COMMON

Download Yara Rule

Strings

C@sP, xrefs: 0041463A

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: C@sP
API String ID: 0-3070680782
Opcode ID: ad01eb1f726b7eb3bd0fdd174f76dfc25191ffc85253001595c9d0d6b729f7d2
Instruction ID: 0e8c10f3d0262240b62808143330da20c2bcf442d7252640051d206805930c9f
Opcode Fuzzy Hash: ad01eb1f726b7eb3bd0fdd174f76dfc25191ffc85253001595c9d0d6b729f7d2
Instruction Fuzzy Hash: B0618FB3F1122647F3504D38CD983A66643EB85324F2F43348E58AB7C5DA7E9D499384

Function 00422586 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

P, xrefs: 00422607

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 10691dcd2617b54ffae15d16b9fcf3a7e9128411b0fd41885017a8d6d984b467
Instruction ID: 8699265349aa1442ca717bb25501a9d76cb9eeee220ef41d2084d7e2d0113a8f
Opcode Fuzzy Hash: 10691dcd2617b54ffae15d16b9fcf3a7e9128411b0fd41885017a8d6d984b467
Instruction Fuzzy Hash: 05617BB3F1152447F3944968CC683A2B253DB95314F2F82388E48AB3C5E97FAD1997C4

Function 00444459 Relevance: 1.4, Strings: 1, Instructions: 195COMMON

Download Yara Rule

Strings

l-P, xrefs: 00444629

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: l-P
API String ID: 0-2377903221
Opcode ID: a4c113ead3815fccb159bab38f04dab0b3b2f95507cd12c286ddaf11e4a54756
Instruction ID: 31e493579ed134ea6d01fcbb3546e923c64eab59d5674cd2a1ba880c5eede153
Opcode Fuzzy Hash: a4c113ead3815fccb159bab38f04dab0b3b2f95507cd12c286ddaf11e4a54756
Instruction Fuzzy Hash: F7616CB7E1112547F3944D29CC983A27293ABD4311F2F82788E8C2B7C4D97E6E4A97C4

Function 003EC5A5 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

I, xrefs: 003EC634

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 0f03a1523f3c8a386a3864f4e652016cdc3bc6bd56cbf68a07a690b20956c674
Instruction ID: a0eac2a442b3529f53f79c4c784f1fa700722e7fc4d41d85ddea1c3c0368316a
Opcode Fuzzy Hash: 0f03a1523f3c8a386a3864f4e652016cdc3bc6bd56cbf68a07a690b20956c674
Instruction Fuzzy Hash: E0518BB7F011244BF3944E29DCA83627293DBD5314F2F82788E4D6B3C5E97E6D0A9684

Function 004526E8 Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

K, xrefs: 004527C0

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: c411b0ca934df81da1aede22058fb5302cc3dd5df218fa05ffed905173cf62db
Instruction ID: fdc1ed4836a5c0ad3957ac823ae5f3520f46bde2f723656c7bb57393286edadd
Opcode Fuzzy Hash: c411b0ca934df81da1aede22058fb5302cc3dd5df218fa05ffed905173cf62db
Instruction Fuzzy Hash: 26516BB3F116248BF3540E28CCA83627252EB95724F2F41798E596B3C0DA7F6D199784

Function 00416268 Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

$JN', xrefs: 00416268

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID: $JN'
API String ID: 0-3102292099
Opcode ID: 3687ec2d273f059709920559c888432c511a0e558d66d35da646c47e2ee278d2
Instruction ID: 02f3f3741dc45ffc14d1b130b7cf1c9984487b73f083a5fee0e0b3e1979c655f
Opcode Fuzzy Hash: 3687ec2d273f059709920559c888432c511a0e558d66d35da646c47e2ee278d2
Instruction Fuzzy Hash: 71517CB3F1162547F3844939CD983A26643E795311F2F82388F585B7C5DD7E9D0A5384

Function 004404E1 Relevance: .6, Instructions: 594COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e318d6b4b860f839578c0848f5eaf08f0802b8a276ca2e2ef1c10f6079efd8a3
Instruction ID: 8a982992683ebcc3f4e39f86269a195d9cf7f1ce9b518d864c7b88a7f1c98ec3
Opcode Fuzzy Hash: e318d6b4b860f839578c0848f5eaf08f0802b8a276ca2e2ef1c10f6079efd8a3
Instruction Fuzzy Hash: F61259F3E2196407F7A04468CC583A2558397E1325F2FC2B58F5C6BBCAD8BE5C5A52C8

Function 00438278 Relevance: .6, Instructions: 576COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 509a6483618336d0c3c13f18a0be3cd5371ac8234fdfabc9e586edd4288c0043
Instruction ID: 1ec2cd91d00ccd9a45f50b7f8410cba833f1b0a9202ec297ad69c43d1c751bff
Opcode Fuzzy Hash: 509a6483618336d0c3c13f18a0be3cd5371ac8234fdfabc9e586edd4288c0043
Instruction Fuzzy Hash: 7412A0F3F60B560BF7640878DDD93A26982D764324F1E46799F98DB7C2D8AE8C444388

Function 004E82CE Relevance: .6, Instructions: 556COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81e1c43d4777fa48fe62b64195919a1c17332c334d3ec6065a8995d93bbe0197
Instruction ID: f94c34f19423cd85880f0d51518da57ea5e6d1e35a6f643a1280a8197e2ef06e
Opcode Fuzzy Hash: 81e1c43d4777fa48fe62b64195919a1c17332c334d3ec6065a8995d93bbe0197
Instruction Fuzzy Hash: 7912ACF3E116204BF3544929CC943667683EBD5720F2F863C9B98AB7C5E97E9D0A4384

Function 003E402D Relevance: .5, Instructions: 525COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 670c5cad7b189f1e8f2339c6f3928ab5aa73408e1a58013f9d863da10c88c026
Instruction ID: b3040e0974b2b60916f06910b23b57d0590350bb4ab617c09fcfb5c2fcde3b05
Opcode Fuzzy Hash: 670c5cad7b189f1e8f2339c6f3928ab5aa73408e1a58013f9d863da10c88c026
Instruction Fuzzy Hash: 5A02CFF3E156214BF3484D29DD99366B693DBD4320F2F823C8A89A7BC4D97E5C094285

Function 004B6314 Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66f0702f5c974a7cb3c27062647bd16b3db34c9884098e366fabf54bd959f1be
Instruction ID: b35de910ab3da7d38d0b8541fafccc806e106f7a507ab8e843d6e293561a2ebf
Opcode Fuzzy Hash: 66f0702f5c974a7cb3c27062647bd16b3db34c9884098e366fabf54bd959f1be
Instruction Fuzzy Hash: 1E02BFF3F146144BF3449E29DC98366B692EB94320F2F863C8E889B7C5D93E5C098785

Function 00401098 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d9d2f6376d6d8d754d5397ba251e1e9933f820e40e64b1259f60dc68a702bab
Instruction ID: fc59d648ae414445e5b2e85d3e5f333b77172a22c6040b8fce3fd7165c7bd671
Opcode Fuzzy Hash: 1d9d2f6376d6d8d754d5397ba251e1e9933f820e40e64b1259f60dc68a702bab
Instruction Fuzzy Hash: 21F125F7F60B650BF36444B8DDD8392588293A5324F1F82B58F68BB7D6D8AE4C4412C8

Function 004E05D1 Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b740f23c348c92b5f4196869f46be4dbbd9cd8e554477d92291c19599c197e13
Instruction ID: 2dc0fe9b8b8a8f6449f5c0d3d62215ba95ad3e8030fa696ae277431870dc99b9
Opcode Fuzzy Hash: b740f23c348c92b5f4196869f46be4dbbd9cd8e554477d92291c19599c197e13
Instruction Fuzzy Hash: CDF1CDF3E106214BF3444D69DC94366B692DB90324F2F82388F88A77C5E97E5D0A83C5

Function 00438362 Relevance: .4, Instructions: 448COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db49a4df49fc48c11c1f851931ae6283509bcdc794a71f3c19a9078df7b0ac5b
Instruction ID: cf053fcf6e458cad61745f456fe5844cb8e4576a190aa80eb57bdbeec752f066
Opcode Fuzzy Hash: db49a4df49fc48c11c1f851931ae6283509bcdc794a71f3c19a9078df7b0ac5b
Instruction Fuzzy Hash: BBE191E3F60B560BF7640878DDC93A25982D764320F1E56399F98DB7C2D8EE8D844388

Function 004405EF Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88d0a3e0973f231aa6565179d13745f8744e888b3ac43d93935fd95194ce4851
Instruction ID: be0ff46bfa7916adf0fda85fa2a239d52893cc4090df5dfbbc36e501974d8b23
Opcode Fuzzy Hash: 88d0a3e0973f231aa6565179d13745f8744e888b3ac43d93935fd95194ce4851
Instruction Fuzzy Hash: E0E116E3E62A6407F7614468CC48392558397E1325F1FC2B18F5C6BBCED8BE5C9A52C8

Function 005290DD Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099b1427087cf3072cf269a26f2500b09768c2ac9509323c748ef02685618a65
Instruction ID: 1512747103c0736146cfbac68380616c7ecce6b6ca619eff2b58e8313b16f1ba
Opcode Fuzzy Hash: 099b1427087cf3072cf269a26f2500b09768c2ac9509323c748ef02685618a65
Instruction Fuzzy Hash: 46D18CB3F112244BF3884968CCA43A27683EBD5324F2F82388B599B7C5DD7E5D0A5384

Function 00482045 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30965e2f18e869d3623227538134eac003962d623fe03c430f0fc8a67faaf4d
Instruction ID: 59c5cd8c35af32d14b8814df6b8225a8fce1903405849c3ea092a6540c7ad375
Opcode Fuzzy Hash: a30965e2f18e869d3623227538134eac003962d623fe03c430f0fc8a67faaf4d
Instruction Fuzzy Hash: E2D199F7F1162107F3544938DDA83A66643D791325F2F82388F596BBC9EC7E9D0A4284

Function 004DA00E Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96e26251cc3b825173966e2f2d34c67b6226d971971a4a130d6b57fe9b04ef70
Instruction ID: 5f738beee5a5e12eb055b4caef7fc11d20c777d39b57eeed02c01cb0a417cf22
Opcode Fuzzy Hash: 96e26251cc3b825173966e2f2d34c67b6226d971971a4a130d6b57fe9b04ef70
Instruction Fuzzy Hash: 1DC18CB3F1162547F3544939CC983A27683DBD1314F2F82788A5CAB7C5D9BE9D0A5384

Function 0049C0E1 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c29298a887b116adfcf4cef50a126b8a75e48a5def51a7d44da50391329722e
Instruction ID: cfe8f29feb7b1250e64546c8f220aaac8bb0742aea2cf28b56c3f40b4c34bdb1
Opcode Fuzzy Hash: 5c29298a887b116adfcf4cef50a126b8a75e48a5def51a7d44da50391329722e
Instruction Fuzzy Hash: ADC1A9F3F1062547F3544979CC983A266839B94324F2F82788E5CAB7C5E9BE9D0A53C4

Function 0052250C Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 278eb3e3c01161e651c6a836a3033b75b2a3f51132124acaeafa6b373fd9003a
Instruction ID: 9352495d372444142641e36edbdd66473300afdc924f50d11522a210d3e01150
Opcode Fuzzy Hash: 278eb3e3c01161e651c6a836a3033b75b2a3f51132124acaeafa6b373fd9003a
Instruction Fuzzy Hash: DDC18FB3F1162547F3584838CCA83A22542D795324F2F82388F59ABBC5DC7E9D0A53C8

Function 00417025 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a8c9fbf8ec5fffb9bca2772a08456516e9b83ea47a30a24f33a867be94ebcec
Instruction ID: 847006523c59518ae8345feca3bacfd16d364b11af2e4224f03eb264204104ac
Opcode Fuzzy Hash: 4a8c9fbf8ec5fffb9bca2772a08456516e9b83ea47a30a24f33a867be94ebcec
Instruction Fuzzy Hash: 10C1ADB3F116254BF3504D78CD983A27683DB95320F2F82788E18AB7C9D97E9D0A5384

Function 0040E1DF Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36b5734c57b855394e80496492dcf0f8dd1d880df5ba05fbb348b2bd84fa5ee3
Instruction ID: 8abb66d49bb5efeb1ec4a2e2d2cd4b6c23c996de01ce3744bf98fa4e2817f56c
Opcode Fuzzy Hash: 36b5734c57b855394e80496492dcf0f8dd1d880df5ba05fbb348b2bd84fa5ee3
Instruction Fuzzy Hash: 6FC18BB3F116254BF3444939CC983A27683DBD5311F2F82788F09ABBC9D97E6D0A5284

Function 004E0048 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3edc9c88c24afaa8ffdb127ed31220c251eecfdf90740cca4858b59e7041017
Instruction ID: 1af22c242dcb38a2ae4e9438728ef409273d0d81077d2374b2b0f5cafc4eaee2
Opcode Fuzzy Hash: b3edc9c88c24afaa8ffdb127ed31220c251eecfdf90740cca4858b59e7041017
Instruction Fuzzy Hash: 99C1CCB3F2152447F3404929CC983A276839BD5325F3F82788E6CAB7C5D9BE9D0A5384

Function 00488154 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ca929a08da7195cee5b46296a2b53c4017533d2452dcbdf9ea9f4edf51a9ee7
Instruction ID: f78f6b86ebe280b3442e121b87d2b49f8bfbaf9ce1dc21293a016d4307dba90e
Opcode Fuzzy Hash: 5ca929a08da7195cee5b46296a2b53c4017533d2452dcbdf9ea9f4edf51a9ee7
Instruction Fuzzy Hash: 7AC157F7F516250BF3444839DD983622583D7D5325F2F82788E58ABBCAECBE4D0A5284

Function 004EC50C Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9efaa3b007f7a1c997df40f94ad2b2220fb139f10acd9371c026aef3500dd3c7
Instruction ID: 4373e15e15b95d59f0ea7494f7a5d1235e59b3a8bfdd645774fb484a381681a8
Opcode Fuzzy Hash: 9efaa3b007f7a1c997df40f94ad2b2220fb139f10acd9371c026aef3500dd3c7
Instruction Fuzzy Hash: 72C18AB3F516254BF3440939CD983A265839BD5324F2F82388F5C6BBC5E8BE9D0A5384

Function 0048C5B4 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e49f4553523325f51c9971ba53baa8f36f1d2112840c2a04ce03eadb17e4a944
Instruction ID: 832617eeb07916c61546af16b23debb9bacc08321c6f4d20c6f3fbe802c5fa68
Opcode Fuzzy Hash: e49f4553523325f51c9971ba53baa8f36f1d2112840c2a04ce03eadb17e4a944
Instruction Fuzzy Hash: F5C169B3F1062547F3584D28CCA83627683DB95320F2F82788EA9AB7C5D97E5D0A5384

Function 004D1104 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f34593a6d6b81f16d8f8bfbb4745feae0171134c3cd88fbe263918e7407b95b
Instruction ID: 27d7d5a49215adebc64584aa0fdf6f6a9c6129328d75d3560848cb213da004d7
Opcode Fuzzy Hash: 7f34593a6d6b81f16d8f8bfbb4745feae0171134c3cd88fbe263918e7407b95b
Instruction Fuzzy Hash: F2B159B3F116244BF3844929CCA83A26283D7E5325F2F82788E595B7D5DC7E9D0A5384

