Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532740
MD5:	fc4912bd840edb6289e5e387ca8fa299
SHA1:	cb67b24cb712a88985ca63ccf18d15cc135908ba
SHA256:	c1df7516de3589e7b784d1c92514eed70b346d5f3bb6097d2b02f21268bdfedb
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 2964 cmdline: "C:\Users\user\Desktop\file.exe" MD5: FC4912BD840EDB6289E5E387CA8FA299)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00984700 CryptVerifySignatureA,

0_2_00984700

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2106981900.0000000005160000.00000004.00001000.00020000.00000000.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085408D	0_2_0085408D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086809C	0_2_0086809C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6092	0_2_008D6092
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C0A3	0_2_0083C0A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009040BD	0_2_009040BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081A0BB	0_2_0081A0BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F803D	0_2_007F803D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A0CF	0_2_0090A0CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B40EE	0_2_008B40EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015	0_2_007F6015
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E20F5	0_2_008E20F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009080ED	0_2_009080ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C4009	0_2_008C4009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BE0EA	0_2_007BE0EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C2017	0_2_008C2017
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C041	0_2_0084C041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00836048	0_2_00836048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F20AE	0_2_007F20AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D	0_2_0089005D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C60AB	0_2_007C60AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E06B	0_2_0081E06B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083A079	0_2_0083A079
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EA085	0_2_007EA085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E07F	0_2_0084E07F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080E189	0_2_0080E189
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E6175	0_2_007E6175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828189	0_2_00828189
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DC16D	0_2_007DC16D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FA16C	0_2_007FA16C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00852199	0_2_00852199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00888196	0_2_00888196
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D2158	0_2_007D2158
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008501B4	0_2_008501B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008021C0	0_2_008021C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008841C2	0_2_008841C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B01C1	0_2_008B01C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081C1CF	0_2_0081C1CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DE1DD	0_2_008DE1DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008601D1	0_2_008601D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082C1E2	0_2_0082C1E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC1E1	0_2_008EC1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B6108	0_2_007B6108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A01FD	0_2_008A01FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E109	0_2_0086E109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00848116	0_2_00848116
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087E113	0_2_0087E113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8118	0_2_008F8118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092613D	0_2_0092613D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E613E	0_2_008E613E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C615C	0_2_008C615C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082615C	0_2_0082615C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091014E	0_2_0091014E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A816A	0_2_008A816A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082216E	0_2_0082216E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00886172	0_2_00886172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D8173	0_2_008D8173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088A28A	0_2_0088A28A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A6288	0_2_008A6288
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C427A	0_2_007C427A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C827A	0_2_007C827A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E0270	0_2_007E0270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009102B0	0_2_009102B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E42AD	0_2_008E42AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D6256	0_2_007D6256
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086A2C4	0_2_0086A2C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008622C5	0_2_008622C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085A2CD	0_2_0085A2CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082A2CB	0_2_0082A2CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EA2E4	0_2_008EA2E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C82E0	0_2_008C82E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008542EA	0_2_008542EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E2FC	0_2_0081E2FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DE2F4	0_2_007DE2F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082020B	0_2_0082020B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085C20F	0_2_0085C20F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FA222	0_2_008FA222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00866236	0_2_00866236
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00912222	0_2_00912222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089C23F	0_2_0089C23F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E22C7	0_2_007E22C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE2C1	0_2_007EE2C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F42B4	0_2_007F42B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080C24C	0_2_0080C24C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00842249	0_2_00842249
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BA258	0_2_008BA258
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083425B	0_2_0083425B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083025F	0_2_0083025F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00852267	0_2_00852267
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088C261	0_2_0088C261
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AE260	0_2_008AE260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA27F	0_2_008CA27F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AC272	0_2_008AC272
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081227C	0_2_0081227C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090E26F	0_2_0090E26F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C38B	0_2_0084C38B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BC398	0_2_008BC398
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E0399	0_2_008E0399
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009023D0	0_2_009023D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6330	0_2_007F6330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D23DC	0_2_008D23DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F0326	0_2_007F0326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BC31B	0_2_007BC31B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F63E7	0_2_008F63E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B63F0	0_2_008B63F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080A3FE	0_2_0080A3FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088030A	0_2_0088030A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F430C	0_2_008F430C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838319	0_2_00838319
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A2326	0_2_008A2326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E343	0_2_0083E343
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087A35C	0_2_0087A35C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FE39A	0_2_007FE39A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081037D	0_2_0081037D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00892489	0_2_00892489
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00824488	0_2_00824488
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4486	0_2_008D4486
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D0472	0_2_007D0472
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EC442	0_2_007EC442
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C2441	0_2_007C2441
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CC4B1	0_2_008CC4B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EC4B1	0_2_008EC4B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009044D6	0_2_009044D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E64D5	0_2_008E64D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089E4F8	0_2_0089E4F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008084FD	0_2_008084FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D44FC	0_2_007D44FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FA4FE	0_2_007FA4FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844400	0_2_00844400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00884405	0_2_00884405
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B64E8	0_2_007B64E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B442B	0_2_008B442B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085E421	0_2_0085E421
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B2433	0_2_008B2433
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00800445	0_2_00800445
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E44B9	0_2_007E44B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DA4B5	0_2_007DA4B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F84B0	0_2_007F84B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085445D	0_2_0085445D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A448	0_2_0090A448
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4456	0_2_008A4456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC453	0_2_008FC453
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00830463	0_2_00830463
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E463	0_2_0081E463
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E475	0_2_0086E475
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00814475	0_2_00814475
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C6483	0_2_007C6483
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082E580	0_2_0082E580
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CA57A	0_2_007CA57A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BC573	0_2_007BC573
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00834588	0_2_00834588
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00874597	0_2_00874597
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00818595	0_2_00818595
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E8566	0_2_007E8566
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008605A0	0_2_008605A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A05B2	0_2_008A05B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082A5BB	0_2_0082A5BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009065AF	0_2_009065AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008205C8	0_2_008205C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A65DB	0_2_008A65DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008785E6	0_2_008785E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009105FA	0_2_009105FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FC513	0_2_007FC513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088C5F3	0_2_0088C5F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086450C	0_2_0086450C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D65F7	0_2_007D65F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090251B	0_2_0090251B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6502	0_2_008D6502
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AA519	0_2_008AA519
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2515	0_2_008E2515
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908533	0_2_00908533
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00836525	0_2_00836525
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086C52F	0_2_0086C52F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8533	0_2_008F8533
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DC541	0_2_008DC541
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B655D	0_2_008B655D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00876565	0_2_00876565
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088057B	0_2_0088057B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00898572	0_2_00898572
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CE581	0_2_007CE581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822685	0_2_00822685
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00872689	0_2_00872689
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C6A0	0_2_0083C6A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B06A3	0_2_008B06A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008706AC	0_2_008706AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DA6A1	0_2_008DA6A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008846B7	0_2_008846B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082C6C3	0_2_0082C6C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009246D9	0_2_009246D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C0629	0_2_007C0629
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F861D	0_2_007F861D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008506EC	0_2_008506EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008046F1	0_2_008046F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E46F6	0_2_008E46F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090A6EA	0_2_0090A6EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828606	0_2_00828606
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BA603	0_2_008BA603
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D26EE	0_2_007D26EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00858625	0_2_00858625
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DE6DF	0_2_007DE6DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FA62C	0_2_008FA62C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EC6D4	0_2_007EC6D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E26CE	0_2_007E26CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00842635	0_2_00842635
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B863F	0_2_008B863F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F464E	0_2_008F464E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088864A	0_2_0088864A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090C656	0_2_0090C656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00830650	0_2_00830650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090E648	0_2_0090E648
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA653	0_2_008CA653
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085C672	0_2_0085C672
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BA685	0_2_007BA685
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D0673	0_2_008D0673
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084C785	0_2_0084C785
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FE772	0_2_007FE772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AC799	0_2_008AC799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086479D	0_2_0086479D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F87AF	0_2_008F87AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008127A0	0_2_008127A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F274B	0_2_007F274B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008927CD	0_2_008927CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086E7C2	0_2_0086E7C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C07CA	0_2_008C07CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A27DB	0_2_008A27DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FC7D4	0_2_008FC7D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A071D	0_2_008A071D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2713	0_2_008F2713
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089072B	0_2_0089072B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE7D9	0_2_007EE7D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CC7CB	0_2_007CC7CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AE736	0_2_008AE736
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C4733	0_2_008C4733
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00896749	0_2_00896749
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BA7B2	0_2_007BA7B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DE75E	0_2_008DE75E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844750	0_2_00844750
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BC7AD	0_2_007BC7AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00894750	0_2_00894750
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00856765	0_2_00856765
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EA768	0_2_008EA768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C8797	0_2_007C8797
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085A768	0_2_0085A768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C2785	0_2_007C2785
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4882	0_2_008A4882
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B2881	0_2_008B2881
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084688A	0_2_0084688A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00826894	0_2_00826894
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087C8AE	0_2_0087C8AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009048BB	0_2_009048BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DC8A1	0_2_008DC8A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B6856	0_2_007B6856
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081A8B4	0_2_0081A8B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008088BA	0_2_008088BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A68CB	0_2_008A68CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008388C9	0_2_008388C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D4833	0_2_007D4833
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D88C2	0_2_008D88C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D082C	0_2_007D082C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A88D2	0_2_008A88D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E88E5	0_2_008E88E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082E8F7	0_2_0082E8F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EE80F	0_2_008EE80F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E88F6	0_2_007E88F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FA8F7	0_2_007FA8F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080E80C	0_2_0080E80C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090083E	0_2_0090083E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087283D	0_2_0087283D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083E850	0_2_0083E850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088285D	0_2_0088285D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F289E	0_2_007F289E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089886B	0_2_0089886B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C689F	0_2_007C689F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E868	0_2_0084E868
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084E86A	0_2_0084E86A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EC88C	0_2_007EC88C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083698B	0_2_0083698B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084A988	0_2_0084A988
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8969	0_2_007B8969
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EE96C	0_2_007EE96C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009089BE	0_2_009089BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FC947	0_2_007FC947
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008789B9	0_2_008789B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081E9C3	0_2_0081E9C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CA92F	0_2_007CA92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008589D6	0_2_008589D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B69DE	0_2_008B69DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BC9D7	0_2_008BC9D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008609D9	0_2_008609D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008649D9	0_2_008649D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008429E7	0_2_008429E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CC9E8	0_2_008CC9E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008269EA	0_2_008269EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008629EE	0_2_008629EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B69E1	0_2_007B69E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083C91F	0_2_0083C91F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0A93D	0_2_00A0A93D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085291B	0_2_0085291B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C29DB	0_2_007C29DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00802927	0_2_00802927
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E09C0	0_2_007E09C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080C943	0_2_0080C943
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082A94B	0_2_0082A94B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083094E	0_2_0083094E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089295B	0_2_0089295B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F49A4	0_2_007F49A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CA96D	0_2_008CA96D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089A96D	0_2_0089A96D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00876962	0_2_00876962
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00832971	0_2_00832971
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088097E	0_2_0088097E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E2A64	0_2_007E2A64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DEA60	0_2_007DEA60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00814AC6	0_2_00814AC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090EAC0	0_2_0090EAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00806AE0	0_2_00806AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D6A0B	0_2_007D6A0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00844AF2	0_2_00844AF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DAA05	0_2_007DAA05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00816A0C	0_2_00816A0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00846A0B	0_2_00846A0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00866A17	0_2_00866A17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00888A1C	0_2_00888A1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00854A12	0_2_00854A12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00804A1C	0_2_00804A1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B0A17	0_2_008B0A17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00824A24	0_2_00824A24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BAA38	0_2_008BAA38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6A9E	0_2_007F6A9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00820A6F	0_2_00820A6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822A71	0_2_00822A71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BEA7E	0_2_008BEA7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B8B8A	0_2_008B8B8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D2B6F	0_2_007D2B6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00802B9D	0_2_00802B9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FCBA3	0_2_008FCBA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F8BCB	0_2_008F8BCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085ABE0	0_2_0085ABE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00884BE4	0_2_00884BE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FEB01	0_2_008FEB01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086CB16	0_2_0086CB16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D4BE9	0_2_007D4BE9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2B1B	0_2_008E2B1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EABD7	0_2_007EABD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C6BD3	0_2_007C6BD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090AB3F	0_2_0090AB3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CCBC7	0_2_007CCBC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00870B46	0_2_00870B46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838B4F	0_2_00838B4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4B5E	0_2_008D4B5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DAB5E	0_2_008DAB5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F8B9E	0_2_007F8B9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084EB68	0_2_0084EB68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088AB7D	0_2_0088AB7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00904B68	0_2_00904B68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BEB80	0_2_007BEB80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D8B86	0_2_007D8B86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0091AB6D	0_2_0091AB6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00882C98	0_2_00882C98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00894C9D	0_2_00894C9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CAC65	0_2_007CAC65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D4CAE	0_2_008D4CAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F0C4C	0_2_007F0C4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00824CB6	0_2_00824CB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00922CA7	0_2_00922CA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0087ACBE	0_2_0087ACBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00900CD0	0_2_00900CD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00848CCD	0_2_00848CCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C8C31	0_2_007C8C31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E4C2F	0_2_007E4C2F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088CCD9	0_2_0088CCD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00832CDC	0_2_00832CDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F6CD0	0_2_008F6CD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8C1B	0_2_007B8C1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00918CF3	0_2_00918CF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00830CE0	0_2_00830CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081ACF6	0_2_0081ACF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00822C00	0_2_00822C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083EC07	0_2_0083EC07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00816C10	0_2_00816C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00896C12	0_2_00896C12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C6C3C	0_2_008C6C3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00812C40	0_2_00812C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CCC48	0_2_008CCC48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080AC4F	0_2_0080AC4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00840C52	0_2_00840C52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084CC52	0_2_0084CC52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086AC51	0_2_0086AC51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B4C54	0_2_008B4C54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A8C61	0_2_008A8C61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E4C75	0_2_008E4C75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089CC77	0_2_0089CC77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00906D9D	0_2_00906D9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007FAD69	0_2_007FAD69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089ADA2	0_2_0089ADA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908DBD	0_2_00908DBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00892DA7	0_2_00892DA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A2DA4	0_2_008A2DA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00852DBC	0_2_00852DBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BCDC1	0_2_008BCDC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BEDC0	0_2_008BEDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00896DF8	0_2_00896DF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00886DFC	0_2_00886DFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080CDF7	0_2_0080CDF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DEDF0	0_2_008DEDF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00874D03	0_2_00874D03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D6DE2	0_2_007D6DE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F4DDB	0_2_007F4DDB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BCDDD	0_2_007BCDDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D0DA9	0_2_007D0DA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00828D54	0_2_00828D54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CAD51	0_2_008CAD51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0088ED6F	0_2_0088ED6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00868D6C	0_2_00868D6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E8D91	0_2_007E8D91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00878D73	0_2_00878D73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F4D75	0_2_008F4D75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00858E8B	0_2_00858E8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00866E94	0_2_00866E94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0090CE89	0_2_0090CE89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FEE95	0_2_008FEE95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00848EAB	0_2_00848EAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0081EEB6	0_2_0081EEB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CAEC9	0_2_008CAEC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00806ECB	0_2_00806ECB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008DAEC3	0_2_008DAEC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00800EFC	0_2_00800EFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C0EF9	0_2_007C0EF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D6E02	0_2_008D6E02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AAE18	0_2_008AAE18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00854E18	0_2_00854E18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00838E25	0_2_00838E25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4E27	0_2_008A4E27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082AE32	0_2_0082AE32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E8E3E	0_2_008E8E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085EE46	0_2_0085EE46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F2E5F	0_2_008F2E5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B6E99	0_2_007B6E99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008CEE6F	0_2_008CEE6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0086EE60	0_2_0086EE60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E4F75	0_2_007E4F75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00860F89	0_2_00860F89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00840F93	0_2_00840F93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00904F8B	0_2_00904F8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0084EFA2	0_2_0084EFA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00908FAE	0_2_00908FAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0080AFCF	0_2_0080AFCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0082CFD3	0_2_0082CFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A8FDD	0_2_008A8FDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FCFD2	0_2_008FCFD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007D4F19	0_2_007D4F19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C2F0D	0_2_007C2F0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FEFF2	0_2_008FEFF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E2FF1	0_2_008E2FF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00856F01	0_2_00856F01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00842F0B	0_2_00842F0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BAFEA	0_2_007BAFEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EEF1D	0_2_008EEF1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00876F10	0_2_00876F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089CF11	0_2_0089CF11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C4F15	0_2_008C4F15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C4FDC	0_2_007C4FDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00864F27	0_2_00864F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B8FD6	0_2_007B8FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00814F31	0_2_00814F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BCF37	0_2_008BCF37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007CCFAD	0_2_007CCFAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C0F5A	0_2_008C0F5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008FAF51	0_2_008FAF51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007C9074	0_2_007C9074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00819096	0_2_00819096
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007BD053	0_2_007BD053
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E70B8	0_2_008E70B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F90B1	0_2_008F90B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008130C3	0_2_008130C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008830CB	0_2_008830CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EB01E	0_2_007EB01E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008E500D	0_2_008E500D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0085B011	0_2_0085B011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D904D	0_2_008D904D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E50BB	0_2_007E50BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B9043	0_2_008B9043
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008D3045	0_2_008D3045
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0083F054	0_2_0083F054
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008F7057	0_2_008F7057
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00893050	0_2_00893050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008EB050	0_2_008EB050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A106B	0_2_008A106B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007E309D	0_2_007E309D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007ED09A	0_2_007ED09A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A706D	0_2_008A706D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007DF172	0_2_007DF172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008C319C	0_2_008C319C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F916D	0_2_007F916D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A3194	0_2_008A3194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089F1AC	0_2_0089F1AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007EB14E	0_2_007EB14E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008711B7	0_2_008711B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008251B4	0_2_008251B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008451C3	0_2_008451C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008BF1C3	0_2_008BF1C3

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 0097F6F5 appears 35 times

Source: file.exe, 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2240350811.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: ontajrjf ZLIB complexity 0.9950039586438152

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 1742848 > 1048576

Source: file.exe

Static PE information: Raw size of ontajrjf is bigger than: 0x100000 < 0x1a3600

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.7a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ontajrjf:EW;budoaocz:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1ad89a should be: 0x1b58b7

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ontajrjf
Source: file.exe	Static PE information: section name: budoaocz
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC06C push 749B1D27h; mov dword ptr [esp], ecx	0_2_007AC0A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC06C push 7B7796A1h; mov dword ptr [esp], ebx	0_2_007AC79F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A0D1 push edx; mov dword ptr [esp], 193C9507h	0_2_0092A0D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC03C push edi; mov dword ptr [esp], eax	0_2_007AC4A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC020 push eax; mov dword ptr [esp], 2DD116B9h	0_2_007AC129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007AC020 push ecx; mov dword ptr [esp], edx	0_2_007AC609
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0092A0FA push 638B3692h; mov dword ptr [esp], edx	0_2_0092A110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push edx; mov dword ptr [esp], ebx	0_2_007F631C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push edi; mov dword ptr [esp], esi	0_2_007F6352
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push 4DE65703h; mov dword ptr [esp], ebp	0_2_007F63A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push eax; mov dword ptr [esp], ebx	0_2_007F6476
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push ebp; mov dword ptr [esp], edi	0_2_007F649C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push ecx; mov dword ptr [esp], 628F8170h	0_2_007F64A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007F6015 push eax; mov dword ptr [esp], edi	0_2_007F64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007B200D push ecx; mov dword ptr [esp], esi	0_2_007B327F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00954019 push edi; mov dword ptr [esp], ebp	0_2_00954030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00954019 push ebp; mov dword ptr [esp], esp	0_2_00954034
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E2010 push ecx; mov dword ptr [esp], edx	0_2_009E231A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push 54BE78F5h; mov dword ptr [esp], eax	0_2_008903DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push ebx; mov dword ptr [esp], edx	0_2_0089041D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push 7967E4EFh; mov dword ptr [esp], ecx	0_2_008904F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push esi; mov dword ptr [esp], 534CCED9h	0_2_008904FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push eax; mov dword ptr [esp], ebp	0_2_0089052B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push eax; mov dword ptr [esp], edx	0_2_00890570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push 7F1AD491h; mov dword ptr [esp], eax	0_2_008905B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push 33607BB1h; mov dword ptr [esp], ecx	0_2_008905FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push ebx; mov dword ptr [esp], edx	0_2_00890636
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push ebp; mov dword ptr [esp], edi	0_2_0089068B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089005D push ecx; mov dword ptr [esp], edi	0_2_008906A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099E045 push ebp; mov dword ptr [esp], eax	0_2_0099E052
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099E045 push eax; mov dword ptr [esp], 69739E80h	0_2_0099E05C

Source: file.exe	Static PE information: section name: entropy: 7.790554993050825
Source: file.exe	Static PE information: section name: ontajrjf entropy: 7.953007139478122