Function 003E8502 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9a8c8741118909a579618c878410254797aaf4f8dd9864653601ff003cafb23
Instruction ID: 43231aeed72b4108e642c5e51c473f32a5fe1e4022f5927f294decac0093ffff
Opcode Fuzzy Hash: c9a8c8741118909a579618c878410254797aaf4f8dd9864653601ff003cafb23
Instruction Fuzzy Hash: C9B1ACB3F6163447F3944978CC9836266929BA5324F2F83788E5C6B7C5E87E1D0A53C4

Function 004D20B6 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e55fa15387b6962dc5b8a66ef7a2dd0e30ef0921769c41bf01716158fce08b30
Instruction ID: 58f3e91fe2c112d66f3de65ff10f1451ace08f524bbedf45f03c7c119c20069b
Opcode Fuzzy Hash: e55fa15387b6962dc5b8a66ef7a2dd0e30ef0921769c41bf01716158fce08b30
Instruction Fuzzy Hash: 71B19AB3F5122507F3844968DD983A26583DBE1314F2FC2388E586BBC9ECBE5D0A5384

Function 00524569 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59244257e7bb8194d9c552fe97c0804fdd34aec941c33da65f1b89a4f22af43d
Instruction ID: 92e4092780028e10f33762a5335d6b81c0f59912affd3b2f55a014aabc3adff2
Opcode Fuzzy Hash: 59244257e7bb8194d9c552fe97c0804fdd34aec941c33da65f1b89a4f22af43d
Instruction Fuzzy Hash: BBB157B3F1162543F3544879CD983A2A6839B94324F2F82788E5DBB7C5E8BE5C4A53C4

Function 004306E9 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6959c65e672221c05016420bd3982e59adfd1489a688e6c87065586baf5df28a
Instruction ID: 426a486e52f9b238414064617d9bf6a7cf839b5bd03cf0815736cab59e40a4f0
Opcode Fuzzy Hash: 6959c65e672221c05016420bd3982e59adfd1489a688e6c87065586baf5df28a
Instruction Fuzzy Hash: 8EB1AFB3F5062547F3584978CCA83A27683D794314F2F827C8E49AB7C9E9BE5D0A5384

Function 004B8508 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c38840a6faebbc74be7c1ea7f17cbb17d428927a96649b99259e6409f3dcd493
Instruction ID: 6ceee472ac97adefdda2d5264e9e0c8ea3ff55a28c7363e8ef05ceb3512bfed6
Opcode Fuzzy Hash: c38840a6faebbc74be7c1ea7f17cbb17d428927a96649b99259e6409f3dcd493
Instruction Fuzzy Hash: 24B17AB3F1152547F3588929CC683A26283D7D5325F2F82788E49AB7C5E87EAD0953C4

Function 0040625C Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01f4927eb0f6b43ea0aeefb78d9787639a4af7d62816cc9397baa0c86d14673f
Instruction ID: 6c3c4d415502bf55aead080c42771984c5cfb8dc42e248d38c6021e9fded7d8b
Opcode Fuzzy Hash: 01f4927eb0f6b43ea0aeefb78d9787639a4af7d62816cc9397baa0c86d14673f
Instruction Fuzzy Hash: 79B1AAF3F1122147F3984968CC993A26583DBA1324F2F82788F19AB7C5D9BE5D4A5384

Function 003F838B Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad53031f6b7c13e72d80eee77ef33a442f8a2ea286d62312a136a541a0a5a55c
Instruction ID: 25f9636d25b7a76169486dbacc3fddfd0cb215eef414109a384ecb6afb5defdf
Opcode Fuzzy Hash: ad53031f6b7c13e72d80eee77ef33a442f8a2ea286d62312a136a541a0a5a55c
Instruction Fuzzy Hash: 37B19CB3F111254BF3544969CCA83A2668397D5320F2F82788F9C6B7C2D9BE9D0A53C4

Function 004D04E9 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16294822962a6f248a74ef0fd5aa97c157fb67cf87a44fae8425cce666f1b8b9
Instruction ID: 936f4e7c0a97a59cff9ed3b599834450ae2037d48f04f75237a1cb191b98abb1
Opcode Fuzzy Hash: 16294822962a6f248a74ef0fd5aa97c157fb67cf87a44fae8425cce666f1b8b9
Instruction Fuzzy Hash: 34B18AB3F0162507F3484939CDA83A2668397D4325F2F82788F59AB7C9ECBE5C464384

Function 00496312 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80378cdd6fc40b8ef3a1a5406428c2b16bf59ed332cad96a713f18f9db5adbf5
Instruction ID: 1fa5c139381290444ca98d1b78bee36ca17f15a7519cf21a93991bcecd6667b2
Opcode Fuzzy Hash: 80378cdd6fc40b8ef3a1a5406428c2b16bf59ed332cad96a713f18f9db5adbf5
Instruction Fuzzy Hash: 7BB18BB3F1162547F3584D28CCA43A27682EB95324F2F827C8F59AB3C5E97E5C095384

Function 004005FF Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dbd0c2fbd78074ebc33e5d3bbe4a013df82ad0e35751386093be7910133efee
Instruction ID: cf5e91fec41358b9e9ac8035ad450749c1b5fc3480cb02d9ce44f898658c01f1
Opcode Fuzzy Hash: 3dbd0c2fbd78074ebc33e5d3bbe4a013df82ad0e35751386093be7910133efee
Instruction Fuzzy Hash: 85B1A9B3F116244BF3444939CD983A27683DBD5315F2F82788E486BBC9D97E5D0A9388

Function 005190BF Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e54bdc8446ef2306ffcdad92b0c9cc2b1d910368c31638977524e0709c14da74
Instruction ID: 4ef64f55f46cc90ebd87118a2a0cdfa5f470256863e80afe7cc02dbd82e7b1c2
Opcode Fuzzy Hash: e54bdc8446ef2306ffcdad92b0c9cc2b1d910368c31638977524e0709c14da74
Instruction Fuzzy Hash: 82B1BDF3F106244BF7584978CCA83A26683D794324F2F827C8F59AB7C5D87E5D0A5284

Function 0040825C Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daac666953c909f5ad8aed803d92a535580766bad432ba5ab4821e9342179203
Instruction ID: 00a863d1efa11c236d438633f443f018f800f90d23e01397d2bb8c22bbc9c107
Opcode Fuzzy Hash: daac666953c909f5ad8aed803d92a535580766bad432ba5ab4821e9342179203
Instruction Fuzzy Hash: 6FB16AB3F1122547F3544838CD983A66683DBD5311F2F82388E58ABBC9D9BE9D0A53C0

Function 00478619 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb9ed0964887b45368d4217ee138999b0b2e882ab2b678e0cdc80bb6306864e0
Instruction ID: 80733b872fb5dc6a4fcf29af750eb0be7f5d4a9cacb1577b1b48070d7b10c8b3
Opcode Fuzzy Hash: eb9ed0964887b45368d4217ee138999b0b2e882ab2b678e0cdc80bb6306864e0
Instruction Fuzzy Hash: 3FB1AFF7F5162507F3944878DDA8362A6839BA1324F2F82388E5C6B7C6DC7E5C0A52C4

Function 00483025 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86632bd27a1093bd06a01ed038d39d10a67cb62a3ccabd0ae7251b3667dbc659
Instruction ID: ae92f2f7d45e19be6040108a69cba30b64a3c921f128f2881adcafa60af3297e
Opcode Fuzzy Hash: 86632bd27a1093bd06a01ed038d39d10a67cb62a3ccabd0ae7251b3667dbc659
Instruction Fuzzy Hash: 74B148F3F1062547F3584929CCA83A66583ABD5324F2F827C8E89AB7C5DC7E5D0A5384

Function 004C4528 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7ad8f9cda5f87c080af309d70defd43eb6ff10c248f1a5a17b22d5f8300ae2f
Instruction ID: a1207d8ee217543401f8b91e50afa9d7bcf05c0b1c024e17fb28ec7b5a47a371
Opcode Fuzzy Hash: c7ad8f9cda5f87c080af309d70defd43eb6ff10c248f1a5a17b22d5f8300ae2f
Instruction Fuzzy Hash: 62B19EB3F106254BF3544D29CC983A27683DBD9320F2F42788E586B7C5D97E5E0AA784

Function 003E804E Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f13c6e2682ef1615b2e818c4a86555478f21bbc8b127269b37237160380d6c6
Instruction ID: 66305843a0f306f4ca2b5112ef1b13812921cecdb8a45b9dadb687ddc1a14217
Opcode Fuzzy Hash: 7f13c6e2682ef1615b2e818c4a86555478f21bbc8b127269b37237160380d6c6
Instruction Fuzzy Hash: F8B190B3F1162547F3444E29CCA43A27293DBD5314F2F82788E985B3C4E97EAD0A9784

Function 00511093 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39eeaec7c7825d853859a490e2449e0d3ff7982d42e0cd9e306d50a623d57ab6
Instruction ID: db725ef7bf0c3ffd57b85a02680f132639d00420b2cabedd7942a3c15d6f51ec
Opcode Fuzzy Hash: 39eeaec7c7825d853859a490e2449e0d3ff7982d42e0cd9e306d50a623d57ab6
Instruction Fuzzy Hash: 59B189B3F2152547F3584D29CC583A276839BD5324F2F82788A6CAB7C5DD7E9C0A5384

Function 00528449 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a77a9274b6fad816b309c198ad99c427ca6bde01170a6ef5817ebb431b8fac2
Instruction ID: addae0fb94634e9456e80123fb4986402564e155260889e723c7c6594fa05293
Opcode Fuzzy Hash: 1a77a9274b6fad816b309c198ad99c427ca6bde01170a6ef5817ebb431b8fac2
Instruction Fuzzy Hash: 1EB179B3F016254BF3544969CCA83A27683DBD1324F2F82788F596B7C9D97E5C4A9380

Function 005160DD Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5b13ec122471ae4b7b7038f8da27ef20ac0cfb1857bf07fff2b73394030bd16
Instruction ID: 4fa645a95be63563f7f2cb6fe9b148a60d8b1fc9d717bba7880d402f7d28f442
Opcode Fuzzy Hash: a5b13ec122471ae4b7b7038f8da27ef20ac0cfb1857bf07fff2b73394030bd16
Instruction Fuzzy Hash: 30B17DB3F1012547F3584928CDA83B66693DB95314F2F823C8F4AABBC9D97E5D0A5384

Function 004B7165 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fbc01c558e8039143d7f5fd1a2aa43a43aa69efd0399e1d4fe983a6157cc0fa
Instruction ID: 3a7eb2a621e60dc063d80521850181d4819703f85c7dd2c6003e871d416dc088
Opcode Fuzzy Hash: 4fbc01c558e8039143d7f5fd1a2aa43a43aa69efd0399e1d4fe983a6157cc0fa
Instruction Fuzzy Hash: 82B18BB3E1152547F3544D28CC683A2B683EB91324F2F82788E5D6B7C5D97E5D0A9384

Function 00517036 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4efb841d2d1fa0786bfca42a00601156350630dffeaf5eba114cd6d5f73d6e77
Instruction ID: 8a45d184ccbd6098bbcd560f27914f19ea3d2334cc4e2e33467f09e9418fce39
Opcode Fuzzy Hash: 4efb841d2d1fa0786bfca42a00601156350630dffeaf5eba114cd6d5f73d6e77
Instruction Fuzzy Hash: 66A19CF3F1162547F3544939CCA83A26683ABD5324F2F82788A5CAB7C5ED7E5C4A4384

Function 004B40BB Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83f45e791df19d9f1899ee5dc3d243824f645a9f95d881e0518b5d53e3016d3a
Instruction ID: 389c2381df9209f4e4337c5f3ac27a24cfb2139eb780f88272ff936475cf77cc
Opcode Fuzzy Hash: 83f45e791df19d9f1899ee5dc3d243824f645a9f95d881e0518b5d53e3016d3a
Instruction Fuzzy Hash: DEB17CB3F5162447F3584829DC983A2A583D7E5321F2F82788E5CAB7C5DCBE9C4A5384

Function 004D65CE Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9faa5aa66e50243eaa539c4feadcb6669d6fa1eb294c0a45f962d015e0afbacd
Instruction ID: 6d8fc69a22a78c4a0e9c36edb6bb5db384897cb0336e39ed83340e8415f8f020
Opcode Fuzzy Hash: 9faa5aa66e50243eaa539c4feadcb6669d6fa1eb294c0a45f962d015e0afbacd
Instruction Fuzzy Hash: 6AB1ACB3F115254BF3544D68CCA4392B6939BA5320F2F82788E5C6B3C5EABE5D0953C4

Function 00510397 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f21633f36786f22c7ccb50b3fc11b70301253c5867a9f59b0e5bcef2406071
Instruction ID: d67f0fd10787bf801fbb574f5be768f3e2a7af712abf5e34905889b1aae2fbc8
Opcode Fuzzy Hash: 77f21633f36786f22c7ccb50b3fc11b70301253c5867a9f59b0e5bcef2406071
Instruction Fuzzy Hash: C6B1BFB3F106244BF3944D78CD993A26683D795320F2F82788E68AB7C5D9BE9D0953C4

Function 0040F147 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f76dbc7e3c916eab1d9ad9fc870e37b138bfa9e02731e2c2d9054f70895b628
Instruction ID: 38cd8a163a48c736873cea3bc8417d3dbb88e3092232ee4fd82215b57353aff1
Opcode Fuzzy Hash: 6f76dbc7e3c916eab1d9ad9fc870e37b138bfa9e02731e2c2d9054f70895b628
Instruction Fuzzy Hash: 82A19CB3F112250BF3544979CD583A2A683DBD0325F2F82788E5C6BBC9D87E8D4A5284

Function 00470393 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072042952ef3aaf8b492c09f9d41a25fdb9a3f0975b680ea171f04c72b179563
Instruction ID: d76c41fb50b7b081f784c2d3718f2a5025a3b285c5286684f994f7e35932c499
Opcode Fuzzy Hash: 072042952ef3aaf8b492c09f9d41a25fdb9a3f0975b680ea171f04c72b179563
Instruction Fuzzy Hash: F8A158B3F1252547F3444929CDA83A26683EBD5314F2F82788E4C9B7C9DDBE9D0A5384

Function 00448449 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd8cf059bdc06cca4d4947205401c7c87bb737e74f73df7c077d8ddbacc0745a
Instruction ID: 042ff4ca4c853d3eba4df379ce960608f1bf6a00b7b4d7f01e71fcb4ef18c004
Opcode Fuzzy Hash: dd8cf059bdc06cca4d4947205401c7c87bb737e74f73df7c077d8ddbacc0745a
Instruction Fuzzy Hash: 58A16DF3E1052547F3544969CC983A2668397A5324F2F82788F4CAB7C6D9BE5D0A53C4

Function 004281AD Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2963960fadf8988f1ddf621f2352269b0651088c8c879cba934954ab47d27b68
Instruction ID: cb0b9b732affbba4f9d3092094706753c30404285a73b7d8bcb48440d892d761
Opcode Fuzzy Hash: 2963960fadf8988f1ddf621f2352269b0651088c8c879cba934954ab47d27b68
Instruction Fuzzy Hash: 69A19CB3F516254BF3444D28CCA83A27693DBD5314F2F82788E486B7C9D97E6D0A5384

Function 003F9103 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d5a9ca72d3d176df83c191caf748598eb291e0b799fdd8246278fecc33e55b
Instruction ID: f77c56c64c67a7efef268f3ba50485bdb1cb20edce6e54ae9ae85ec15bd7050a
Opcode Fuzzy Hash: 09d5a9ca72d3d176df83c191caf748598eb291e0b799fdd8246278fecc33e55b
Instruction Fuzzy Hash: 1DA168B7F1022647F3544C39CDA83626683D795324F2F82388A59AB7C5DDBE9C0A5384

Function 004FE487 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c738299173607a3acd387e5243dd707288aaca42c3d9950b2561dbefcf67c69a
Instruction ID: f15f4d3160d12382cf27bed5c6ac95bb3fff2597818dcd777210626fdb6cb618
Opcode Fuzzy Hash: c738299173607a3acd387e5243dd707288aaca42c3d9950b2561dbefcf67c69a
Instruction Fuzzy Hash: 83A147B3F116254BF3944839CD593A2668397D5320F2F82788E4CABBC5DC7E9D0A52C4

Function 0045822C Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c63291e06b252f1c4a7cbb6234e73b3f451d352559eb10ad2dac60ac6b2fefbb
Instruction ID: 8b281df3296d579bddf3c577bd38fb8ef2ee8de906404e92829710c4831ef1b2
Opcode Fuzzy Hash: c63291e06b252f1c4a7cbb6234e73b3f451d352559eb10ad2dac60ac6b2fefbb
Instruction Fuzzy Hash: BCA17BB3F1122547F3584938CC683A66683DBD1325F2F82388E59ABBC9DD7E5D0A5284

Function 004D409B Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba605468b928fae3c0955654def14a34c18f0ec1c0d3ac98d447dfa9ee5344ff
Instruction ID: 8b77eb38cf8f44bf9c4a887a622eebc00132cd06aaddf8d2b31cb3a53dc4b5f7
Opcode Fuzzy Hash: ba605468b928fae3c0955654def14a34c18f0ec1c0d3ac98d447dfa9ee5344ff
Instruction Fuzzy Hash: D4A189B3F1162407F3944839CC583626683DBD5321F2F82388F48ABBC9DC7E9D0A5284

Function 004EA53B Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd0e8a27c13cfdde2bdcac8dee6548a2f0c064b0771743dc92a7ab0f1c8a5402
Instruction ID: 1a37f110eb96c5bc8bc33c15383bcf4821900df7cfca0dfc5e63e3594cd63dc8
Opcode Fuzzy Hash: bd0e8a27c13cfdde2bdcac8dee6548a2f0c064b0771743dc92a7ab0f1c8a5402
Instruction Fuzzy Hash: 79A18CB7F5022507F3944838CD993A22583DBD5324F2F82388E59AB7C6DC7E9D0A5384

Function 003E0397 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 310a691e7dde1cbf98dabf788cadfbe209dd286e15170ebbed7508b479eebc91
Instruction ID: e6adb415fea47b16e78d9695c4edd2fe82103a406ec2ddb2705154f1242995de
Opcode Fuzzy Hash: 310a691e7dde1cbf98dabf788cadfbe209dd286e15170ebbed7508b479eebc91
Instruction Fuzzy Hash: 89A149F3E5122547F3944879CC983A265839795320F2F82788F5CAB7C9ECBE5D0A52C4

Function 0049B0F2 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 932e8b701eb1ece2d3dd3a17b3dac0d85d9d1d307484b1072e0d1c411d00c970
Instruction ID: 0d53f449eff632747aea4f488e6d776aabc6019597bbbd7cc54b67d0489cf6c7
Opcode Fuzzy Hash: 932e8b701eb1ece2d3dd3a17b3dac0d85d9d1d307484b1072e0d1c411d00c970
Instruction Fuzzy Hash: B2A19FB7F512154BF3448D39CDA83626A83DBD1314F2F82388B599BBC9DC7E590A9384

Function 004106DC Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55449e7d44b02e0d3fc4944ba9da478f6158b8b558522f3d5b193dc33e2fba97
Instruction ID: 7c32890b2fed3428e548b9d7dee8c1c89fedb0f9a0563623b18a561d856f94b6
Opcode Fuzzy Hash: 55449e7d44b02e0d3fc4944ba9da478f6158b8b558522f3d5b193dc33e2fba97
Instruction Fuzzy Hash: D1A19DB3F5162647F3544879CDA83A265839BD4324F2F82388F59AB7C9DCBE5C0A5384

Function 00497040 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a882151e127048e8da90b462201ef934f79f63246a07258d3ba829464f77e10
Instruction ID: 920097f1a38723cdffe5ffce06e35444dadbe6a72fd80962c7085a6a361843d1
Opcode Fuzzy Hash: 8a882151e127048e8da90b462201ef934f79f63246a07258d3ba829464f77e10
Instruction Fuzzy Hash: D3A1A4B3F116244BF3444928CC943927683DBD5324F2F82788E589B7C9D97E9D0A9384

Function 004A60C2 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71b25ca42b78847a0f25ec50277f657e18b1fce9e7441c907c3023ea4e2d18bd
Instruction ID: a2b0df1962072aa9a3c4d7a2969b9d899b70879a3fdfdc01a46c4f576f924a24
Opcode Fuzzy Hash: 71b25ca42b78847a0f25ec50277f657e18b1fce9e7441c907c3023ea4e2d18bd
Instruction Fuzzy Hash: D2A18DB3F116254BF3844928CCA83A23643DBD5314F2F81788B499B7CAD97E9D0A5384

Function 0040B0AB Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb70cc73deb3aae2f55d3bb443b10f73f91c07394563e5bb049dd2bdd2a69d3
Instruction ID: f594dc8dad51df8f7b4d06aaefc22862a530c9b9990a007345bd10f88930ec52
Opcode Fuzzy Hash: efb70cc73deb3aae2f55d3bb443b10f73f91c07394563e5bb049dd2bdd2a69d3
Instruction Fuzzy Hash: 00A19CB3F1162607F3944929CC943A2B683DB95314F2F82388F496BBC9DDBE5D0A5384

Function 005123F1 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58b7394ed9edc15a14e501306bbab0f4339939196153cd158a8ad19df9ea92c
Instruction ID: 9ee49f3f34d7760150fdaebc47a048f17f15db382a0a420723c38278a9dce79d
Opcode Fuzzy Hash: a58b7394ed9edc15a14e501306bbab0f4339939196153cd158a8ad19df9ea92c
Instruction Fuzzy Hash: 9DA188B3F1152447F3584D29CC643A67683EBD5321F2F82788A8D6B7C4D97E5D0AA384

Function 0045A596 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f651aee14c29b503e14f1f91911521a5f34826a530b35c32377357782def70c
Instruction ID: 64267e70d5132ff1657269e8a30493bf6c7f5dc249c0ce5667c3319922a3b874
Opcode Fuzzy Hash: 3f651aee14c29b503e14f1f91911521a5f34826a530b35c32377357782def70c
Instruction Fuzzy Hash: 18A1EDB3E2013547F3A44978CC983A2B6829B94310F2F82788E8C7B7C5D9BE5D4993C4

Function 00409074 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f45c2ff9dbece1d2a48066640282640b44bce5391ab4dc0be6029e2b5d5812
Instruction ID: d95ecc774dbdced4cd2842e1e7627cca4acb2b67544c979e0400b5a94e28b659
Opcode Fuzzy Hash: b6f45c2ff9dbece1d2a48066640282640b44bce5391ab4dc0be6029e2b5d5812
Instruction Fuzzy Hash: 39A19AB3F502244BF3944879CD98352668397D5320F2F82388E6CAB3C5DDBE9D0A5284

Function 004F110F Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c083c828e4218b7101bacdb3e43f5aa071d5c22a4829550633ed98c34909d43b
Instruction ID: a312c81a3e88cfc231a27f0c0adae3adeecd339a352a9512e0461876771b4a57
Opcode Fuzzy Hash: c083c828e4218b7101bacdb3e43f5aa071d5c22a4829550633ed98c34909d43b
Instruction Fuzzy Hash: CBA155F7F1162107F3940839CD593A2658397A0324F2F82388F5CAB7C6E87E8D0A5284

Function 00474248 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e1a479fad7b859a0a2526638da73b42fc399021a0a35d7402e5a96b8b38e3e
Instruction ID: f32c6fca050852153af2727b27f9b70d76f5b27d23a4b41782707c31d29108b1
Opcode Fuzzy Hash: 39e1a479fad7b859a0a2526638da73b42fc399021a0a35d7402e5a96b8b38e3e
Instruction Fuzzy Hash: 47A17CB3E0122647F3544E28CC943A17653DBD5324F2F82388E486B7C5EA7E6D5AA784

Function 004164EE Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd1da5af175b1b785664f349f9570d63c2db8f57700a00ab01dda149c0270627
Instruction ID: 5133e6c43cffdf467d03d883ec24a2a2ae02f2533886c17f7d6f11f53f524ad7
Opcode Fuzzy Hash: dd1da5af175b1b785664f349f9570d63c2db8f57700a00ab01dda149c0270627
Instruction Fuzzy Hash: 42A1AEF3F1062447F3444929CCA83A27693DBD5314F2F82788F195BBC9E97E9D4A5284

Function 003FE056 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22143d0032ff1728fea616993ec63b83c9cad6230dada504031b8ab383eb4f02
Instruction ID: 604abc247ef06845701b5206dcabb7559fedf9033b32b169960f4e68321a2c9a
Opcode Fuzzy Hash: 22143d0032ff1728fea616993ec63b83c9cad6230dada504031b8ab383eb4f02
Instruction Fuzzy Hash: 15A1ADB3F1162547F3540928CC683A27693DBD4324F2F82388E58AB7C5D9BE5D4A93C4

Function 004BE0A7 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f6a0af6100a3164ad5fea2e18ef48d894da489622dd6f7a91a6ec1b46c5a88d
Instruction ID: 2759a766028327a679c2998288e822ef3ec756bd722db6c2da1537fd6c7ecac8
Opcode Fuzzy Hash: 5f6a0af6100a3164ad5fea2e18ef48d894da489622dd6f7a91a6ec1b46c5a88d
Instruction Fuzzy Hash: C8A188B3F1062447F3580928CCA83A66683D791325F2F827C8F5A6B7CADC7E5C0A4384

Function 003FC3E7 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 522cc0b287b4577b3baf64ee58b00ddb4adc76b24098ff5f944e8c1cb8fb3ded
Instruction ID: 716ea663bddac311837c981c317df0717c9783b78f21a54f3db2ecc1765f9931
Opcode Fuzzy Hash: 522cc0b287b4577b3baf64ee58b00ddb4adc76b24098ff5f944e8c1cb8fb3ded
Instruction Fuzzy Hash: 06A18CF3F1162507F3844939CC9936266839BD5310F2F82798B49ABBCAEC7D9D0A5384

Function 004586D2 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b66fb1f52cceb94dc8d668eb32ab1c85a4166a3f2a80b9f634cd4b5692b1955d
Instruction ID: 4c01a817e8c44b071cbe77d738901891afdd870cd4a5536e8b241aa2af84ec2f
Opcode Fuzzy Hash: b66fb1f52cceb94dc8d668eb32ab1c85a4166a3f2a80b9f634cd4b5692b1955d
Instruction Fuzzy Hash: 62917CF3F1162547F3400964DC943A262539BA5325F2F82788F5C6B7C6D9BE5D0A93C8

Function 0046243F Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d64c8c466fbdb9e624e59e60a0b7322162c28439de5b0fbd83e5099c1a7c611
Instruction ID: 5f909aefc34295bbe96c7a24feb5719bfffbb821697376cb0468d78a628df0da
Opcode Fuzzy Hash: 9d64c8c466fbdb9e624e59e60a0b7322162c28439de5b0fbd83e5099c1a7c611
Instruction Fuzzy Hash: 209189B3F2162147F3544939CC9836266839BE5321F3F82788E68AB7C5DD7E9D0A5384

Function 0046A053 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b76e7c58591de516c6028aededbdec69ceaf2098aad326313b4a328ad0f6e13e
Instruction ID: fe45125504f2581ec96c4f2338febf2058bcd000431529df06cef2323092f57e
Opcode Fuzzy Hash: b76e7c58591de516c6028aededbdec69ceaf2098aad326313b4a328ad0f6e13e
Instruction Fuzzy Hash: 1AA19DB3F106244BF3904E68CC983927693DB95320F2F82788E586B7C5EA7E5D1997C4

Function 0046E17E Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63875872b7a3a5db2a4f7c94f09d06f98030dccc13ed530f1331463ede3a615b
Instruction ID: e99bcdf2c01f9f010d97e9eb8ac31c2f522b29de8598206d1efce13b7b5b4b00
Opcode Fuzzy Hash: 63875872b7a3a5db2a4f7c94f09d06f98030dccc13ed530f1331463ede3a615b
Instruction Fuzzy Hash: A991BDB3F1122507F3984978CD9836276839B85320F2F82788E5CAB7C5DDBE5D0A5384

Function 0052A34C Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb717097d19f5436ef3daa702781bee59ae8d6c8d4febc38da0e46c3eff1af9c
Instruction ID: 8d716587381559cf0a22427508e57aa4c028dbcbc8adbc15d2bbb8ee676072c7
Opcode Fuzzy Hash: cb717097d19f5436ef3daa702781bee59ae8d6c8d4febc38da0e46c3eff1af9c
Instruction Fuzzy Hash: D591BEF3F116204BF3444978DCA83A276939BD5314F2F82788E496B7C9E97E5D0A5384

Function 00420390 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8858cc2a64907a870f5fe0557366651a845c186e9feaef1e6753b72fd2796d42
Instruction ID: 158b849b1bfd7e588484ba32571ba02b1ebe5d5591a89eeb50f862da93058f6e
Opcode Fuzzy Hash: 8858cc2a64907a870f5fe0557366651a845c186e9feaef1e6753b72fd2796d42
Instruction Fuzzy Hash: 8991CFB3F1022447F3544D78CCA83A67692DB95310F2F82788E58AB7C5D97EAD0893C4

Function 004BE531 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b501e7091a7ab804fff52dcf0b2cfed9dcfef502cece52d3928522face8eadd8
Instruction ID: c4a1a53ab98478417b49cbe8f1e8495ad33ce97c3c3e71dcb72231be4555728b
Opcode Fuzzy Hash: b501e7091a7ab804fff52dcf0b2cfed9dcfef502cece52d3928522face8eadd8
Instruction Fuzzy Hash: A2A18DB3F116254BF3544968CCA83A27682DB95324F2F42788E5C6B7C1D9BF9D0A93C4

Function 005060FA Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc27b219b442bed980e9a3c535c6eba6f830951359db97ef143ba51274e67e55
Instruction ID: 38bf34b380bff15c42ed00bccb0899fe171ea17a0c8269cbbeedb39bfc553cd2
Opcode Fuzzy Hash: cc27b219b442bed980e9a3c535c6eba6f830951359db97ef143ba51274e67e55
Instruction Fuzzy Hash: 42919DB3F115254BF3944969CC583A26283ABD5325F3F82788E8CAB7C5DCBE5D0A5384