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AE0A2 second address: 7AE0AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA4392209E6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AE0AD second address: 7AD8C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B23Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnl 00007FA438C9B23Ch 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 nop 0x00000017 stc 0x00000018 clc 0x00000019 push dword ptr [ebp+122D01E9h] 0x0000001f sub dword ptr [ebp+122D192Eh], edx 0x00000025 add dword ptr [ebp+122D192Eh], edx 0x0000002b call dword ptr [ebp+122D2A1Ah] 0x00000031 pushad 0x00000032 sub dword ptr [ebp+122D1965h], edi 0x00000038 je 00007FA438C9B242h 0x0000003e jno 00007FA438C9B23Ch 0x00000044 xor eax, eax 0x00000046 mov dword ptr [ebp+122D1965h], edx 0x0000004c stc 0x0000004d mov edx, dword ptr [esp+28h] 0x00000051 xor dword ptr [ebp+122D1965h], edx 0x00000057 mov dword ptr [ebp+122D352Bh], eax 0x0000005d mov dword ptr [ebp+122D1965h], edi 0x00000063 mov esi, 0000003Ch 0x00000068 jmp 00007FA438C9B249h 0x0000006d or dword ptr [ebp+122D2A57h], esi 0x00000073 add esi, dword ptr [esp+24h] 0x00000077 mov dword ptr [ebp+122D1965h], edi 0x0000007d lodsw 0x0000007f stc 0x00000080 add eax, dword ptr [esp+24h] 0x00000084 sub dword ptr [ebp+122D1B33h], ecx 0x0000008a sub dword ptr [ebp+122D1910h], esi 0x00000090 mov ebx, dword ptr [esp+24h] 0x00000094 sub dword ptr [ebp+122D2A57h], edx 0x0000009a nop 0x0000009b pushad 0x0000009c push eax 0x0000009d push edx 0x0000009e pushad 0x0000009f popad 0x000000a0 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD8C1 second address: 7AD8CB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD8CB second address: 7AD8F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FA438C9B24Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D774 second address: 92D778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D778 second address: 92D78D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B241h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D78D second address: 92D79F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FA4392209E6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D79F second address: 92D7B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FA438C9B241h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D7B6 second address: 92D7BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D7BC second address: 92D7C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 920CA4 second address: 920CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA4392209EEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 920CB7 second address: 920CDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FA438C9B236h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jno 00007FA438C9B242h 0x00000017 pushad 0x00000018 push eax 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CA8C second address: 92CAA0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA4392209EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CAA0 second address: 92CAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA438C9B245h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CC23 second address: 92CC27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92CC27 second address: 92CC58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B245h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e jne 00007FA438C9B236h 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA438C9B23Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D084 second address: 92D088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92D088 second address: 92D098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a ja 00007FA438C9B236h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92FE54 second address: 92FEC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA4392209F8h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FA4392209E8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a mov esi, dword ptr [ebp+122D3593h] 0x00000030 push 00000000h 0x00000032 jnc 00007FA4392209E8h 0x00000038 push 007E7773h 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FA4392209F0h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93006A second address: 93009C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jg 00007FA438C9B236h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push edi 0x00000012 jl 00007FA438C9B236h 0x00000018 pop edi 0x00000019 pop edx 0x0000001a mov eax, dword ptr [eax] 0x0000001c jmp 00007FA438C9B23Ch 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a pop eax 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93009C second address: 93015B instructions: 0x00000000 rdtsc 0x00000002 je 00007FA4392209F8h 0x00000008 jmp 00007FA4392209F2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FA4392209E8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a xor dword ptr [ebp+122D1A2Fh], esi 0x00000030 push 00000003h 0x00000032 push 00000000h 0x00000034 push edx 0x00000035 call 00007FA4392209E8h 0x0000003a pop edx 0x0000003b mov dword ptr [esp+04h], edx 0x0000003f add dword ptr [esp+04h], 00000016h 0x00000047 inc edx 0x00000048 push edx 0x00000049 ret 0x0000004a pop edx 0x0000004b ret 0x0000004c push 00000000h 0x0000004e push 00000003h 0x00000050 call 00007FA4392209E9h 0x00000055 jnl 00007FA4392209F2h 0x0000005b push eax 0x0000005c jl 00007FA4392209F4h 0x00000062 jmp 00007FA4392209EEh 0x00000067 mov eax, dword ptr [esp+04h] 0x0000006b jmp 00007FA4392209EEh 0x00000070 mov eax, dword ptr [eax] 0x00000072 jmp 00007FA4392209EEh 0x00000077 mov dword ptr [esp+04h], eax 0x0000007b push eax 0x0000007c push edx 0x0000007d push eax 0x0000007e push edx 0x0000007f push edi 0x00000080 pop edi 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93015B second address: 930165 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9301F4 second address: 93025B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FA4392209F4h 0x00000011 mov ecx, 275D9DAAh 0x00000016 push 00000000h 0x00000018 jmp 00007FA4392209EDh 0x0000001d pushad 0x0000001e jne 00007FA4392209E6h 0x00000024 mov ax, bx 0x00000027 popad 0x00000028 push 7B973D73h 0x0000002d push esi 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FA4392209EEh 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93025B second address: 9302B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 xor dword ptr [esp], 7B973DF3h 0x0000000e pushad 0x0000000f mov dword ptr [ebp+12455CEBh], eax 0x00000015 mov dword ptr [ebp+122D17E8h], ebx 0x0000001b popad 0x0000001c push 00000003h 0x0000001e mov dword ptr [ebp+122D1A2Fh], ebx 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007FA438C9B238h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 00000017h 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 or dword ptr [ebp+122D186Fh], esi 0x00000046 clc 0x00000047 push 00000003h 0x00000049 mov cx, 70B7h 0x0000004d push 77D5FE2Dh 0x00000052 push ecx 0x00000053 pushad 0x00000054 pushad 0x00000055 popad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9302B8 second address: 93031B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 add dword ptr [esp], 482A01D3h 0x0000000d sub dword ptr [ebp+122D186Fh], ebx 0x00000013 jno 00007FA4392209F7h 0x00000019 lea ebx, dword ptr [ebp+12455D3Fh] 0x0000001f sub dword ptr [ebp+122D2BD9h], eax 0x00000025 mov esi, dword ptr [ebp+122D36F3h] 0x0000002b xchg eax, ebx 0x0000002c push esi 0x0000002d jmp 00007FA4392209F0h 0x00000032 pop esi 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FA4392209F1h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 925C83 second address: 925C9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B244h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D88C second address: 94D890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D890 second address: 94D8CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B246h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA438C9B23Dh 0x00000010 jmp 00007FA438C9B245h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D8CE second address: 94D8E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA4392209EDh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94D8E1 second address: 94D8E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94DC9E second address: 94DCB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4392209F3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94DCB5 second address: 94DCBF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA438C9B236h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E11E second address: 94E143 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F8h 0x00000007 pushad 0x00000008 jbe 00007FA4392209E6h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E2CD second address: 94E2D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E2D7 second address: 94E2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jne 00007FA4392209E6h 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E2E4 second address: 94E2E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E489 second address: 94E493 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E493 second address: 94E4A1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jne 00007FA438C9B236h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E4A1 second address: 94E4A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E5CA second address: 94E5E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007FA438C9B236h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FA438C9B238h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E8F7 second address: 94E8FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94E8FC second address: 94E90C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 pop edi 0x00000007 push edx 0x00000008 pop edx 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94EA93 second address: 94EA97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94EA97 second address: 94EAA3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA438C9B236h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94EAA3 second address: 94EAA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91D7AE second address: 91D7B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94EC03 second address: 94EC1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA4392209F3h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94F24A second address: 94F24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94F24E second address: 94F258 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA4392209E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94F57D second address: 94F583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94F583 second address: 94F589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924202 second address: 924217 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FA438C9B238h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924217 second address: 92421D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92421D second address: 924221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F24D second address: 91F253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F253 second address: 91F257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91F257 second address: 91F25B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 958609 second address: 95860E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 958750 second address: 958770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA4392209F5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 958770 second address: 9587B0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007FA438C9B236h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007FA438C9B248h 0x00000015 mov eax, dword ptr [eax] 0x00000017 jmp 00007FA438C9B23Dh 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9587B0 second address: 9587B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95752A second address: 95752E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9227B6 second address: 9227D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 922797 second address: 9227B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA438C9B244h 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95D003 second address: 95D04C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA4392209F5h 0x0000000a jg 00007FA4392209EAh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007FA4392209ECh 0x00000019 jne 00007FA4392209E6h 0x0000001f jmp 00007FA4392209F6h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95D04C second address: 95D056 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA438C9B23Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95D182 second address: 95D188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95D188 second address: 95D1A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA438C9B242h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95D1A0 second address: 95D1A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96095D second address: 96096B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96096B second address: 96096F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96096F second address: 960973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9609A9 second address: 9609B3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9609B3 second address: 9609D5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA438C9B238h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 jmp 00007FA438C9B241h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9609D5 second address: 960A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA4392209F3h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA4392209F2h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960A08 second address: 960A4C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FA438C9B248h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007FA438C9B23Eh 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FA438C9B240h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960A4C second address: 960A52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960A52 second address: 960A78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 jl 00007FA438C9B23Eh 0x0000000f jnl 00007FA438C9B238h 0x00000015 call 00007FA438C9B239h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960A78 second address: 960A7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960A7E second address: 960AAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA438C9B247h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push edi 0x00000010 jmp 00007FA438C9B23Bh 0x00000015 pop edi 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960AAF second address: 960ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960ABF second address: 960AC9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960AC9 second address: 960ACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960ACF second address: 960AE3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960AE3 second address: 960AF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4392209F0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960F4B second address: 960F5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B23Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960F5C second address: 960F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96113D second address: 961143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 961143 second address: 961147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96161E second address: 961624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 961624 second address: 961629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 961629 second address: 961630 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 961630 second address: 96163C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963E3F second address: 963E52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA438C9B23Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963545 second address: 963549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963549 second address: 96354D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964918 second address: 96491C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 964677 second address: 96467B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96491C second address: 96492C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FA4392209E6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96467B second address: 964681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96492C second address: 96493A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FA4392209E6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96493A second address: 9649AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007FA438C9B238h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov esi, dword ptr [ebp+122D30D6h] 0x00000028 movsx edi, di 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007FA438C9B238h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 00000018h 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 je 00007FA438C9B238h 0x0000004d mov esi, ecx 0x0000004f push 00000000h 0x00000051 mov edi, dword ptr [ebp+122D377Bh] 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jns 00007FA438C9B236h 0x00000061 jns 00007FA438C9B236h 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9649AB second address: 9649B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9649B1 second address: 9649B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9653F0 second address: 9653FA instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 965EFB second address: 965F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 965C39 second address: 965C63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FA4392209E6h 0x00000009 jmp 00007FA4392209F4h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007FA4392209E6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 966AB0 second address: 966B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov dword ptr [ebp+122D2C1Dh], ecx 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FA438C9B238h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push 00000000h 0x0000002a movzx esi, dx 0x0000002d xchg eax, ebx 0x0000002e jmp 00007FA438C9B245h 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 push edi 0x00000038 pop edi 0x00000039 pushad 0x0000003a popad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96AE3E second address: 96AE59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96AE59 second address: 96AE5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96AE5D second address: 96AEB5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 or dword ptr [ebp+122D2400h], ebx 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122D3238h], esi 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FA4392209E8h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 call 00007FA4392209F7h 0x00000037 mov ebx, 060FF57Dh 0x0000003c pop edi 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 push ebx 0x00000041 push ebx 0x00000042 pop ebx 0x00000043 pop ebx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96CE2D second address: 96CE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA438C9B236h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push ecx 0x0000000e push esi 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop esi 0x00000012 pop ecx 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007FA438C9B238h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e push 00000000h 0x00000030 sub dword ptr [ebp+122D2F00h], edx 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007FA438C9B238h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000014h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 xor edi, dword ptr [ebp+122D34E7h] 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push edx 0x0000005c pushad 0x0000005d popad 0x0000005e pop edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96DF5D second address: 96DF70 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FA4392209E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96DF70 second address: 96DF76 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96A0C2 second address: 96A0CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FA4392209E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D070 second address: 96D075 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D13A second address: 96D140 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D140 second address: 96D144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96F12A second address: 96F130 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96F130 second address: 96F198 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007FA438C9B241h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007FA438C9B238h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e xor edi, dword ptr [ebp+122D35F3h] 0x00000034 push 00000000h 0x00000036 mov ebx, dword ptr [ebp+122D1C1Bh] 0x0000003c or dword ptr [ebp+124640C7h], ecx 0x00000042 xchg eax, esi 0x00000043 jmp 00007FA438C9B23Eh 0x00000048 push eax 0x00000049 push eax 0x0000004a pushad 0x0000004b push esi 0x0000004c pop esi 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E0E1 second address: 96E0FD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FA4392209ECh 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96E195 second address: 96E1A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FA438C9B238h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970083 second address: 97008A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96F33D second address: 96F373 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FA438C9B249h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA438C9B244h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97100B second address: 9710CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FA4392209ECh 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 sub edi, 76F6EDA2h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007FA4392209E8h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 or dword ptr [ebp+122D1924h], ecx 0x0000003b push ebx 0x0000003c jne 00007FA4392209F9h 0x00000042 pop ebx 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ecx 0x00000048 call 00007FA4392209E8h 0x0000004d pop ecx 0x0000004e mov dword ptr [esp+04h], ecx 0x00000052 add dword ptr [esp+04h], 00000018h 0x0000005a inc ecx 0x0000005b push ecx 0x0000005c ret 0x0000005d pop ecx 0x0000005e ret 0x0000005f mov di, bx 0x00000062 jmp 00007FA4392209F6h 0x00000067 sub dword ptr [ebp+122D2DABh], ecx 0x0000006d xchg eax, esi 0x0000006e jo 00007FA4392209EEh 0x00000074 jnc 00007FA4392209E8h 0x0000007a push eax 0x0000007b push eax 0x0000007c push edx 0x0000007d jo 00007FA4392209E8h 0x00000083 pushad 0x00000084 popad 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970228 second address: 97022C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 97022C second address: 970232 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970232 second address: 970238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 973F20 second address: 973F25 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 973F25 second address: 973F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 972314 second address: 972318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 972318 second address: 97232A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007FA438C9B238h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 973169 second address: 973184 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA4392209ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FA4392209E8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9751EF second address: 9751F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9751F3 second address: 9751FD instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913880 second address: 913884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913884 second address: 91388C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91388C second address: 9138B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B23Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007FA438C9B238h 0x00000010 jo 00007FA438C9B242h 0x00000016 jns 00007FA438C9B236h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 989DEC second address: 989DFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 989DFB second address: 989E02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 989E02 second address: 989E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98A0C6 second address: 98A0D7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99155E second address: 991562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992E39 second address: 992E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992E3D second address: 992E41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992E41 second address: 992E54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jc 00007FA438C9B236h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992E54 second address: 992E6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push ecx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992E6A second address: 992E98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push ecx 0x00000009 jnl 00007FA438C9B238h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA438C9B245h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992E98 second address: 992EB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992F4D second address: 992F6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA438C9B248h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992F6A second address: 992F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FA4392209F6h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 js 00007FA4392209E8h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c js 00007FA4392209E6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992F9D second address: 992FD0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA438C9B248h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jns 00007FA438C9B23Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992FD0 second address: 992FD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992FD6 second address: 992FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99312A second address: 993162 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA4392209F7h 0x00000008 jmp 00007FA4392209F1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 pushad 0x00000015 jnc 00007FA4392209E6h 0x0000001b jmp 00007FA4392209EDh 0x00000020 popad 0x00000021 push ecx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 993162 second address: 7AD8C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pop eax 0x00000007 cld 0x00000008 push dword ptr [ebp+122D01E9h] 0x0000000e jmp 00007FA438C9B244h 0x00000013 call dword ptr [ebp+122D2A1Ah] 0x00000019 pushad 0x0000001a sub dword ptr [ebp+122D1965h], edi 0x00000020 je 00007FA438C9B242h 0x00000026 jno 00007FA438C9B23Ch 0x0000002c xor eax, eax 0x0000002e mov dword ptr [ebp+122D1965h], edx 0x00000034 stc 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 xor dword ptr [ebp+122D1965h], edx 0x0000003f mov dword ptr [ebp+122D352Bh], eax 0x00000045 mov dword ptr [ebp+122D1965h], edi 0x0000004b mov esi, 0000003Ch 0x00000050 jmp 00007FA438C9B249h 0x00000055 or dword ptr [ebp+122D2A57h], esi 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f mov dword ptr [ebp+122D1965h], edi 0x00000065 lodsw 0x00000067 stc 0x00000068 add eax, dword ptr [esp+24h] 0x0000006c sub dword ptr [ebp+122D1B33h], ecx 0x00000072 sub dword ptr [ebp+122D1910h], esi 0x00000078 mov ebx, dword ptr [esp+24h] 0x0000007c sub dword ptr [ebp+122D2A57h], edx 0x00000082 nop 0x00000083 pushad 0x00000084 push eax 0x00000085 push edx 0x00000086 pushad 0x00000087 popad 0x00000088 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 996EB9 second address: 996EBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9973F4 second address: 997406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jne 00007FA438C9B236h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99756F second address: 99758C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA4392209EDh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9976AF second address: 9976B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9976B5 second address: 9976C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9976C3 second address: 9976C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9976C7 second address: 9976CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9976CB second address: 9976D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9976D1 second address: 9976F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push esi 0x00000006 pop esi 0x00000007 jnc 00007FA4392209E6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 ja 00007FA4392209E8h 0x00000016 pushad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d push eax 0x0000001e pop eax 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9976F1 second address: 9976FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA438C9B236h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 997971 second address: 997977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 997977 second address: 997994 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA438C9B238h 0x00000008 jnl 00007FA438C9B238h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007FA438C9B236h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 997AFE second address: 997B39 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA4392209E6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jnl 00007FA4392209E6h 0x00000013 pop esi 0x00000014 jne 00007FA4392209E8h 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c popad 0x0000001d push ebx 0x0000001e jmp 00007FA4392209F8h 0x00000023 pushad 0x00000024 push eax 0x00000025 pop eax 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 997B39 second address: 997B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 997E1C second address: 997E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99D874 second address: 99D88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA438C9B23Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99D88E second address: 99D892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99D892 second address: 99D89E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA438C9B236h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C336 second address: 99C348 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FA4392209E6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C348 second address: 99C34E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C34E second address: 99C358 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA4392209ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C4F3 second address: 99C51A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007FA438C9B249h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C51A second address: 99C520 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C661 second address: 99C667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C7B7 second address: 99C7E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007FA4392209F7h 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C7E1 second address: 99C7E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C942 second address: 99C964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA4392209F7h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99C964 second address: 99C968 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CAAE second address: 99CABA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CABA second address: 99CAC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA438C9B236h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CAC4 second address: 99CADD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F3h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CADD second address: 99CAE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CC15 second address: 99CC3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c pushad 0x0000000d pushad 0x0000000e jp 00007FA4392209E6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CC3D second address: 99CC5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA438C9B23Ch 0x00000009 popad 0x0000000a pushad 0x0000000b jo 00007FA438C9B236h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CDF0 second address: 99CDF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CDF4 second address: 99CDF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CDF8 second address: 99CDFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CF43 second address: 99CF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA438C9B236h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99CF4D second address: 99CF66 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA4392209FBh 0x00000008 jmp 00007FA4392209EFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99D232 second address: 99D23A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99D23A second address: 99D24D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007FA4392209E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 99BEA5 second address: 99BEC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA438C9B236h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007FA438C9B236h 0x00000015 jnc 00007FA438C9B236h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A8C91 second address: 9A8C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A7A74 second address: 9A7A8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FA438C9B236h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 jg 00007FA438C9B236h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9ACC5C second address: 9ACC62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9ACC62 second address: 9ACC8D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA438C9B249h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FA438C9B236h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9ACC8D second address: 9ACC93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95DCAA second address: 95DCB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95DCB0 second address: 95DCB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E210 second address: 95E229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA438C9B245h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E229 second address: 95E24F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007FA4392209E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E24F second address: 95E255 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E255 second address: 7AD8C1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA4392209FBh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b or dword ptr [ebp+122D2C21h], edi 0x00000011 push dword ptr [ebp+122D01E9h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FA4392209E8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Dh 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 call dword ptr [ebp+122D2A1Ah] 0x00000037 pushad 0x00000038 sub dword ptr [ebp+122D1965h], edi 0x0000003e je 00007FA4392209F2h 0x00000044 jno 00007FA4392209ECh 0x0000004a xor eax, eax 0x0000004c mov dword ptr [ebp+122D1965h], edx 0x00000052 stc 0x00000053 mov edx, dword ptr [esp+28h] 0x00000057 