Function 003EC185 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00779056468b5e90b469e331aa863d72b5dcf87d86a1724266a65c01ee87c19b
Instruction ID: f7d8901ff2e5054e220854fcfa0fc2bb91cb997805bb6a9ff91d4e59bd9f6854
Opcode Fuzzy Hash: 00779056468b5e90b469e331aa863d72b5dcf87d86a1724266a65c01ee87c19b
Instruction Fuzzy Hash: 4B91AFB3F101254BF3584D69CCA83627683EB95310F2F827C8E49AB7C5D97E9D095784

Function 0050830B Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85b6e76663b8d8cab65d3b07fde6fa17fe99a05e16d07b9c8ae2145c0e15d7fe
Instruction ID: 47a478f22d6b1db14f059e47c534116e39e656494701aff0f66bcd3889a26a51
Opcode Fuzzy Hash: 85b6e76663b8d8cab65d3b07fde6fa17fe99a05e16d07b9c8ae2145c0e15d7fe
Instruction Fuzzy Hash: 6A918CB3F1262547F3844969CCA83A26683D7D4321F2F82388E996B7C9DDBD5C0A5384

Function 005145FD Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f39b8ba22d0ce2554fba72a66cacdb985c28cc7309293f4c70bf5124059c68b4
Instruction ID: d85250b7faa9c748e7abc155b352c58ad2234fcabd3741f06508d6c02a84bfd0
Opcode Fuzzy Hash: f39b8ba22d0ce2554fba72a66cacdb985c28cc7309293f4c70bf5124059c68b4
Instruction Fuzzy Hash: 5191CDB3F1162507F3544829CC993A27683DBD5320F2F82398E5CABBC5D9BE9C4A5384

Function 003F2664 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e16d3552852ba9713778d32e567fdbe4636c1f199e2afb575b52ee9781e1f93
Instruction ID: e4b76c5ee5ce3679ba06385b527ea6ef9fba56753fe5a1c44d161b040efee5fe
Opcode Fuzzy Hash: 7e16d3552852ba9713778d32e567fdbe4636c1f199e2afb575b52ee9781e1f93
Instruction Fuzzy Hash: 6E918BB3F115244BF3844D29CC983A27293EBD5311F2F82788A589B7C9DD7E5E0A9784

Function 004FC10C Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac1ea2db2462780cdaaa0b4b7d6a15b527473f4c9f2820d804d5ebdbb1b6cdef
Instruction ID: edc7ca773060e3505a4c386f714f61660c6babdcf6ca33c83c900b83301a0884
Opcode Fuzzy Hash: ac1ea2db2462780cdaaa0b4b7d6a15b527473f4c9f2820d804d5ebdbb1b6cdef
Instruction Fuzzy Hash: E49156B3F1062447F3584929CDA83A26683D7D5320F2F82788F4DAB7C5E9BE5D4A5384

Function 004801BF Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8899f937552f68fbc25226ee49fc07a3bb1ce4a137310c2cb17321c7bb369b37
Instruction ID: 62d531056e1f213c7a7855d7d756ef44207ac7be96c244b4fc348d0290884816
Opcode Fuzzy Hash: 8899f937552f68fbc25226ee49fc07a3bb1ce4a137310c2cb17321c7bb369b37
Instruction Fuzzy Hash: 139189B3F111244BF3504D39CC583A276939BD5324F2F82788A9CAB7C8D97E9D4A9384

Function 004FA068 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a0df59b62b4bbe9ed4dd3efb535da0ed0ecc35e3be87f182dbd57797caf9da
Instruction ID: 6e25144d994e34eb73ca1cd3cd3bd428609d0ed8cfbd85fe1c3d4a5b0c06101a
Opcode Fuzzy Hash: 24a0df59b62b4bbe9ed4dd3efb535da0ed0ecc35e3be87f182dbd57797caf9da
Instruction Fuzzy Hash: 4F916DB3F1162507F3584879DCA8362658397D4324F2F823D8A5DA77C6ED7E5C0A5384

Function 00500193 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3358fa5875ed490664e36daf8a3ab421c928c231b66513a4f0b20e2882652dd4
Instruction ID: c4ef2e13855efc4a56eafaf8f97c863d996b268523ce742af1eac6da015ac965
Opcode Fuzzy Hash: 3358fa5875ed490664e36daf8a3ab421c928c231b66513a4f0b20e2882652dd4
Instruction Fuzzy Hash: 6F918BB3F1122547F3940928CC983A67682DB95311F2F82788E4C6B7C9D9BE6D4A93C4

Function 00428660 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ce13d2f7432616824ae1d92a5595cd95df7bc322f72646f1a7c95952dcb3897
Instruction ID: bbf0d2b9baa3d3cdc166fcc7018e368a39c9f24afaee6fbbe5657fe8614b3868
Opcode Fuzzy Hash: 3ce13d2f7432616824ae1d92a5595cd95df7bc322f72646f1a7c95952dcb3897
Instruction Fuzzy Hash: 7891ADB3F1052547F7480938CCA93A63692DB96310F2F827C8E59AB7C5DD7E9D099388

Function 004A8042 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0be63cd5933fbefb76138ae4f5fb778b6f8a5f2acbbd44dfd577ecb386c30f7b
Instruction ID: 9324c92778272f83669bcb623a523e8630940fdaec7bd9d4244d84f5e7889c2c
Opcode Fuzzy Hash: 0be63cd5933fbefb76138ae4f5fb778b6f8a5f2acbbd44dfd577ecb386c30f7b
Instruction Fuzzy Hash: 17916CB3F1122107F3584939CD6836265839B95324F2F827D8F5DABBC9DC7E9D0A5284

Function 004A44BE Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29b9d9c71f7cf98473c3c4bf511c2aec556b83535ff6b34caebcc6d44a969147
Instruction ID: 368c7b4566123b2285d2ba72573951091d9ccb5e21bebf8baee35bc042e04296
Opcode Fuzzy Hash: 29b9d9c71f7cf98473c3c4bf511c2aec556b83535ff6b34caebcc6d44a969147
Instruction Fuzzy Hash: 68918EB3F1112547F3944D29CD583A67693EBE1320F2F82388E886B7C5D97E5D0A6784

Function 004DE0C5 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6c610cd1340aace946fc08a1c0c7a879eb95654c54fc887dd76d34b52ca5c76
Instruction ID: f78286424c6a4c542521ac7430f17e96048c77078f0f02923929c0d93ac47732
Opcode Fuzzy Hash: c6c610cd1340aace946fc08a1c0c7a879eb95654c54fc887dd76d34b52ca5c76
Instruction Fuzzy Hash: C39188B3F112254BF3540D68CC943A2B683DBD5725F2F82388E486B7C5EA7E5D0A9384

Function 004500D6 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b2767754c967416eb71edd6bbebcaf06a5c6a7a9b092d5bc26ff2b87962b71f
Instruction ID: bb3ba5180a5763aef7a8ec101da1aa8e8d80e00c342586a96214d624fb0e410d
Opcode Fuzzy Hash: 5b2767754c967416eb71edd6bbebcaf06a5c6a7a9b092d5bc26ff2b87962b71f
Instruction Fuzzy Hash: 6D91AAB3F016250BF3844969DDA83526683DBD5320F2F82788E5C6B7C5ECBE5D0A5384

Function 0047C117 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b79f51b1908dc84430998cc821650bf04205539a4ddea0587aef9fbb764c61e1
Instruction ID: 9056e8e9a573ac31c43922729b880705d9a51bcfe2de7ba18a97ccbc975e1909
Opcode Fuzzy Hash: b79f51b1908dc84430998cc821650bf04205539a4ddea0587aef9fbb764c61e1
Instruction Fuzzy Hash: 38914BF3F5162107F3544879DD983626583D7D4324F2F82388F586BBCAD8BE5D0A0288

Function 004D61B4 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e32dd52a2a86f786264eb6ca70c52246bc98003eecf822928d00558db732e5
Instruction ID: 604af18eb25660ab6db066e95b72b0c4bf7806b22569fc4ee52bb98400b7bba8
Opcode Fuzzy Hash: c1e32dd52a2a86f786264eb6ca70c52246bc98003eecf822928d00558db732e5
Instruction Fuzzy Hash: D0916BB7F1162507F3484C78CD983666643A7D4314F2F82388F599B7C6D8BE5D0A5284

Function 00467068 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 214ab95ac332031f4aecfff9a73b9a0c8256f814d89b58f620fdf2dd3fc161de
Instruction ID: 98d22bef84459674d334cacaa3c30c860902e72726f08c8d441cae1174323b79
Opcode Fuzzy Hash: 214ab95ac332031f4aecfff9a73b9a0c8256f814d89b58f620fdf2dd3fc161de
Instruction Fuzzy Hash: A59168B7F116254BF3884838CCA83A26683D7D5314F2F82388F59AB7C5E97E9D495384

Function 003DE547 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a6b24bc525b5c7ed88dc236399be64bee8003d2ece1afa8262fd9fba79ed9b
Instruction ID: 64bf1a121b4e24b5bc9fefc6db1c0a6cb7463ed89cf8cd17f5af579143401ae9
Opcode Fuzzy Hash: 81a6b24bc525b5c7ed88dc236399be64bee8003d2ece1afa8262fd9fba79ed9b
Instruction Fuzzy Hash: CF918CB3E106254BF3544968CC983A27693D7D5320F2F82788E4CAB7C8D97E5E4A93C4

Function 004BC381 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9eb283b38acf0bae1ba4f0c3f251229b38062b81ac937e77cabe296070df4b5
Instruction ID: 6498d47ec9a1606dad20ee67ce5a2fff9bae6ff6d1267c48c8ac95d54ba8e4ff
Opcode Fuzzy Hash: c9eb283b38acf0bae1ba4f0c3f251229b38062b81ac937e77cabe296070df4b5
Instruction Fuzzy Hash: 50918DB3E1152547F3504E28CC943A2B693AB95321F2F82788E9C2B7C5D97F6D0A97C4

Function 003F447A Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e663ac8265d6353ce93c4cb8089654acc9de41382f24a19a39432f7864c8e4a4
Instruction ID: 14b819f5de61f4082c01387f990ea17b9244cfd0f7a4a1501abcc1e421a74ab9
Opcode Fuzzy Hash: e663ac8265d6353ce93c4cb8089654acc9de41382f24a19a39432f7864c8e4a4
Instruction Fuzzy Hash: E191AAA3F507254BF3844979DCA83626683DBD5310F2E82388F589B7C9ECBE5D098384

Function 0051C654 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b863c239d77a77c8b7b0caf357a52fa006ee655db2ec27405f418b0a457319f2
Instruction ID: 2c06c95001117d0a4f1f37d4e1b43cab820326eb6b1123b935396de6d0da7879
Opcode Fuzzy Hash: b863c239d77a77c8b7b0caf357a52fa006ee655db2ec27405f418b0a457319f2
Instruction Fuzzy Hash: F6918BB3E1152547F3904E29CC883627293AB95321F2F82788E5C6B3C4E97E6D5997C4

Function 004AB10D Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b89d19e62007542231bb5112d0b2890b4336dbb7971400fd485130a75381d9ad
Instruction ID: 09162a62ac2b17f1f8710b0bfe1d9c18f46b5f46f16d97749c5a272e1620b658
Opcode Fuzzy Hash: b89d19e62007542231bb5112d0b2890b4336dbb7971400fd485130a75381d9ad
Instruction Fuzzy Hash: 1491CCB3F115254BF3504929CC983A27683ABD5320F3F82788E5C6B7C9D97E5D4A9388

Function 004924D8 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb7ded1898255fc8474f5ba704fdd8942f47b3a13b3602ace69159cebab6d8a
Instruction ID: 2f1c64fd904d83238e6c36aeb03c32ad7498f757741a0bea3b480ac3dff71844
Opcode Fuzzy Hash: efb7ded1898255fc8474f5ba704fdd8942f47b3a13b3602ace69159cebab6d8a
Instruction Fuzzy Hash: 08919BB7F516244BF3900928DC983A23643DBD5314F2F82788E4C6B7C5D9BEAD0A6784

Function 00449036 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d468fe6f626455cdc97b60840707f6da97a94b708ad7a0d60569882f79a1dfdb
Instruction ID: cce014db4e5174cd3ac04eabe4b51fe4d118a48d669512429988b9740778d8e4
Opcode Fuzzy Hash: d468fe6f626455cdc97b60840707f6da97a94b708ad7a0d60569882f79a1dfdb
Instruction Fuzzy Hash: 22915CB3F5162507F3444878CDA93626683D795320F2F82388F59ABBC9CD7E9D0A5384

Function 00434316 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72aa9f7b9096f372ae3e7c5d5a02d3fc2d3b99d9e2a80e8c47dea582b89cc105
Instruction ID: 95be8673ae4c513eaad288d48d2a86ca4393aea966d4cce77240a873ee7fe9a3
Opcode Fuzzy Hash: 72aa9f7b9096f372ae3e7c5d5a02d3fc2d3b99d9e2a80e8c47dea582b89cc105
Instruction Fuzzy Hash: 629179B3E1112547F3500D28DC983A2B6929B91321F3F82788E9C6B7C5E97F5E0997C4

Function 00442387 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44268dc8d6b102f41aa2c87eaf92fbb1e0ca5e40f2fbbfdbcd0110774a659e64
Instruction ID: 5ab23d513f36b2dd186accabd6a126cb1c154f838716f94f2e01f2c1cf99dd7a
Opcode Fuzzy Hash: 44268dc8d6b102f41aa2c87eaf92fbb1e0ca5e40f2fbbfdbcd0110774a659e64
Instruction Fuzzy Hash: 038137B3E1023547F3A84878CD683A2A6939B95320F2F82788E5D6B7C5DD7E5C0A5384

Function 004DC02E Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fb3e14b9eacef6f184be781c7866f858435c2eca62eb19f41fe1dd8b9f0c8a3
Instruction ID: a8758b95c47a62ddef5871596fed528e1821a807f888520fad3a1002eb798f1f
Opcode Fuzzy Hash: 0fb3e14b9eacef6f184be781c7866f858435c2eca62eb19f41fe1dd8b9f0c8a3
Instruction Fuzzy Hash: 04815AB3F5162547F3884928CCA83A62583DB95324F2F827C8E996B7C5DC7E5D0A5384

Function 004983C4 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96ccebfcc5fc82bfe700d79c59eb1447f660269b15dffdc0f074da5bed2fc4c9
Instruction ID: 95ddfd1b6004d1dc2cb372abe59b89f311cbf28555ad3736a844a233788e611a
Opcode Fuzzy Hash: 96ccebfcc5fc82bfe700d79c59eb1447f660269b15dffdc0f074da5bed2fc4c9
Instruction Fuzzy Hash: 7B818CB3F116254BF3544938CD583A26683DB95324F2F82788E48ABBC9DC7E6D0A53C4

Function 0046A49E Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd862eb60f7913634d40154c5eb639fd58f429c442f50f8e87a509ceb073f7f6
Instruction ID: c5987cc0ffba4f3f7aafb2a605f334b0cac9c340a81df27d24a0c1bb6f24239e
Opcode Fuzzy Hash: bd862eb60f7913634d40154c5eb639fd58f429c442f50f8e87a509ceb073f7f6
Instruction Fuzzy Hash: 4891AAB3F115244BF3904929CC983A272539BD5310F2F8278CE4C6B7C5E9BE9E4A9784