xor dword ptr [ebp+122D1965h], edx 0x0000005d mov dword ptr [ebp+122D352Bh], eax 0x00000063 mov dword ptr [ebp+122D1965h], edi 0x00000069 mov esi, 0000003Ch 0x0000006e jmp 00007FA4392209F9h 0x00000073 or dword ptr [ebp+122D2A57h], esi 0x00000079 add esi, dword ptr [esp+24h] 0x0000007d mov dword ptr [ebp+122D1965h], edi 0x00000083 lodsw 0x00000085 stc 0x00000086 add eax, dword ptr [esp+24h] 0x0000008a sub dword ptr [ebp+122D1B33h], ecx 0x00000090 sub dword ptr [ebp+122D1910h], esi 0x00000096 mov ebx, dword ptr [esp+24h] 0x0000009a sub dword ptr [ebp+122D2A57h], edx 0x000000a0 nop 0x000000a1 pushad 0x000000a2 push eax 0x000000a3 push edx 0x000000a4 pushad 0x000000a5 popad 0x000000a6 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E4DB second address: 95E4DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E86E second address: 95E8E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d ja 00007FA4392209ECh 0x00000013 push 00000004h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007FA4392209E8h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f call 00007FA4392209EAh 0x00000034 mov dword ptr [ebp+122D1965h], ebx 0x0000003a pop edx 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f jmp 00007FA4392209F0h 0x00000044 pushad 0x00000045 popad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E8E0 second address: 95E8E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95E8E6 second address: 95E8EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95EE72 second address: 95EE7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA438C9B236h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AD24E second address: 9AD254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AD254 second address: 9AD258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AD258 second address: 9AD290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F5h 0x00000007 js 00007FA4392209E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FA4392209F6h 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AD290 second address: 9AD2B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007FA438C9B249h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AD804 second address: 9AD822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA4392209EEh 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push esi 0x0000000d jne 00007FA4392209E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9AD822 second address: 9AD836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 je 00007FA438C9B236h 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B0AB2 second address: 9B0AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B35CB second address: 9B35D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B384B second address: 9B384F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B384F second address: 9B3861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA438C9B23Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B3A03 second address: 9B3A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BA1CB second address: 9BA1F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007FA438C9B253h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B8C80 second address: 9B8C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 js 00007FA4392209E6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B8C8E second address: 9B8CAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA438C9B249h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B8CAD second address: 9B8CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B8CB2 second address: 9B8CB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9B8CB9 second address: 9B8CBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95EA93 second address: 95EB1C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FA438C9B238h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D17EDh] 0x0000002a mov ebx, dword ptr [ebp+12483A8Dh] 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007FA438C9B238h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000016h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a mov ecx, dword ptr [ebp+122D37D3h] 0x00000050 add eax, ebx 0x00000052 push 00000000h 0x00000054 push ecx 0x00000055 call 00007FA438C9B238h 0x0000005a pop ecx 0x0000005b mov dword ptr [esp+04h], ecx 0x0000005f add dword ptr [esp+04h], 00000015h 0x00000067 inc ecx 0x00000068 push ecx 0x00000069 ret 0x0000006a pop ecx 0x0000006b ret 0x0000006c nop 0x0000006d push eax 0x0000006e push edx 0x0000006f jns 00007FA438C9B23Ch 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95EB1C second address: 95EB39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BDC2B second address: 9BDC34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BDC34 second address: 9BDC3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA4392209E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BD66B second address: 9BD693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 jnl 00007FA438C9B251h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BD693 second address: 9BD6A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BD6A2 second address: 9BD6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FA438C9B238h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C11B4 second address: 9C11BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C11BA second address: 9C11BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C8890 second address: 9C88A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jg 00007FA4392209EEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C88A3 second address: 9C88AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C6BF5 second address: 9C6C10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4392209F5h 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C6E9D second address: 9C6EE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FA438C9B248h 0x0000000d jng 00007FA438C9B242h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA438C9B244h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C7A71 second address: 9C7A98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FA4392209E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA4392209F8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C85E4 second address: 9C85EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D1708 second address: 9D170D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D07CE second address: 9D07D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D07D2 second address: 9D080E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FA4392209F4h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FA4392209F9h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D080E second address: 9D0816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D09AE second address: 9D09C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA4392209F1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D09C5 second address: 9D0A0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA438C9B245h 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007FA438C9B244h 0x00000015 jmp 00007FA438C9B245h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D0A0F second address: 9D0A2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F3h 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FA4392209E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D0E40 second address: 9D0E46 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D9BAE second address: 9D9BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D9BB7 second address: 9D9BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D9BBD second address: 9D9BD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D838C second address: 9D8392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D8392 second address: 9D839A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D839A second address: 9D83A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FA438C9B236h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D8583 second address: 9D858F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FA4392209E6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D858F second address: 9D8593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D9A2E second address: 9D9A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DE8B7 second address: 9DE8BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DE8BD second address: 9DE8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007FA4392209EAh 0x0000000d push eax 0x0000000e pop eax 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9DE8CE second address: 9DE8E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA438C9B247h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1676 second address: 9E1680 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EFDBA second address: 9EFDF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a jmp 00007FA438C9B246h 0x0000000f jmp 00007FA438C9B246h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EFDF1 second address: 9EFE15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209EFh 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007FA4392209EEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2B2F second address: 9F2B4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B23Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a js 00007FA438C9B25Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2B4B second address: 9F2B4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F2568 second address: 9F256D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F256D second address: 9F2573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F26E1 second address: 9F26F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F5DB0 second address: 9F5DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnc 00007FA4392209E6h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F5DC0 second address: 9F5DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F5DC5 second address: 9F5DCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F5F3B second address: 9F5F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA438C9B245h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F5F5B second address: 9F5F5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0418D second address: A04195 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A04195 second address: A0419F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA4392209EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A08DF5 second address: A08E10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA438C9B243h 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A08FA5 second address: A08FAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A09126 second address: A09130 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA438C9B236h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A09130 second address: A09153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA4392209F3h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f jnl 00007FA4392209E6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A09415 second address: A09419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A09419 second address: A0941D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0941D second address: A09450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA438C9B243h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA438C9B246h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A09450 second address: A09454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A09599 second address: A095AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA438C9B236h 0x0000000a popad 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A095AB second address: A095B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A095B0 second address: A095B5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A095B5 second address: A095DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FA439220A08h 0x0000000f pushad 0x00000010 jmp 00007FA4392209F8h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A09733 second address: A09782 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B23Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007FA438C9B236h 0x00000012 pop edx 0x00000013 pushad 0x00000014 jmp 00007FA438C9B248h 0x00000019 push esi 0x0000001a pop esi 0x0000001b push edi 0x0000001c pop edi 0x0000001d popad 0x0000001e popad 0x0000001f pushad 0x00000020 jo 00007FA438C9B23Eh 0x00000026 push edi 0x00000027 pop edi 0x00000028 jne 00007FA438C9B236h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A09782 second address: A09788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0A3DC second address: A0A3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0CC15 second address: A0CC2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A10E24 second address: A10E41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pushad 0x0000000d jmp 00007FA438C9B23Bh 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A10E41 second address: A10E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A10A06 second address: A10A23 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA438C9B24Fh 0x00000008 jmp 00007FA438C9B243h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1907C second address: A19083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A19083 second address: A19091 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A19091 second address: A1909B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA4392209E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1909B second address: A190BC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA438C9B241h 0x0000000c push edx 0x0000000d pop edx 0x0000000e jo 00007FA438C9B236h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1DB0C second address: A1DB11 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1F4EE second address: A1F4F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1F4F5 second address: A1F4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1F4FB second address: A1F501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1F367 second address: A1F384 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA4392209F7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A218ED second address: A218F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A218F1 second address: A218F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91A310 second address: 91A314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91A314 second address: 91A33E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FA4392209EAh 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FA4392209F4h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91A33E second address: 91A343 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2D65A second address: A2D665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2D665 second address: A2D66B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3476C second address: A34775 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34A7F second address: A34A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FA438C9B236h 0x0000000a jbe 00007FA438C9B236h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34C39 second address: A34C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34F09 second address: A34F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34F0F second address: A34F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34F1A second address: A34F24 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA438C9B236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34F24 second address: A34F61 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA439220A01h 0x00000008 jmp 00007FA4392209F5h 0x0000000d jbe 00007FA4392209E6h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FA4392209F5h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3509C second address: A350A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3D570 second address: A3D57A instructions: 0x00000000 rdtsc 0x00000002 je 00007FA4392209E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3ED99 second address: A3EDA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDA5 second address: A3EDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3EDA9 second address: A3EDBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA438C9B242h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42502 second address: A4251E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 pop eax 0x0000000a jbe 00007FA4392209E6h 0x00000010 pop edi 0x00000011 popad 0x00000012 push edx 0x00000013 pushad 0x00000014 jl 00007FA4392209E6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4251E second address: A42524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3958F second address: A39599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A39400 second address: A39429 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA438C9B24Fh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FA438C9B247h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A39429 second address: A39448 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA4392209F9h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9637E2 second address: 9637E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7AD86A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7AD947 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 9586CE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 9E2EAD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7B48DE instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 53A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5590000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 7590000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B291C rdtsc

0_2_007B291C

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 5512

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0098CD81 GetSystemInfo,VirtualAlloc,

0_2_0098CD81

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007B291C rdtsc

0_2_007B291C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_007AB97C LdrInitializeThunk,

0_2_007AB97C

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: ZProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00983842 GetSystemTime,GetFileTime,

0_2_00983842

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\Desktop\file.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\Desktop\file.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Bypass User Account Control	261 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	261 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	24 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532740
Start date and time:	2024-10-13 21:03:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, ctldl.windowsupdate.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtProtectVirtualMemory calls found.
VT rate limit hit for: file.exe

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.931710479212867
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'742'848 bytes
MD5:	fc4912bd840edb6289e5e387ca8fa299
SHA1:	cb67b24cb712a88985ca63ccf18d15cc135908ba
SHA256:	c1df7516de3589e7b784d1c92514eed70b346d5f3bb6097d2b02f21268bdfedb
SHA512:	bf81d9fb2d6def2f5f4ce2ad649ad791a88788cb3352e122b08a3b9990c8f9bd106123fd8ce29552877c3f6debdaad4e41eac876204aeb29d09fbb0773c470f2
SSDEEP:	24576:XtczvOmowUm9kOazocMfAuKn6zu2WVq4heNNpBGuRcBoNb5v7zhYilbgbg86p8HO:XtcimowHmoc6Au//WVqDl3zhFxgM
TLSH:	768533065EEFADB4C78B17769C76D5A716B2DC1C45FE88C8262A306EF66FEC01663040
File Content Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... E.. ...`....@.. .......................`E...........`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x852000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:	0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FA4390F3CDAh
pcmpeqd mm3, qword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8055	0x69	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x59c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x81f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x2000	0x4000	0x1200	0d9fc464bdb313359fb2fb40889888c0	False	0.9322916666666666	data	7.790554993050825	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6000	0x59c	0x600	aae15e30898a02f09cc86ed48aa06b09	False	0.4140625	data	4.036947054771808	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x8000	0x2000	0x200	ec9cb51e8cb4ea49a56ee3cf434fb69e	False	0.1484375	data	0.9342685949460681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0xa000	0x2a2000	0x200	b9d753ec05229f963a1ebd5a686ab0e2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ontajrjf	0x2ac000	0x1a4000	0x1a3600	4f7874bbfb2eae361f903683fbbc5427	False	0.9950039586438152	data	7.953007139478122	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
budoaocz	0x450000	0x2000	0x400	4576fe61230cbeee12c8877a772e3310	False	0.7744140625	data	6.053905786004934	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x452000	0x4000	0x2200	9afa05252b119113aaee94f35dc3b130	False	0.006433823529411764	DOS executable (COM)	0.019571456231530684	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x6090	0x30c	data			0.42948717948717946
RT_MANIFEST	0x63ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
kernel32.dll	lstrcpy

Target ID:	0
Start time:	15:04:00
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7a0000
File size:	1'742'848 bytes
MD5 hash:	FC4912BD840EDB6289E5E387CA8FA299
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	3.1%
Signature Coverage:	3.9%
Total number of Nodes:	388
Total number of Limit Nodes:	22

Executed Functions

Function 0098CD81 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,-11B25FEC), ref: 0098CD8D
VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 0098CDEE

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: 68c138ab0617c3b2d4f601caba8672527cebb3fc5148d855a536195cb0dc1ea7
Instruction ID: c14cd7a899c7281e794978d37f1fb37ba0efdb5f33078b59a22ab5aa5c407e52
Opcode Fuzzy Hash: 68c138ab0617c3b2d4f601caba8672527cebb3fc5148d855a536195cb0dc1ea7
Instruction Fuzzy Hash: 3841E5B1D40206ABE735DF74C845F9677ACFB48B40F0004A6F603DE982E77099D58BA4