Function 003D9019 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaa09a35ca324bbe917d3d4e6690e852b5da8a907e6cf013baafbfefb511cfbe
Instruction ID: e20693d0a8a39acdcc23ffad22fefb9a8ebeed42596437529b846cd5e902512e
Opcode Fuzzy Hash: aaa09a35ca324bbe917d3d4e6690e852b5da8a907e6cf013baafbfefb511cfbe
Instruction Fuzzy Hash: 64918CB3F111348BF3504E68CC983A27692EB95320F2F82788E58AB7C5D97E5D0997C4

Function 004D828A Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 226cafad3b0a8784b14e3542df2299f14c5a0309c5657935d3aa95cb9eff2a01
Instruction ID: 8e596b23405bc31e9fe395a3f2752577e8c6625e7a7138c2844089f1fbf4c745
Opcode Fuzzy Hash: 226cafad3b0a8784b14e3542df2299f14c5a0309c5657935d3aa95cb9eff2a01
Instruction Fuzzy Hash: 9B81BCB3F516214BF3404969CC943A27683DB95321F2F82788E5CAB3C5D9BE9D0A57C4

Function 0046C3A9 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21cf393ac7d23c1a63af37b956309c2cbb0151a9a85a936c08fce8d4ab6dd3ec
Instruction ID: b02116f13d6bd987aa5abb034f70335540c99eab08cd33aead2c77adda89d2da
Opcode Fuzzy Hash: 21cf393ac7d23c1a63af37b956309c2cbb0151a9a85a936c08fce8d4ab6dd3ec
Instruction Fuzzy Hash: 2291BEB3F1162547F3544D28CC943A27683DB94321F2F82788E8CAB7C9D9BE5D0A9784

Function 004CC3C6 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45cae6f186b9caf4bef96015cac2133e85835500a843b594dc048a18859ae9cb
Instruction ID: 2614b89c306a03e627ccdd1f2d36b886fd832125d42b99fc62b4edc04a7b1c95
Opcode Fuzzy Hash: 45cae6f186b9caf4bef96015cac2133e85835500a843b594dc048a18859ae9cb
Instruction Fuzzy Hash: 36818EF3F1161547F3844964DC983A27683EBD5314F2F81788B489B7CAD9BE9D0A5388

Function 004CA2CC Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4e80e83e0a08d5bfd41564a68506389a83a2d21f08f88b92df577639b11369c
Instruction ID: 71a73b551a2013e5e66722bfdf632df8c2123261dacdf0d98ff52b20c81967f8
Opcode Fuzzy Hash: c4e80e83e0a08d5bfd41564a68506389a83a2d21f08f88b92df577639b11369c
Instruction Fuzzy Hash: E781CFB3F1022547F3544D28DCA43A27683DB90314F2F427D8B599B7C5ED7E6D0A5288

Function 0048E0C5 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5fff0619537e3a752e86382137d84f71ce7724e1b091dfcbf45de087e8b036
Instruction ID: 9d4e0be0373a5d154cdd8ae946ab8fc2a3440f1fb0611ef43ba976e75ce9bd80
Opcode Fuzzy Hash: 2e5fff0619537e3a752e86382137d84f71ce7724e1b091dfcbf45de087e8b036
Instruction Fuzzy Hash: 26816AB7F216250BF3544879CD9836266839BD4314F2F82788F5CAB7C6E8BE5D0A5384

Function 004121C7 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e8de6ad2a37ee8c4feadf263c593b199bea77a55a6841716db5d32445ca2d9
Instruction ID: cf44fc2df0e4c7dd26f4c8c608f16c4311203360d7fa2d0d7165db8c972c81a4
Opcode Fuzzy Hash: 29e8de6ad2a37ee8c4feadf263c593b199bea77a55a6841716db5d32445ca2d9
Instruction Fuzzy Hash: D28167F3E2192547F3584924CCA83A27252DB95324F2F82B88E5C6B7C5D97E5E0A93C4

Function 004843A7 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4ce71290041232d06dad4f18d52d3644f56c3defdcdd1219533b89605c3b748
Instruction ID: 05abe90d1a9d3516bddcf9adb06ac631430063a851f6e0f98706d77d8be78949
Opcode Fuzzy Hash: c4ce71290041232d06dad4f18d52d3644f56c3defdcdd1219533b89605c3b748
Instruction Fuzzy Hash: 42819EF3F1112547F3504D29DC943A26693EBD5310F2F86788E48AB7C9E97E9D0A9384

Function 0046018C Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d627934df752a1158a1efe323038ef4f532fd9dbbf97540d743e14c357c7f43e
Instruction ID: 9ff4db65d8dfdf9a52043dd9d050f37e3ab30382a5086f064d3f69b6175add09
Opcode Fuzzy Hash: d627934df752a1158a1efe323038ef4f532fd9dbbf97540d743e14c357c7f43e
Instruction Fuzzy Hash: 70816BB3F2152547F3884938CD683A26683D7D5314F2F82388F59AB7C5DD7E9D0A5284

Function 004943FA Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c1e9a128f77569fb4b59fa6482c79b0dc54a792c43a8e136070510ca7b4dba
Instruction ID: 0d3dbdd2bed4cd47674418b4a6fa02692ef67cedb6be14f5e58fc1fef5328f17
Opcode Fuzzy Hash: c0c1e9a128f77569fb4b59fa6482c79b0dc54a792c43a8e136070510ca7b4dba
Instruction Fuzzy Hash: 8081C0B3F116254BF3544D68CC983A27283DB95320F2F42788E5D6B7C1E97E6D4A6384

Function 004E4144 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c65d60ca0bd3fbad5300b0d9226e37dea6e6e306662330e648664906f974f208
Instruction ID: 3f9f8cd763d20f22e0829805ce74ab6f02134654255507ef87a05fd111c4a890
Opcode Fuzzy Hash: c65d60ca0bd3fbad5300b0d9226e37dea6e6e306662330e648664906f974f208
Instruction Fuzzy Hash: FF818CB3E516264BF3544C78CD983A266839BD0320F3F83388E9867BC9D97E5D1A5284

Function 00418221 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e75af53f1c3190f9d8c589338b88c5bfcf6266140afd51aa4a8a02a07f0f39
Instruction ID: f6b738b7c514d0b4bb34f027e0c79b426a3f758bcdf051a0fe0bb8a803221c7b
Opcode Fuzzy Hash: 16e75af53f1c3190f9d8c589338b88c5bfcf6266140afd51aa4a8a02a07f0f39
Instruction Fuzzy Hash: 98817AF3F1162547F3844978CD983A26683D7A5324F2F82788F58AB7CAE87E5D095384

Function 003EE3D3 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5beea0564517ebe85c712d3851be1ff0f7b7091523133d7e06b43db61fafdac0
Instruction ID: d0716947e19d58690f0a9673fa3adb2a6d95f61eaf8d7e05be349197727934a0
Opcode Fuzzy Hash: 5beea0564517ebe85c712d3851be1ff0f7b7091523133d7e06b43db61fafdac0
Instruction Fuzzy Hash: 2C81BCB3E016254BF3444D24CC983A27243EBD0315F2F81788F496B7CAD97E5D4A5788

Function 004E452A Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b8118b0ac9912460feb5279dbf4dd0d8ffaa7e0ebd9c9ef498f14d9614ff761
Instruction ID: 03912cee47b51283f7470ce69490273b17f41630475c44432e0dd2d6a9d2e297
Opcode Fuzzy Hash: 7b8118b0ac9912460feb5279dbf4dd0d8ffaa7e0ebd9c9ef498f14d9614ff761
Instruction Fuzzy Hash: 0F818AB3F106254BF3984D69CC943626683DBE5311F2F82788E48AB7C9E97E5C0A5384

Function 004C4169 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d37a0224a84b2f4424d8dc01db0e3b94ea3f16015ef5b374b2b14429465830ce
Instruction ID: 1016e6f9295e7f1b1c1830fec36d5ce6a4fb648d78dfcbdc50b8dc3d47bbba01
Opcode Fuzzy Hash: d37a0224a84b2f4424d8dc01db0e3b94ea3f16015ef5b374b2b14429465830ce
Instruction Fuzzy Hash: 4381C1B3F1162547F3544E28CC943627393DBA5321F2F82388E586B7C5EA7E9C1A9784

Function 0043E342 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05be6d5c2fe7fcc9f1c8dc5c755069259c157aa29c63d4825a1a12f49b4d7826
Instruction ID: d1b73fec6a3b4b0a6a6cc09af505b3a8a5127d8ae46cbb4ee42c1b9d720d9f7d
Opcode Fuzzy Hash: 05be6d5c2fe7fcc9f1c8dc5c755069259c157aa29c63d4825a1a12f49b4d7826
Instruction Fuzzy Hash: 668159F3F1152447F3440928CCA83A266539795325F3F82788E5C6B7C5E97F6E1A9384

Function 0049914D Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7375cc97b449d40a095179d205fa20481b4aa277f0d0d929171286f6c7d8e18e
Instruction ID: 2cbdbe3707d0c8ee0bea5cd7b1f87356d1b01f538aacfc37c324028d8386bf4e
Opcode Fuzzy Hash: 7375cc97b449d40a095179d205fa20481b4aa277f0d0d929171286f6c7d8e18e
Instruction Fuzzy Hash: 09819CB3F1062507F3940868CDA83A66683D791324F2F42388F5CAB7C1E9BF5D495388

Function 0042E40F Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8fd8f9cb780b8e06cd6bce3c6d5a6f731ef8369c7e1efcd7fb6ab98ee90826
Instruction ID: 99f50da584817236e4c09822c13b78c877055fe67f6767c117da0890e085a4c2
Opcode Fuzzy Hash: fc8fd8f9cb780b8e06cd6bce3c6d5a6f731ef8369c7e1efcd7fb6ab98ee90826
Instruction Fuzzy Hash: AE813BF3F215254BF3944929CD5836266839BE4311F2F82788E8CAB7C9D97E5D0A53C4

Function 004FA4A8 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9c40a7ce43e9f9cbcd44a894b13371e2050a9cbfbb379f888536ea72b48adbf
Instruction ID: a82d10c5c79fe57c113cf240f55850e5db7cf357309b9e4fbb640c3984f329c8
Opcode Fuzzy Hash: f9c40a7ce43e9f9cbcd44a894b13371e2050a9cbfbb379f888536ea72b48adbf
Instruction Fuzzy Hash: 09817BB3F1112547F3504D64CC583A2B693EBD1720F2F82788E88AB7C5D97E6D49A784

Function 0043664F Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3808610c699b6bce8423dff101d437adddf524a310b0f0973a70a171160f53f0
Instruction ID: 4a7d82b8094a7e8cced2781a7a1e496f1357360a1e4f7442efdbdf589b5f077e
Opcode Fuzzy Hash: 3808610c699b6bce8423dff101d437adddf524a310b0f0973a70a171160f53f0
Instruction Fuzzy Hash: 32816AB3F116244BF3644E19CC94362B293DB94315F2F81788E886B3C5E97F6D199788

Function 004C2679 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e19c61915dd456e163f4bd36b340717276bcdabb34306d3e7343c0c38aa871a
Instruction ID: 287e66ace9c3f9a4d421801048398c15047e91d9d8bdde197766d1c52c0fab5c
Opcode Fuzzy Hash: 3e19c61915dd456e163f4bd36b340717276bcdabb34306d3e7343c0c38aa871a
Instruction Fuzzy Hash: 9781B9B3F116214BF3544928CCA83A26683DBD1325F2F82788F4D6B3C6D9BE5D0A5384

Function 003FC02D Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6e2314a0985920923eb8383783b131d6b445861e892a104a344ac8e30e40a68
Instruction ID: de42ae1ca1cdf0cf879a826bcd21eef8b758c4ce037fea6cc6799e47139bd50f
Opcode Fuzzy Hash: f6e2314a0985920923eb8383783b131d6b445861e892a104a344ac8e30e40a68
Instruction Fuzzy Hash: 9A819EB3F512254BF3544D38CD983A27683DB95314F2F82788E88AB7C5E9BE9D095384

Function 0052C037 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30be04af2786436c90db37257dbcbed21b398e0eb6328eff8a1b327abe0c35f1
Instruction ID: fd0c63b3d79043851a7fef638f9aa327851ff1f1663a7a66f1d3b1ef1ff1c899
Opcode Fuzzy Hash: 30be04af2786436c90db37257dbcbed21b398e0eb6328eff8a1b327abe0c35f1
Instruction Fuzzy Hash: D6818AB3F112244BF7544D28CC943A57683AB95320F2F82788E9CAB7C5E97F1D4A9384

Function 0045D0BE Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb4d9c84dce55a9b3e8485cfb2e8fe2276214ca0ae250c4c1c17a60d36b9d04c
Instruction ID: b1028764abc86d1ca9fecb2a5f1d786def8c79b36df2ee7df9e70ada50eaf0c6
Opcode Fuzzy Hash: bb4d9c84dce55a9b3e8485cfb2e8fe2276214ca0ae250c4c1c17a60d36b9d04c
Instruction Fuzzy Hash: FC81B1B3F1162447F3940D28CCA83A27293DB95325F2F82788E586B3C5DD7E5D0A9784

Function 004562BA Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 457dd21b37741ff38d06a5e34f48daeb93cbe304e800f59b970a8897f2754f66
Instruction ID: 301f569f0a160a4cc8c5556d4f0119fe0bebee0743bd06a230b681e7cd0c1109
Opcode Fuzzy Hash: 457dd21b37741ff38d06a5e34f48daeb93cbe304e800f59b970a8897f2754f66
Instruction Fuzzy Hash: A68188B3F116254BF3540928CC583A27683DBD5315F2F82788E4CABBC9D97E9D4A9384

Function 004EE118 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 629581c3cb45e1406e72d487ceb80e5a82bbf49a7996675cde7180f6fb29bb86
Instruction ID: bd660e968dba02993a56f1438f17beedf1b8ee7f7c6c4305c345906916bd56ea
Opcode Fuzzy Hash: 629581c3cb45e1406e72d487ceb80e5a82bbf49a7996675cde7180f6fb29bb86
Instruction Fuzzy Hash: E08166B3E2162547F3544D29CC58362668397E5321F3F82788EACAB7C4DD7E9D0A5384

Function 004C657C Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65dd820257e550dcf064da4eb8d20896dc42a8c43ed21fabf98c6cbafbe9238b
Instruction ID: 84c9d5af877790e827be9fc6574762cffa5a69d3695b0c421b1a880d4237cdc7
Opcode Fuzzy Hash: 65dd820257e550dcf064da4eb8d20896dc42a8c43ed21fabf98c6cbafbe9238b
Instruction Fuzzy Hash: 57816AB3F1022447F3644D29CCA836272829B95325F2F82788E5CAB7C5D97FAD0952C4

Function 004C02E1 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e64e401d17f7d5084ad86662d6fed481f6a891d507da688f61515c01906cb6
Instruction ID: eb91d1751ab5d661a21bcaf9ad74bb1a9ccdca8fd8f78ecbee4ce20f9f5ba6f7
Opcode Fuzzy Hash: e5e64e401d17f7d5084ad86662d6fed481f6a891d507da688f61515c01906cb6
Instruction Fuzzy Hash: 6381A0B3F1122547F7884D68CCA83A67293DBD5310F2F82398E495B7CADA7E5D099384