Function 007AB97C Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f480a3202aa925719713ef82a8400d2f706ed40e511dbfbd60fa3ed8237d2e4
Instruction ID: ddfcbd80506a00b6577bbb58162dc0dc41bab389b489938bf583e53732047985
Opcode Fuzzy Hash: 9f480a3202aa925719713ef82a8400d2f706ed40e511dbfbd60fa3ed8237d2e4
Instruction Fuzzy Hash: 4BA022F3888FC0CEC3032F200803300BE30AB23F02F020283A2000B8C3C32C0000C202

Function 00980DC8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?), ref: 00980ED9
LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 00980EED

Strings

1002, xrefs: 00980EA3
.dll, xrefs: 00980E10
.exe, xrefs: 00980E34

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: .dll$.exe$1002
API String ID: 1029625771-847511843
Opcode ID: 73b8036997b113f509263f68815212b5e72cbfc9b8d41ab907510ea2d4305d92
Instruction ID: 5930c2cd143d7fe3e3679dd234bc45ed1086823ba55bc162f31d888da51a918f
Opcode Fuzzy Hash: 73b8036997b113f509263f68815212b5e72cbfc9b8d41ab907510ea2d4305d92
Instruction Fuzzy Hash: 02314B32400209EFCF55BF60D915BAF7B79FF94350F108969F80656262C7319DA4DB91

Function 009812CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00981260,?,00000000,00000000), ref: 0098138B
GetModuleHandleA.KERNEL32(00000000,?,?,?,00981260,?,00000000,00000000), ref: 00981399

Strings

.dll, xrefs: 00981301

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: HandleModule
String ID: .dll
API String ID: 4139908857-2738580789
Opcode ID: 90dfa6c996b020e71fc78e3b53b5f7565fad437e03c65a592f8a351670fe161d
Instruction ID: ed1758ecdb8f3f35bb0b55d82ad6446167b9dcc52a812826940e2b1dd4549464
Opcode Fuzzy Hash: 90dfa6c996b020e71fc78e3b53b5f7565fad437e03c65a592f8a351670fe161d
Instruction Fuzzy Hash: 4011E171100209EBDB34BF24C80ABAE7ABCFF40351F104B36E40684AE1D3B598E6CB91

Function 00983C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(012918D4,-11B25FEC), ref: 00983CA1
GetFileAttributesA.KERNEL32(00000000,-11B25FEC), ref: 00983CAF

Strings

@, xrefs: 00983C54

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2726393805
Opcode ID: 1dfac53a26e09a24d9e4a77c8df8dd21dcf885ed374824883bcf986e7c94e8db
Instruction ID: 055fc32333219f482be3f262b4e2a2aa42335bfd227d1acc7f30d927fb35afed
Opcode Fuzzy Hash: 1dfac53a26e09a24d9e4a77c8df8dd21dcf885ed374824883bcf986e7c94e8db
Instruction Fuzzy Hash: E7018C71100204FADB21BF28CA0D7AD7E74FF40B04F20C124E942752A1C7B88BA5EB44

Function 0097FCA8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddExtensionA.KERNELBASE(?,00000000), ref: 0097FD0A

Strings

\\?\, xrefs: 0097FD65

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: ExtensionPath
String ID: \\?\
API String ID: 158807944-4282027825
Opcode ID: a28085f392d13448c0fcfa503d98c266b872b7a7d0c60ac922ce4b4c741986f4
Instruction ID: 2dbb0e724cf0c07b9a80c1e27b1fbea4098d93dff891e5b4ea6feadb835aee3a
Opcode Fuzzy Hash: a28085f392d13448c0fcfa503d98c266b872b7a7d0c60ac922ce4b4c741986f4
Instruction Fuzzy Hash: 13315B37A0020ABFDF219F94CD19F9EB779FF48304F108064FA06A54A0D3729A61EB94

Function 009813B7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0097F6F5: GetCurrentThreadId.KERNEL32 ref: 0097F704
Part of subcall function 0097F6F5: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0097F747

GetModuleHandleExA.KERNELBASE(?,?,?), ref: 0098141B

Strings

.dll, xrefs: 009813D8

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: CurrentHandleModuleSleepThread
String ID: .dll
API String ID: 683542999-2738580789
Opcode ID: 7467e4466a55212aecb7996a3204f478821961cf48563878938558cbb5d43786
Instruction ID: ecd5508b8be24cca15d7afa84bc58c639adbdc9e25aead5c2a619cbb88026a43
Opcode Fuzzy Hash: 7467e4466a55212aecb7996a3204f478821961cf48563878938558cbb5d43786
Instruction Fuzzy Hash: 29F03072100205AFDB14EF64D846B6D3BA9FF54311F51C425FD0596161C731C9A6DB61

Function 00983E44 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(012918D4,?,?,-11B25FEC,?,?,?,-11B25FEC,?), ref: 00983EF6

Part of subcall function 00983DF6: IsBadWritePtr.KERNEL32(?,00000004), ref: 00983E04

CreateFileA.KERNEL32(?,?,?,-11B25FEC,?,?,?,-11B25FEC,?), ref: 00983F16

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: CreateFile$Write
String ID:
API String ID: 1125675974-0
Opcode ID: 4b8ff7ba35f09b87920e73715674c7c85b93e15f7fc6b763d316ab169b1fbb17
Instruction ID: eba7e561379aec287cf277855b4fa938693106a3b0ed519f899084f3673d2dab
Opcode Fuzzy Hash: 4b8ff7ba35f09b87920e73715674c7c85b93e15f7fc6b763d316ab169b1fbb17
Instruction Fuzzy Hash: D211293250414AFBEF12AF94CD09B9E7E76BF44704F14C025B906646B2C37ACAB1EB81

Function 009837B0 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0097F6F5: GetCurrentThreadId.KERNEL32 ref: 0097F704
Part of subcall function 0097F6F5: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0097F747

GetCurrentProcess.KERNEL32(-11B25FEC), ref: 009837BD
DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00983823

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: Current$DuplicateHandleProcessSleepThread
String ID:
API String ID: 2846201637-0
Opcode ID: 7a8c90f476e282d462c5abb8b56d8994dccb535975ef0553894723c50f20f77f
Instruction ID: a5d5220e651214560af3e52feb6ff2da6b42068267f760361923c7b2fdbb05aa
Opcode Fuzzy Hash: 7a8c90f476e282d462c5abb8b56d8994dccb535975ef0553894723c50f20f77f
Instruction Fuzzy Hash: 31014B3310014AFB8F12AFA4CC15DAE3F69FF98750B108525F906E1110C735D6A1EB21

Function 0097F6F5 Relevance: 3.0, APIs: 2, Instructions: 33
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 0097F704
Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0097F747

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: CurrentSleepThread
String ID:
API String ID: 1164918020-0
Opcode ID: b99d19689ac5f61638968bfcb316cc374a228fb391fbcfcf0cfaf81d5cf03975
Instruction ID: 5fef0d953cbfa7d747e1f21db165de6513089df6ad4b68b943e33b53db955dba
Opcode Fuzzy Hash: b99d19689ac5f61638968bfcb316cc374a228fb391fbcfcf0cfaf81d5cf03975
Instruction Fuzzy Hash: B8F05933101105EBCB218F60C89536EB7BCFF4030EF204139D10656150D7B01A49E681

Function 0098D7AD Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73b71f61c19a61d5882b88a8b009bc3f81310cb587d4d2b2889370bffce0954c
Instruction ID: 27c072179ae4bfa95231575bace5616f4bf2bf0429c7251b85d412547ba75f01
Opcode Fuzzy Hash: 73b71f61c19a61d5882b88a8b009bc3f81310cb587d4d2b2889370bffce0954c
Instruction Fuzzy Hash: C241A0B1902206EFDB29EF24D944BAE77B9FF04314F248498E552AB7D1C376AC90DB50

Function 00981E2F Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 00981EE4

Part of subcall function 0097F7D3: RtlAllocateHeap.NTDLL(00000000,00000000,0097F47C,?,?,0097F47C,00000008), ref: 0097F7ED

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AllocateCreateFileHeap
String ID:
API String ID: 3125202945-0
Opcode ID: f4bc7c14fcbcc51cd35bd8cb3926a177a9f73fb49c81816b3d69501d1392eb80
Instruction ID: ca2d7ee9962611eaaf12b5b7373fafd898d5b8c83fcda3a0d1bfa5583f6d556d
Opcode Fuzzy Hash: f4bc7c14fcbcc51cd35bd8cb3926a177a9f73fb49c81816b3d69501d1392eb80
Instruction Fuzzy Hash: 62316171900204FFEB20AF64DC45FAEBBBCFF45314F208169FA19AA291D7719A52DB50

Function 0098164B Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0097F7D3: RtlAllocateHeap.NTDLL(00000000,00000000,0097F47C,?,?,0097F47C,00000008), ref: 0097F7ED

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 009816CD

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AllocateCreateFileHeap
String ID:
API String ID: 3125202945-0
Opcode ID: 321835cfc8416507d3ffe53ab131d8581cc2cbbe3e269d7812a9699af8591dd3
Instruction ID: 4e87e72fe19d87386dc7b316f54116b11449c342db242602fcf838897aa47240
Opcode Fuzzy Hash: 321835cfc8416507d3ffe53ab131d8581cc2cbbe3e269d7812a9699af8591dd3
Instruction Fuzzy Hash: 7C31A071600208BBEB20AF64DC45FADB7BCFB44724F308269F615EA2D1D3B1A5528B54

Function 0098D4FA Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,?), ref: 0098D5A7

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 186089757c8b77e2848354ccf6452c7da4e0a0eebbaf16a8a34357ba8e22708a
Instruction ID: f987bd09e8cef656c3d6394ae6b561cff3267d13210e1c42a103e598e3938526
Opcode Fuzzy Hash: 186089757c8b77e2848354ccf6452c7da4e0a0eebbaf16a8a34357ba8e22708a
Instruction Fuzzy Hash: 1B115171A032299BEB20AA148C48BEA777CAF54758F1040A6B905E62C9DB74DD818BB5

Function 054F0D43 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 054F0DCD

Memory Dump Source

Source File: 00000000.00000002.2242389014.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54f0000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: de319e199c47c0afa174738f6ef168cf0560b303f99af9623c49c18d0de99abc
Instruction ID: 4bd1e2170e5f06772d0ed27c1c15f590a222c7b331b7025e3bd99997b9d91cc9
Opcode Fuzzy Hash: de319e199c47c0afa174738f6ef168cf0560b303f99af9623c49c18d0de99abc
Instruction Fuzzy Hash: 272135B6C012099FCB10CF99D988ADEFBF4FB88310F14815AD909AB305D734A540CFA5

Function 054F0D48 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 054F0DCD

Memory Dump Source

Source File: 00000000.00000002.2242389014.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54f0000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 8d0ca624d073ed45af8e77a71d4cd49bc13161b13e119161c6239db1e144b49d
Instruction ID: 5522824e892fd82f140bb97bb3bf4c9c11302977fbbf12c1c1eaa0bd665bfa48
Opcode Fuzzy Hash: 8d0ca624d073ed45af8e77a71d4cd49bc13161b13e119161c6239db1e144b49d
Instruction Fuzzy Hash: 362144B6C012099FCB10CF99D988ADEFBF4FB88310F14815AD909AB305D734A940CFA5

Function 054F1510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 054F1580

Memory Dump Source

Source File: 00000000.00000002.2242389014.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54f0000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: d027b3ba465b7009226b21599ad86b9aff1c6ab4bff08ac36e681df7b4745ca8
Instruction ID: 96a846a5ab40086b7f14ad1bf0b70e3a2f42bf4a877a72854a080e2dde7e92bd
Opcode Fuzzy Hash: d027b3ba465b7009226b21599ad86b9aff1c6ab4bff08ac36e681df7b4745ca8
Instruction Fuzzy Hash: 2411E2B1D00249DFDB10CF9AC584BDEFBF4EB48320F10842AE959A3250D378AA45CFA5

Function 054F1509 Relevance: 1.6, APIs: 1, Instructions: 53serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 054F1580

Memory Dump Source

Source File: 00000000.00000002.2242389014.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54f0000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 4ac39c8792102c633d0df0eb9b8fd5e2bbcd744ec2051f83f4b68cf708160b1c
Instruction ID: 64fd13ce2b898ec943b9b3dbf11eb053c0501236ca8fcec514f761bd70236b21
Opcode Fuzzy Hash: 4ac39c8792102c633d0df0eb9b8fd5e2bbcd744ec2051f83f4b68cf708160b1c
Instruction Fuzzy Hash: 532106B5D00249CFDB10CFAAC544BDEFBF4EB48310F10842AD519A3250D378A544CFA5

Function 0098497C Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0097F6F5: GetCurrentThreadId.KERNEL32 ref: 0097F704
Part of subcall function 0097F6F5: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0097F747

MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-11B25FEC), ref: 00984A03

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: CurrentFileSleepThreadView
String ID:
API String ID: 2270672837-0
Opcode ID: f9b025b4b4e2ea627606b0748cde04e34c4a637a4a00ecd10e778216a1c7e2cb
Instruction ID: a51e35e413186f16263eb063947c3113854d904bd45c76c83070e971b67f9e70
Opcode Fuzzy Hash: f9b025b4b4e2ea627606b0748cde04e34c4a637a4a00ecd10e778216a1c7e2cb
Instruction Fuzzy Hash: C311F73310010BEACF22AFA8DD09EAF3B6AFF88341B008421FA1196121D736C571EB65

Function 00984764 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: CurrentSleepThread
String ID:
API String ID: 1164918020-0
Opcode ID: 276ecec352744fff2832c1884d04b2b997b4bb7e66479534c2277b5846d9678b
Instruction ID: ebd1f17e5eeccec7d49171e91672eab09a07cf6af4fa7b7b29eebcb659977881
Opcode Fuzzy Hash: 276ecec352744fff2832c1884d04b2b997b4bb7e66479534c2277b5846d9678b
Instruction Fuzzy Hash: CB11213210024BEECF11BFA4D809B9E7BB9FF85744F148421F91596261D739C961EB61

Function 054F1301 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 054F1367

Memory Dump Source

Source File: 00000000.00000002.2242389014.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54f0000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 04235d9ee2c0f20db0a83304341b74ed5be0f014e44b3a4d8daad1773e558f94
Instruction ID: 569f4e976ca990e8a9c6fb44555d7bf74d4fa21eacd4a9ad25486326c9ddfa6f
Opcode Fuzzy Hash: 04235d9ee2c0f20db0a83304341b74ed5be0f014e44b3a4d8daad1773e558f94
Instruction Fuzzy Hash: 6D1113B1C00249CFDB10CFAAC945BDEBBF8EB49324F24845AD518A3650D778A944CFA5

Function 054F1308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 054F1367

Memory Dump Source

Source File: 00000000.00000002.2242389014.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_54f0000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 88b4fc8fa6eae1ce84eaef69c6e0014be30b6bfd46ed7b35edb5a13d76a5afe6
Instruction ID: e836990b635b09a4fb51020bc4411325e1d62ab6468707b5dfa2719e55f4e427
Opcode Fuzzy Hash: 88b4fc8fa6eae1ce84eaef69c6e0014be30b6bfd46ed7b35edb5a13d76a5afe6
Instruction Fuzzy Hash: BA1133B1C00249CFDB10CF9AC544BDEFBF8EB48320F20846AD518A3250D778A944CFA5

Function 00984048 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0097F6F5: GetCurrentThreadId.KERNEL32 ref: 0097F704
Part of subcall function 0097F6F5: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0097F747

ReadFile.KERNELBASE(?,00000000,?,00000400,?,-11B25FEC,?,?,00981D77,?,?,00000400,?,00000000,?,00000000), ref: 009840B4

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: CurrentFileReadSleepThread
String ID:
API String ID: 1253362762-0
Opcode ID: d78252a0a07ac06003203e7c0c7f30dec7ed1846a017fc35f7d57ee472a79650
Instruction ID: c54ef64309eaa4789d7dc13b2a42649e0beb2515b71ed1af6581c2151caa33ed
Opcode Fuzzy Hash: d78252a0a07ac06003203e7c0c7f30dec7ed1846a017fc35f7d57ee472a79650
Instruction Fuzzy Hash: 46F0C43210410AEACF126FA8DC19E9E3F6AFF98340F108525FA159A121D736C9A1EB61

Function 0098102B Relevance: 1.5, APIs: 1, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(009807E1,009807E1), ref: 00981076

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: 2bea6240bd07edf5c16409eecebfbf7f36eafc0c56d5948a1b0a748d8792e728
Instruction ID: 1478c3f0c5c9a0666e4c1fc5cb265e5fe503d0bff0cafe25b68e658f83cdcc95
Opcode Fuzzy Hash: 2bea6240bd07edf5c16409eecebfbf7f36eafc0c56d5948a1b0a748d8792e728
Instruction Fuzzy Hash: 92E09232104144B6CF513FB4CC1AA6D2F1DAED0340B108431B80AD4222CB34C5A2E720

Function 0097F7D3 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000000,0097F47C,?,?,0097F47C,00000008), ref: 0097F7ED

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: cf8f349d3e494413573d0d98999c2bf0abcb31b4ab527fffdc9e40403376a407
Instruction ID: 430a144ecdcfa7b1619e57f8636dc13b8c1e32e6ccdb95260a9a4439e98026a1
Opcode Fuzzy Hash: cf8f349d3e494413573d0d98999c2bf0abcb31b4ab527fffdc9e40403376a407
Instruction Fuzzy Hash: F1D01273200206FBDE205E59DC09F9FBABCEB85B95F404135F50390480DB75E052D6B8

Function 007AE16D Relevance: 1.3, APIs: 1, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 007AE857

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b9d8c038890619a9108f9acca2fc9bb4a57858c0da99c45c05f13dea575b898d
Instruction ID: ca14ed7a3756e7f55d9cd8b4a5554b02fac00049f818e7bf9f4b0a9fda496627
Opcode Fuzzy Hash: b9d8c038890619a9108f9acca2fc9bb4a57858c0da99c45c05f13dea575b898d
Instruction Fuzzy Hash: 940128B550C204DFE715AF69C84167EFBF5EF98700F01892CEAD593210E23628649A97

Function 0097F8C6 Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(?,?), ref: 0097F92A

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: f9aaa9