Function 004300A6 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bb5980f55e7772fe766636ca2952cf8b8ec291bb92379024bc101233b842d22
Instruction ID: 85630ed68c33b0e863b9a1935afde5045bd549a5ecbde9f1cb191447d1894100
Opcode Fuzzy Hash: 2bb5980f55e7772fe766636ca2952cf8b8ec291bb92379024bc101233b842d22
Instruction Fuzzy Hash: 9C816BB3F1112447F3544968CC983A2B293DB95325F2F82788E886B3C5D9BF6D1997C4

Function 003E51B9 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ce87ee480b7b81ead653bd0b253ac9ed9177aa36a23f793bdbb7f53ed294f5b
Instruction ID: 077eaa0b57ccd35cc2b46eed7b46667077835f90de6bbac37e78bfbe39aed572
Opcode Fuzzy Hash: 7ce87ee480b7b81ead653bd0b253ac9ed9177aa36a23f793bdbb7f53ed294f5b
Instruction Fuzzy Hash: 96819BB3F112204BF3944939CDA836266839BD5324F2F82798E9C6B7C5DD7E1D0A9784

Function 0044A44D Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3544d16b1662067b9b6e6661186752f73f62456de6e530b522d361e2f657f412
Instruction ID: 9b66d5376fb38acfd43c3ca70501a9577f9d93da34943f0a22ceccd0bbbb3ae9
Opcode Fuzzy Hash: 3544d16b1662067b9b6e6661186752f73f62456de6e530b522d361e2f657f412
Instruction Fuzzy Hash: 09819AB3F1162547F3884939CD683A266839BD1320F2F82388E596B7C9DD7E9D4A53C4

Function 003FE4D7 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f290673fcd3b5edbcb0ea0f702fee421807ffcac6ed7110d7aa8caf476410d9
Instruction ID: 7ad3b64338f5ae179cca7c3a1de2245e6330ceb2b39dbd48e5296062bcad93d1
Opcode Fuzzy Hash: 0f290673fcd3b5edbcb0ea0f702fee421807ffcac6ed7110d7aa8caf476410d9
Instruction Fuzzy Hash: 1A8169B3F5162547F3904D24CC983A26283DBD5721F2F82788E886B7C9E97E5D0A53C4

Function 0051E643 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925ef730db9431118745308d5ce5daf19f0684cc4cdc6b84e68a701062258664
Instruction ID: f93fea496939fae6b3a156b392bf034d9537cf6b36ff5942cd3fe3a314c8ee2a
Opcode Fuzzy Hash: 925ef730db9431118745308d5ce5daf19f0684cc4cdc6b84e68a701062258664
Instruction Fuzzy Hash: 27815BB7F1112547F3444929CC543A27683ABE1324F3F82388E58A77C9EE7E9D1A5384

Function 004C5146 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4efa5e6f58b9a8c86115d778080330fe1aa8c9467622285e63b0e875d699d89b
Instruction ID: f525b2792534bcc0213c346ef3cfef87fa25f8072f05135365f36c4f3a537626
Opcode Fuzzy Hash: 4efa5e6f58b9a8c86115d778080330fe1aa8c9467622285e63b0e875d699d89b
Instruction Fuzzy Hash: 428189B3F0122547F3984D39CCA83A67683DBD5310F2B827D8E096B7C9D9BE190A5384

Function 00464101 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 659003423817f1aff15f905fc55082ed49cc8c9090ceb133f375ab8ba585e119
Instruction ID: ad6cd2be2ec0158d40bdba221dc90c72dd367b6194f9dbf710cc427c8cf1a56d
Opcode Fuzzy Hash: 659003423817f1aff15f905fc55082ed49cc8c9090ceb133f375ab8ba585e119
Instruction Fuzzy Hash: 5B8169B3F1122447F3944D29CC983A276839BD4311F2F82788E986B7C9D9BF5D4A5388

Function 003F03F2 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc243856b5bcb0fe1656e4a33039316ad55c4d1a009adb4a807b236552e9b60
Instruction ID: d91e684625178a961aa328d83306f9da94ae8f5585e4823ec27e97284bf8b091
Opcode Fuzzy Hash: 4bc243856b5bcb0fe1656e4a33039316ad55c4d1a009adb4a807b236552e9b60
Instruction Fuzzy Hash: 6D81ACB3E1152547F3544D28CC943A27293EB91320F3F82788E58AB7C5D97E9D499380

Function 00494086 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 176fd27f8ac58d8b34b323e2f556cb361e6b71f9a9b94ce59564ab8882076cc9
Instruction ID: 30b7de6e756d10c5e77f1c44229a170e20db10dbdecf71a9d74d19f87b805e2a
Opcode Fuzzy Hash: 176fd27f8ac58d8b34b323e2f556cb361e6b71f9a9b94ce59564ab8882076cc9
Instruction Fuzzy Hash: BE717CB3F102244BF3504E29CC983A27693EBD5310F2F82788A5C5B7C5D97E6D4A9784

Function 0045236A Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 509b77b5bb67260761b55bf21f08d621ad21b7db4d5093790620ecd7f580aa78
Instruction ID: 80cd4f92aa7bd9e2d2778ceaa5cf1c91dd5deb6682f3b0077c983b610ca30f55
Opcode Fuzzy Hash: 509b77b5bb67260761b55bf21f08d621ad21b7db4d5093790620ecd7f580aa78
Instruction Fuzzy Hash: 5781C9B3F2162547F3544E28CC943A17293EB95320F2F82788E586B3C1DA7F6D49A784

Function 0047C56A Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f326eb11ead07d58691d76aa691ddf488f103acd986adc40ed794098220ba56
Instruction ID: 5f0aaa3de03e09d214449ef50196b72217ada60b92c025bd10a481cf5f1129ba
Opcode Fuzzy Hash: 0f326eb11ead07d58691d76aa691ddf488f103acd986adc40ed794098220ba56
Instruction Fuzzy Hash: 73819BF3F1162547F3444D28CC943A27243DB95710F2F82788E986B7C9E9BE6D499388

Function 00445036 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 734d52507042dc94927041259990a4476db0908060f0822b280844797b9c96a3
Instruction ID: 91c61087d8a860b63b13a488af7219fdd6ca3acf2ffdc7e1b327dd15f17575bb
Opcode Fuzzy Hash: 734d52507042dc94927041259990a4476db0908060f0822b280844797b9c96a3
Instruction Fuzzy Hash: E2718CB3F1122547F3A44D29CC583A672839BD1320F2F82788E8C6B7C9D97E5D4A9384

Function 004B0396 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78c6850c2ac02f42463240eb0096e79ff1d7a488e835e3f0c9ec031124e2a5d7
Instruction ID: d207bbb82e55c22fca545e48b124df706504d4d2b211bdd08cea6e43eed1bcf8
Opcode Fuzzy Hash: 78c6850c2ac02f42463240eb0096e79ff1d7a488e835e3f0c9ec031124e2a5d7
Instruction Fuzzy Hash: 1B81D3B3F101258BF7544E28CC943A2B693EB95321F2F82788E186B7C4D9BF5D499784

Function 005180A0 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18203289ff89e5e9c91fb8bd3452f08a3a50eba1377db9b32a601ed2a1345de8
Instruction ID: ace10d101666e668b87b80ef81c448499860dae9a06cce314050981b9f3bbf9a
Opcode Fuzzy Hash: 18203289ff89e5e9c91fb8bd3452f08a3a50eba1377db9b32a601ed2a1345de8
Instruction Fuzzy Hash: 6E7190F3F2152507F3580824CD693B276829B91324F2F82788E5DAB7C5D97E9D0A53C8

Function 0047657C Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccf2af260fd84d7147d08aef46de953cb3448f0ba54550c2a3423b12c3a16aea
Instruction ID: 68f706c56000749332e9bc5300b535bec6ed7f0b65bae8cf2a9009b4d92fe196
Opcode Fuzzy Hash: ccf2af260fd84d7147d08aef46de953cb3448f0ba54550c2a3423b12c3a16aea
Instruction Fuzzy Hash: 3B71C8B3F216244BF3540D28CC9839266839BE5320F2F82788E5C6B7C5E97E9D0A53C4

Function 0044A0AF Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 539201e376e9c06615cd16494f1d6faef235b114e912cfad71d4b501421af085
Instruction ID: ab11a7e30d18546de087e5cd5e96f52516510e6d340a401b8b4fdab0674980a1
Opcode Fuzzy Hash: 539201e376e9c06615cd16494f1d6faef235b114e912cfad71d4b501421af085
Instruction Fuzzy Hash: 167157B7F016254BF3540D29CC983A27653AB91325F2F82788E8C6BBC5DD7E5D0A9384

Function 004782A8 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 981795e2cf1889cb1cbe3a5cd7c1f626befe9be28175f0c237c3b79da32e3bee
Instruction ID: 126bcc9519c457f2759418a58f041cc622a40731cf39ec511a6dc0ba12811edd
Opcode Fuzzy Hash: 981795e2cf1889cb1cbe3a5cd7c1f626befe9be28175f0c237c3b79da32e3bee
Instruction Fuzzy Hash: FE717CB3F1162547F3804E28CC983A27253EBD5711F2F82788E485B7C5DA7EAD19A784

Function 004CE25D Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c2d96bbab1618f32f9629c9192ab69c95be2813b441517e6237bb9e068a9748
Instruction ID: 1ddd8ed44cd646138737cb32f1ae3c5ab92d7a89249a4f577d196b7700f4cda0
Opcode Fuzzy Hash: 6c2d96bbab1618f32f9629c9192ab69c95be2813b441517e6237bb9e068a9748
Instruction Fuzzy Hash: 45717AB3F1122547F3948939CDA83A275839795320F2F82788E9C6BBC5D97E5E0963C4

Function 004805CE Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95520004c0d2e09eb106b877ffe3963778617e0a4a120f3944b46a59b883c42d
Instruction ID: 5c27b81f1143b1921fecd32ed3bf0106446d4f78bc9385180a27d953b1c27b7e
Opcode Fuzzy Hash: 95520004c0d2e09eb106b877ffe3963778617e0a4a120f3944b46a59b883c42d
Instruction Fuzzy Hash: 0671ACB3F113264BF3544D68CC883A17693EBA5325F2F42798A4CAB7C2DA7E5C059784

Function 0050E1D0 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d804379eb6ad230c904711e10a8b0c254fafac3938061eb4f5835b19c20c737
Instruction ID: 17cc81f85ef1f5fce703628b6e8026c28bc2190f189d71329f770b840bbcf517
Opcode Fuzzy Hash: 9d804379eb6ad230c904711e10a8b0c254fafac3938061eb4f5835b19c20c737
Instruction Fuzzy Hash: 8B71AFB3F106254BF3444D69CC983A27693EB95311F2F8178CE486B7C5D97EAD0AA384

Function 004BD05C Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a221179da761156bfe583257214ac620550bf6a2f074dd6fba4ebde1e3983138
Instruction ID: 9c41c1774f9c98d87dede49384236cfff368a3a769b9cefd2728c118d3db88cd
Opcode Fuzzy Hash: a221179da761156bfe583257214ac620550bf6a2f074dd6fba4ebde1e3983138
Instruction Fuzzy Hash: 717178B3E1063447F3944968CD983A276839B95325F2F82788E4C6B7C5E9BE6D0A53C4

Function 004A232C Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 491f6133a145e6853d550fb3416f96e42a5e5363212788af189db68261366a60
Instruction ID: 269a28e2083967e37b7e3ff7449f895c24833f2e08894ab549f828dc5ea70d66
Opcode Fuzzy Hash: 491f6133a145e6853d550fb3416f96e42a5e5363212788af189db68261366a60
Instruction Fuzzy Hash: B7714CB3F2162547F3444929CDA83627283DBD5324F2F82788A58AB7C6DD7E9D0A5384

Function 003D64F8 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f2ff312ea55a007bbad8c67aa1cc3c7835753a9a1e621be48f96ba906f92aca
Instruction ID: 1e8c1dfcc20b3f5d3ae1ff43bcceb4ff2211d252508ff1ce825886db0c418562
Opcode Fuzzy Hash: 0f2ff312ea55a007bbad8c67aa1cc3c7835753a9a1e621be48f96ba906f92aca
Instruction Fuzzy Hash: FE7189B3F012254BF3944968CCA83A272839BD5314F2F82788F4C6B7C5D97E6C0A9384

Function 004510E6 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 898dc90ac985b2c535ccb4c3e6fc8e4b22d41510a609c91465a88f18dc454b15
Instruction ID: cadba261b808aaa1d5677ea3c1ce3890e288c935ab249bf1d3b86b4a6ddf60db
Opcode Fuzzy Hash: 898dc90ac985b2c535ccb4c3e6fc8e4b22d41510a609c91465a88f18dc454b15
Instruction Fuzzy Hash: 6D71BFB3F112254BF3504E24CC983A27653EB95320F3F42788E586B7C5EA7E9D099784

Function 004BF09C Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e78c67794cfeb0b8933d030f8bae21a47e35de40f140781d557e15b17216b8f
Instruction ID: f8008f090476d618faa53c66a08ef41a4d7f58c952afbba93b7f8e94681d38b3
Opcode Fuzzy Hash: 7e78c67794cfeb0b8933d030f8bae21a47e35de40f140781d557e15b17216b8f
Instruction Fuzzy Hash: DD71BCB3F2162547F3540928CC683A27683DBA5320F2F82788E996B7C5DD7E6D4A5384

Function 00424431 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9cf67257c077d980e6ca0e842b964e370113ff37a202df1fd169c5e28729c20
Instruction ID: 0fe100ce1a24a7d3a92e21a9fd8a53536a573e62e0b7840b712bcef489806ce7
Opcode Fuzzy Hash: c9cf67257c077d980e6ca0e842b964e370113ff37a202df1fd169c5e28729c20
Instruction Fuzzy Hash: 66717EF3F1162547F3444925CC983627693EBE5320F2F82788E586B3C5E97E5D4A9384

Function 004FC55A Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a0375c2506cf10e9e8c09ee2a529675d3669a72b8d369127f097b516072597d
Instruction ID: e8db59ddba0d87d0311fcd5f98393b7c69d6f8f8be7869443d2aae60779f1892
Opcode Fuzzy Hash: 1a0375c2506cf10e9e8c09ee2a529675d3669a72b8d369127f097b516072597d
Instruction Fuzzy Hash: 80719DB7F1022947F3544D28CD583627683DBA5321F2F82788E4D6B7C5E97E5C4A5384

Function 0042C630 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e435eaa2452bbdd6ab48530ef481a1f3c5092b6985dc654f36d7b5db86db945
Instruction ID: 08dd48550b30c70aa9e86d584f0a26c29854da0b7345c4c96d9835344e97dc29
Opcode Fuzzy Hash: 4e435eaa2452bbdd6ab48530ef481a1f3c5092b6985dc654f36d7b5db86db945
Instruction Fuzzy Hash: 9871E2B3F5162647F3544D29DC983A23683DBD1310F2F81788B489BBC6D97E5D0A9384

Function 00492125 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12fb649ef15c0c4d5006260772f8d5ff6f1289d3f5363ef489161ed779cd9087
Instruction ID: 94425353706b18e066ed82ba01b01df01009086066251c8100f312dbcddfe6f1
Opcode Fuzzy Hash: 12fb649ef15c0c4d5006260772f8d5ff6f1289d3f5363ef489161ed779cd9087
Instruction Fuzzy Hash: 5E719AB3E1152547F3544D38CC683A276939B91320F2F83788E686BBC9EA7E5D0993C4

Function 003E907E Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aeac1567bdaaeb5861b8951a449ac50dc49eedeadcf4c2f981c289ecad83c2b
Instruction ID: c59eb7aca41031d6547ea46ccd000f6499cd7411c9a0ebb7346543c0a22b6da3
Opcode Fuzzy Hash: 2aeac1567bdaaeb5861b8951a449ac50dc49eedeadcf4c2f981c289ecad83c2b
Instruction Fuzzy Hash: 9B617DB3F002244BF3548E29DC943627293EBE9711F2F81788E485B7C9E97E6D099784

Function 003FA04F Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce40cce0762be580ff8b5dd720583365c07bb88f1199a007bab29eb668977ef
Instruction ID: 8263fc81433633516594146c3e53b0fda39f4a35f7833d2b726983ad14efacc4
Opcode Fuzzy Hash: 2ce40cce0762be580ff8b5dd720583365c07bb88f1199a007bab29eb668977ef
Instruction Fuzzy Hash: 34718CB3F212254BF3944939CD993627683DB91320F2F82788E58AB7D5DCBE5D0A5384

Function 003DA4FE Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be569c2792d40c6e489f6040ed77f6025bfd3030c799af4b3ca5bbf83ed786bb
Instruction ID: 9091c47e84f068bf04ab74dbb12de283894665fa6fd95c19c296ed6c4d77394a
Opcode Fuzzy Hash: be569c2792d40c6e489f6040ed77f6025bfd3030c799af4b3ca5bbf83ed786bb
Instruction Fuzzy Hash: 0C7179B3E116258BF3500E25CC543A27693EB95311F2F81BC8E986B7C5EA7F6D099384

Function 00402430 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4daf042659d6ce9a3a5792bdc0b21faa8abd1eeb789eee8b67393f2aeac820f
Instruction ID: b87bddecd4ddf5299afae705ae4bf9b9fe4d39dd7efc24f3b99405cda46d76b5
Opcode Fuzzy Hash: e4daf042659d6ce9a3a5792bdc0b21faa8abd1eeb789eee8b67393f2aeac820f
Instruction Fuzzy Hash: 24619DB7F106254BF3944978CDA83A262839BD5314F2F82798F4CAB7C5E87E5D0A5384

Function 004F7059 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 408f947f47b573e11b00331d7efedd3fa48ee9952a6a0cfc7e0445f112a7dcd7
Instruction ID: 34908af87424fc8d830379c2ad01882cebf0c6fb60d0371fed50fefcff130bb1
Opcode Fuzzy Hash: 408f947f47b573e11b00331d7efedd3fa48ee9952a6a0cfc7e0445f112a7dcd7
Instruction Fuzzy Hash: EA6149B3F1162447F3844968CC943A26283DBD5325F2F82788F596BBC5DD7E5C0A9788

Function 004103C0 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6778f347406d54a5e948ec0b6daa43e3211c0e679cc466180ba0422cc5d90c8
Instruction ID: 51654500efddd3d9567087b507626931d5b91e3162d4ae50f85500c55feebd66
Opcode Fuzzy Hash: d6778f347406d54a5e948ec0b6daa43e3211c0e679cc466180ba0422cc5d90c8
Instruction Fuzzy Hash: 5F619CB3F1162447F3944929CC98362B6839BD5324F2F82788E5C6B7C1D97E5D0A9384

Function 00466511 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eec33d6aa11eb15d201597e096c4cffd5856ac9330296618657d9d085109810b
Instruction ID: 4683e219c06c2a60377a4137dfe88be8cb0d307130194e1c4ae20bb07ed06af2
Opcode Fuzzy Hash: eec33d6aa11eb15d201597e096c4cffd5856ac9330296618657d9d085109810b
Instruction Fuzzy Hash: ED6149B3F512244BF3944938CD583A67583DBD5310F2F82388E49ABBC9D9BE9D0A5784

Function 004B4592 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 379ab609e9e59eca728e3bf90432c6a2dac4091e979ea6c19249d9f628217fe9
Instruction ID: 9fca58637234b56c04fabebdb8fd4fc9bdb370527ca3c18936746dcd1378f63b
Opcode Fuzzy Hash: 379ab609e9e59eca728e3bf90432c6a2dac4091e979ea6c19249d9f628217fe9
Instruction Fuzzy Hash: 06617CB3F112144BF7444D79CCA83A13653EBD5320F2F82788A595B7C9DD7E690A9384

Function 00444141 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 611c546fd00587b57fd1cea1b67ce3ef37764f8005bb9bd5a949b7d8d45b1970
Instruction ID: b587383a7deca3a057992b1d61d7fe540d073ee29e4b270fc085884e686e1b7c
Opcode Fuzzy Hash: 611c546fd00587b57fd1cea1b67ce3ef37764f8005bb9bd5a949b7d8d45b1970
Instruction Fuzzy Hash: 4A6188F3F1162647F3504D29CC843627683DB95325F2F82788E58AB7C9E97E9D0A5384

Function 0042F04A Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27c3484a301b71602a6eb39eeedd699de72256132d7adec29650ed46b2c980f7
Instruction ID: 2fcdfc8fb182b7b4900baff96c67eca9fdd1c5266662b2299de70b266240e66d
Opcode Fuzzy Hash: 27c3484a301b71602a6eb39eeedd699de72256132d7adec29650ed46b2c980f7
Instruction Fuzzy Hash: 71615A73F115258BF3404E25CC643A27393EB85321F2F81788A599B3D4DA7FAD1AA784

Function 003ED176 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bfdcd0890813213e929b8ec4dc569d325493b72a9ad6bff82e04691e97cb517
Instruction ID: 9d59a52430c8cf6914294d0c9839f5dc47c65c685ce9644bcaecb36d2a2d2e23
Opcode Fuzzy Hash: 7bfdcd0890813213e929b8ec4dc569d325493b72a9ad6bff82e04691e97cb517
Instruction Fuzzy Hash: 3461CEB3F1112547F3444D29CC58362B693EBD5320F2F82388A98AB7C8CD7E6D0A9784

Function 0051008A Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7999996a44a2315a15239e2aeb4c5e0d3a5b6d4a25b8d323864c982ce6ad924f
Instruction ID: 954de047b0fd089eba56e57c1d482d3ab54ae86c0558224acf9f5a47716754eb
Opcode Fuzzy Hash: 7999996a44a2315a15239e2aeb4c5e0d3a5b6d4a25b8d323864c982ce6ad924f
Instruction Fuzzy Hash: 5461BDF7F006244BF3544D29CC943A27293EBA5314F2F82788E99AB3C5D9BE5C0A5384

Function 00456671 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a8d2ffbaa39c39ec76aceab69157b58093cf8d87137b54a35cf495ad729a15d
Instruction ID: 1df3f3ea5249ae892d7ce5f4b6cc80037a1629bd08e47fcf924c9db3ffac8367
Opcode Fuzzy Hash: 6a8d2ffbaa39c39ec76aceab69157b58093cf8d87137b54a35cf495ad729a15d
Instruction Fuzzy Hash: 78618EB3F1122547F3540D28CC68366B693DBD5321F2F82788E58AB7C4EABE9D095384

Function 00443168 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 317149a18ef44f5d3dfc12bf1458ae4ea112a147f7101273de6bbaec221ad72b
Instruction ID: 89d170591ede7d1c72361eefb0bf485efbebb67131f6a81aaadcfbbc640f04fb
Opcode Fuzzy Hash: 317149a18ef44f5d3dfc12bf1458ae4ea112a147f7101273de6bbaec221ad72b
Instruction Fuzzy Hash: 0351DFB3F115214BF3184D28CC983667683DBE5321F2F82798A59AB7C9ED3E5D0A5384

Function 004B8215 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a6beaff5983cf7bc5815b09752443f03590372c320551bbfee4752da5ee6b4d
Instruction ID: 04a890c2b8f8f05e9fea6d4e1966abe2fd4d682ab98cb7d723729fa2bae38c66
Opcode Fuzzy Hash: 4a6beaff5983cf7bc5815b09752443f03590372c320551bbfee4752da5ee6b4d
Instruction Fuzzy Hash: 6B61BDB3F1162547F3444E28CC543627393EB95715F2F827C8A096BBC8DA7EAD099384

Function 003EA388 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9019be34b79afc831205c54b246345dd4a2c604b47a6941cc4cc54eff0677c6
Instruction ID: 6b753da8da36321cc5e5aff99ea7c87ad5512d6a91d95f0cf68ed748f5e582be
Opcode Fuzzy Hash: d9019be34b79afc831205c54b246345dd4a2c604b47a6941cc4cc54eff0677c6
Instruction Fuzzy Hash: 17518BB3F216154BF3884D29CC983A67283EBD4310F2E817C8E895B7C4DD7E69499784

Function 004762CA Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67efd24db18f1753a3b74c7e5b012874c8660fac6f4a78c897c154114d4ef9e6
Instruction ID: 3f9ae57930d405ffd5a1f4835185fb9e3dfb5fd0d5c31faec964b6747fac7769
Opcode Fuzzy Hash: 67efd24db18f1753a3b74c7e5b012874c8660fac6f4a78c897c154114d4ef9e6
Instruction Fuzzy Hash: 56518BB3F1022447F3948929CC943A27282ABD5324F1F82788F8CBB7C5D97E5D4A5388

Function 0048E4C5 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dade73e5a7bc74cf6d4c9314cd8aab3fe51e4340d62d07de276ad71ff695f9cb
Instruction ID: 31eff538a14878332f82b01f2c19e84207716746b694059348de6e8472a3dde3
Opcode Fuzzy Hash: dade73e5a7bc74cf6d4c9314cd8aab3fe51e4340d62d07de276ad71ff695f9cb
Instruction Fuzzy Hash: 9D517DB3F116244BF3944A29CC953627283DB95315F2F817C8E49AB3C5E97E9D0A9388

Function 0047A6D8 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e801da93c9f6afa592fe878167806b579f149f57b09d888a262d8377bd33318d
Instruction ID: 06cab2e6624553410a25274192291e41266890c7da1fe90ff0da931a3e3f333f
Opcode Fuzzy Hash: e801da93c9f6afa592fe878167806b579f149f57b09d888a262d8377bd33318d
Instruction Fuzzy Hash: 7D5157B3E1112547F3984929CC683A272939B91324F2F827C8E9D6B7C5DD7F6D095384

Function 00430428 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7c3aca61fb3654c7322e20642abbc1ef13892534542f8a4e5aa29a1a9a02b10
Instruction ID: fab156690fb30ef19fcf3cfd4878698632cd9225ce491df2831ee74d5e043f73
Opcode Fuzzy Hash: e7c3aca61fb3654c7322e20642abbc1ef13892534542f8a4e5aa29a1a9a02b10
Instruction Fuzzy Hash: F651CBB3F1022547F3484D78CD983A27683DB91320F2F82788E59AB7C9D97E9D099384

Function 003F31BE Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4202e68d76fb603a09f2b260f131287ee29bc57f281fbaef82153245bdb56c
Instruction ID: 5be5d5176a684d9d542cf7b8fa652288f48765224a895cf5f6fe24306a279e33
Opcode Fuzzy Hash: 0d4202e68d76fb603a09f2b260f131287ee29bc57f281fbaef82153245bdb56c
Instruction Fuzzy Hash: E95148B3F1112447F7884939CDA93A22543D7E5710F2B82798B8A6B7C9DC7E5D0A5388

Function 0043407B Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe44f0f520d72e73f53fc085c12660c56e3b26b41d229391f2ee889c48001145
Instruction ID: bc4148317394ab77b3a5982d233bfbd60711a244fe7ce8fb46509f6f3881e418
Opcode Fuzzy Hash: fe44f0f520d72e73f53fc085c12660c56e3b26b41d229391f2ee889c48001145
Instruction Fuzzy Hash: 1351CAB3F005254BF3084E28CC653A27392EB95310F2F81798F49AB3C6DA7EAC559784

Function 004222D5 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01413155d68dceafd36c9f6da20f3d7f6d3b92d8d93816abf74d3b1000e8eec7
Instruction ID: 0ad34c35c2b9f55323e51fa30917e996b5ddb12db65e0628b4af0053162b1a22
Opcode Fuzzy Hash: 01413155d68dceafd36c9f6da20f3d7f6d3b92d8d93816abf74d3b1000e8eec7
Instruction Fuzzy Hash: 79517EF3F115244BF3544828CD683A23583DBD1325F2F82788E58AB7C9D9BE9E4A5384

Function 0051A433 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8badcffb9d631a2d87f4987d360dae777fe9cbc650b1f79f7324ccc10e38817
Instruction ID: 33adfa8543c82e3235b9f216497abec5bf45af2b48d47e88366a83dc930c7206
Opcode Fuzzy Hash: b8badcffb9d631a2d87f4987d360dae777fe9cbc650b1f79f7324ccc10e38817
Instruction Fuzzy Hash: 874140F3A041204BE314AE2DDC5476BBBD5DFC4360F27463DEAD957384E539590186C6

Function 0044210A Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f53bc84151e3cce20bfa8c9085ef2d5483035c9a2a3c41beb09fbd39912a98
Instruction ID: 1f0f6ba47afe8a53cadc6b72a8c4ac36e500825f89ae54bc41ef661931ce38f6
Opcode Fuzzy Hash: e2f53bc84151e3cce20bfa8c9085ef2d5483035c9a2a3c41beb09fbd39912a98
Instruction Fuzzy Hash: 2151CCB3F2122547F3944D38CD583627683CBD5310F2F82788E48ABBC9D9BE9D495284

Function 003E00F8 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9838050f3fdeb8992e76491ed4885fc82d3b930d2bc65c90bd8fc8d2e574fba
Instruction ID: 8f4a43b0d6f7bdc3d8f01b6f767d8f28cec3815832e96eeab2489e24685eb662
Opcode Fuzzy Hash: a9838050f3fdeb8992e76491ed4885fc82d3b930d2bc65c90bd8fc8d2e574fba
Instruction Fuzzy Hash: A1518BF3F1062407F3944C38CD983A26583D7A5311F2F82788E886B7C9E8BE5D4A5384

Function 004F22B9 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb6d8c30a8e0990b31fbd99980ab64e5a4a5aefbe8cebdc846992c38b036fb9
Instruction ID: 971d46304267883e015416ed6431d44c7126e0302e487590b569767f3cb13cd5
Opcode Fuzzy Hash: dbb6d8c30a8e0990b31fbd99980ab64e5a4a5aefbe8cebdc846992c38b036fb9
Instruction Fuzzy Hash: 60518BB3F2162547F3544878CC943616683DB95321F2F83788F68AB7D5DCBE5D099284

Function 004EC2A0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5e81f90b755e5ba16ee08d0f517927f42ffc2babfce1e0660373ce7ed635ae
Instruction ID: c02110eb03e8a3391c7676691645076b45ce4d193b90409a3da177d8351b43b2
Opcode Fuzzy Hash: 6f5e81f90b755e5ba16ee08d0f517927f42ffc2babfce1e0660373ce7ed635ae
Instruction Fuzzy Hash: D6516DB3F1162547F3448D29CC943A272839BD5721F2F82388E486B7C9D97EAD169788

Function 0041A604 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07b11e4e4cdd5810f95d459a599fb3769026aad8df29f4ed9bddf2f8874b9fc
Instruction ID: 637e902195464c8782a979d13ed355a1eb0847192b5cbe775cb94d23bff2a413
Opcode Fuzzy Hash: a07b11e4e4cdd5810f95d459a599fb3769026aad8df29f4ed9bddf2f8874b9fc
Instruction Fuzzy Hash: A4513BB3F2152647F3904D28CC983727252EB95310F3F42788E986B7C5D97E6E19A784

Function 004A3081 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de2067a8380b45693934e0de6500dce3ddc8d44134f00305d7517a8f84a95a02
Instruction ID: 3c697255c32310379cf499bda599735ef079776e36462af062a8098c197fe012
Opcode Fuzzy Hash: de2067a8380b45693934e0de6500dce3ddc8d44134f00305d7517a8f84a95a02
Instruction Fuzzy Hash: 56518FB3E102254BF3544D39CD583627693EB91310F2F827C8E986B7C8D97E6E499784

Function 004AC201 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec8c540340b15ac954a31120c9bf8022934b7026356a168b98171feee26939a9
Instruction ID: 14e578316c38d6a6a3eb5f9a6388afb95035f22a2ab56e779779f74afa62f091
Opcode Fuzzy Hash: ec8c540340b15ac954a31120c9bf8022934b7026356a168b98171feee26939a9
Instruction Fuzzy Hash: 1B51BDF3F1162547F3444824DCA83A222439BE5324F2F82798A5D6B7CAED7E8D0A5384

Function 00493167 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec2572b56be31527a740de300fd41b524f3c92dff1df4524b1a812934483571
Instruction ID: e8a3646044ffef64e86a42612e7cb8d5e297a2a038a37c638ec4d9c79bc68fd2
Opcode Fuzzy Hash: aec2572b56be31527a740de300fd41b524f3c92dff1df4524b1a812934483571
Instruction Fuzzy Hash: C9519BB3F002254BF3844D68CC983627692DB95310F2F82788E59AB7C5D9BE6D0997C4

Function 0050B0AB Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ded988d4ca54edbab2ccbc8799f1213c2130b3cda591e055589d2f29e3ebe856
Instruction ID: 2410a2d985817411e91d06ac79cc6ae111a51116048ae3462cba8d81ddfd2a53
Opcode Fuzzy Hash: ded988d4ca54edbab2ccbc8799f1213c2130b3cda591e055589d2f29e3ebe856
Instruction Fuzzy Hash: 0A419AB3E116258BF3504E24CC943A17253DBD4320F3F82788E582B7C4E9BF2D5AA684

Function 004824A9 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a685d3972db189f05125287b57300a91e101fd3d036a37c0d98b48828a460f1a
Instruction ID: d431c97c66cadca58fff67dfa0dd04aafaee4fe547747519c90014aeec6eba3c
Opcode Fuzzy Hash: a685d3972db189f05125287b57300a91e101fd3d036a37c0d98b48828a460f1a
Instruction Fuzzy Hash: 984167B3F5262147F3544978DDA836266439BD1321F2F82388E4C6BBC9D97E6D0A93C4

Function 00472364 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 694ff9b36f64d9eda63048a199af08bb1d86bdeb797bf3e312169609402c88fa
Instruction ID: 20661bf2dd91855c56c7b753f892372d033729b8372c5c6364ee64cabe501b55
Opcode Fuzzy Hash: 694ff9b36f64d9eda63048a199af08bb1d86bdeb797bf3e312169609402c88fa
Instruction Fuzzy Hash: ED4149B3F1153147F3A00969CC54362A6839BA5714F3F82788F5CAB7C4E97E9D0A52C8

Function 0046B133 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec8f3812bf57053817a84bb84493eca664b9acc41b17ee9486fd6c4211d13355
Instruction ID: 89b98de087f5b8e29fa4698a459328862a1e7ba09ecbaf5e8233a3e38cf10f4e
Opcode Fuzzy Hash: ec8f3812bf57053817a84bb84493eca664b9acc41b17ee9486fd6c4211d13355
Instruction Fuzzy Hash: D23148B3F5153147F76848B8CE6937659828B94311F2F823D8F4E67AC5D8BE0D0802C4

Function 0045446A Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d501cb9d51f9aa1947486ff36e9a4cf7357b76779b5891303458e4bd726e8676
Instruction ID: 5653b75c835ff9d222c5180b14738d5d3508373cba4cf0be660b11cc2c8e0cd3
Opcode Fuzzy Hash: d501cb9d51f9aa1947486ff36e9a4cf7357b76779b5891303458e4bd726e8676
Instruction Fuzzy Hash: 5B31B0B7F112188BF7444E29CC94396B753EBC5310F2B81788E482B7C9CA7E6D4A9784

Function 004F04F9 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15a7e3449794c0de1ae645a4c295ec867b09145dd9651996ebe6adc188057f43
Instruction ID: 85c87bcf2dcc4b4acd873e7029a0bf41ec5d5ae30879fd95826e637ed53989cd
Opcode Fuzzy Hash: 15a7e3449794c0de1ae645a4c295ec867b09145dd9651996ebe6adc188057f43
Instruction Fuzzy Hash: D23171F3F517264BF35848B8DD993A25542D7A1320F2F82388F28AB7C5D8AE9C4953C4

Function 0049C500 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b4e7e6eeb14a25d031a8d78098140d735968e4a1eda2cb3b3bfcaea1970c5a7
Instruction ID: 3889dd7e50722323bdf866da13ccc20f97a0dfe741bbd2180249b0a8c5c7cd5f
Opcode Fuzzy Hash: 9b4e7e6eeb14a25d031a8d78098140d735968e4a1eda2cb3b3bfcaea1970c5a7
Instruction Fuzzy Hash: 053151F3F6192547F3504469CD883926583D7E5324F2F82748E5CAB7C6E8BE9D0A52C4

Function 0046801D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d08ec429b24bc5ccc7eea6b2906ccb3219aa88be27db13792ee2f7d65577836
Instruction ID: 9648f8757b9abacc61947d1a1bdf66a4220aacc9807e469ec7b7853329dcb3a8
Opcode Fuzzy Hash: 7d08ec429b24bc5ccc7eea6b2906ccb3219aa88be27db13792ee2f7d65577836
Instruction Fuzzy Hash: 8D31D4E3E1252547F3948865DD943A2A543ABE1315F2FC1788E4C6BBCAE87E4D0A53C4

Function 004701FC Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e79c9d314783e0e81a9ed5b6cd16037fa2b649b8621257183f01f7189677346
Instruction ID: 192c9bb2ca8f58201b61dbe7b76612d5fb09ab4c15c7bb62b90ebd768e3c7b2a
Opcode Fuzzy Hash: 3e79c9d314783e0e81a9ed5b6cd16037fa2b649b8621257183f01f7189677346
Instruction Fuzzy Hash: 7F3169B3F505204BF3948978CDA93A22182DB80318F2F82398E59AB3C1EC7E5D099284

Function 003EF173 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68092ffb45f0c0cacc8494a68478d160d4ef1007e27a0d95b68bfefc82de3fff
Instruction ID: 3171a6b631bbd1c3f40de82b138470508224c5d1e538a9b84a35645adca5f21c
Opcode Fuzzy Hash: 68092ffb45f0c0cacc8494a68478d160d4ef1007e27a0d95b68bfefc82de3fff
Instruction Fuzzy Hash: 8F31A4B3F6152547F3908839CD883522983D7D4314F2F86758A589BFCAD8BE9D0A5384

Function 004570C2 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8eee072d0c2b8da5be71ca890bd2ece447282604f7568ceae6bdfe110f36936
Instruction ID: a0c1f2d0352b3a2914f803820fd84e395ceb0d22d152c126adcc3fe0f5e8a85f
Opcode Fuzzy Hash: e8eee072d0c2b8da5be71ca890bd2ece447282604f7568ceae6bdfe110f36936
Instruction Fuzzy Hash: 1F316AF3F6052107F7584839CEA83A6294397D4314F2F83388F596B7C5D8BE9D4A4280

Function 004E314B Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2dd76e8efd57f1e0752458f14f988ed6a1ff73f576a163ea5289b9611201f9a
Instruction ID: afa5aace6d2333768d88fc9349218c8c56dc486aa44b87626b268c6406fa77c4
Opcode Fuzzy Hash: d2dd76e8efd57f1e0752458f14f988ed6a1ff73f576a163ea5289b9611201f9a
Instruction Fuzzy Hash: B931E4F7E516244BF39484A5DD993A21583A7D5325F2F83348F6CAB6C5ECBE9C0A0284

Function 004EA3A9 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 544bcf12a1014b9950548851625f92e11606a26602d3a3ddc4e385a0fa695d54
Instruction ID: 66b51e13fa276902aef4916781a2c071ecb7ee7c9a40331e78da134cf054eafd
Opcode Fuzzy Hash: 544bcf12a1014b9950548851625f92e11606a26602d3a3ddc4e385a0fa695d54
Instruction Fuzzy Hash: 1B3169B7F6162107F3984868CC983A255439BD5324F2FC3788F6C6BBC5D8BE4D0A1280

Function 004E250E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2588286c87e679d0ceda80401f3cf2e9e66779a0841981a585dbf67247b8a6
Instruction ID: 969fbb50e5fefbf5c4c501eb7883970d353eb8a982dcbd1d483d4689daf5f140
Opcode Fuzzy Hash: 3b2588286c87e679d0ceda80401f3cf2e9e66779a0841981a585dbf67247b8a6
Instruction Fuzzy Hash: 3A318CB3F2262607F3844925CC583A22243EBD5321F3F82388B5C5BBC6DD7D9A0A5784

Function 004AC08A Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8008e55d04455f212550abf9dd566b31827324d269f445357f987d0b735af929
Instruction ID: 48f5a21bd26798f4e239ade5cb60131bb5d6c12d9ae37df46a72b24b5c0b4017
Opcode Fuzzy Hash: 8008e55d04455f212550abf9dd566b31827324d269f445357f987d0b735af929
Instruction Fuzzy Hash: 3831C2F3E6161247F3840834CC653B26542E791324F3F82398F69AB7C1DD7E9A4A5388

Function 0044D025 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3dca9312896d76b6654bc7ad9150cd84fe63b79f6148ad68a5e1f1692e9afc
Instruction ID: af5efbf67a5b6a6a15ba7a45d2cc751e868188fb146545f0657ab72896e45743
Opcode Fuzzy Hash: 8a3dca9312896d76b6654bc7ad9150cd84fe63b79f6148ad68a5e1f1692e9afc
Instruction Fuzzy Hash: 5D215CB3F1062607F3984839DD6936225839BD1714F3B863C8E59AB7C6DC7E9C0A5384

Function 004CA559 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c9bbb9b57ed2640486ec4f74453f8d74881d16016860920c5d27eab986022a
Instruction ID: ffb2a59c9d4c82cf3c06c412b851691233713f590d2aca19701c02e33ce2fd98
Opcode Fuzzy Hash: 80c9bbb9b57ed2640486ec4f74453f8d74881d16016860920c5d27eab986022a
Instruction Fuzzy Hash: C821CDB3F6152147F3984838DDA93B26543D790324F2F827E8B4E6B6C5DCBE580A1284

Function 0040E644 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b9faad5b375f7bee3c7524b91ac9c06e3ddb59204d91c17fce7f97245dda08
Instruction ID: 82047a18b61e7f1223ae44f5909842eb6e33d35bd410048db2157a55574927f2
Opcode Fuzzy Hash: 02b9faad5b375f7bee3c7524b91ac9c06e3ddb59204d91c17fce7f97245dda08
Instruction Fuzzy Hash: 292119B3F116254BF3944875CD983A26583ABE1325F2B8278CF1C6BBC9C87E1D4A5284

Function 004330DD Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f1cb2f4172fe39d3a7ee070ad927d28d21c3b1bb2cca1009e9b631a6645c3eb
Instruction ID: 6bc0ef958951c2b4563a8c500a9c2b4d228302429a67588661650cf00d30ee39
Opcode Fuzzy Hash: 7f1cb2f4172fe39d3a7ee070ad927d28d21c3b1bb2cca1009e9b631a6645c3eb
Instruction Fuzzy Hash: 5F21D4A7F1122107F3984964CD6936655439BC0360F2BC23A8F892BBC5DDBE5D0A53C4

Function 0050644C Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9742cf1d8fd38eaa84daca7aea6a0b73e6306bffcbd08ca9f0a751cc02363be
Instruction ID: 903a660bdab4209bb6901dfff51a401f0bacaf90b44b5d1e4ca6fdd8f4119939
Opcode Fuzzy Hash: f9742cf1d8fd38eaa84daca7aea6a0b73e6306bffcbd08ca9f0a751cc02363be
Instruction Fuzzy Hash: A11127B7E605364BF3A04879CD063626283ABD5714F2B82798E4CA7BC4DC7D5C0A5384

Function 0043D123 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6915300a8049cf6b06a45725bd59e32dca933437d085994eb84e84489683515c
Instruction ID: 874ebda577a7d16276e7218841544a40099c2913753cd9b76c67bedbd1b8fafc
Opcode Fuzzy Hash: 6915300a8049cf6b06a45725bd59e32dca933437d085994eb84e84489683515c
Instruction Fuzzy Hash: 5B1127B3F1152447F7944839CC613A261839BD6324F2F82B48A699BBD5DD7E9C0A6780

Function 00450418 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1910713833.00000000003CA000.00000040.00000001.01000000.00000003.sdmp, Offset: 003C0000, based on PE: true

Associated: 00000000.00000002.1910662709.00000000003C0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000662000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910713833.0000000000670000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1910956201.0000000000671000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911105525.000000000081A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1911122255.000000000081C000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f8e90d7f59339d6a9c7984857f9a4b71d5e7643fb7cf298e84664c395f5b448
Instruction ID: f4c2812d5f35c1f0ffc4d0a8acfdc6f34fdb9f3d9fc2bc36e1a8e4e26c7dc445
Opcode Fuzzy Hash: 5f8e90d7f59339d6a9c7984857f9a4b71d5e7643fb7cf298e84664c395f5b448
Instruction Fuzzy Hash: 3F1157A3F51A200BF3844878CD983122542AB95320F2BC2398EAC6BBC4CC7E5C0A8784

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: file.exePID: 5724, Parent PID: 2580

General

Windows Analysis Report
file.exe

Function 005A18B6 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Function 00598DD9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Function 005992DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Function 0059BC39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Function 00597CB9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Function 04ED0D41 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63
COMMON

Function 04ED0D48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59
COMMON

Function 04ED1509 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56
serviceCOMMON

Function 04ED1510 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54
serviceCOMMON

Function 04ED1301 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50
COMMON

Function 04ED1308 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47
COMMON

Function 005993C8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Function 0059BE55 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON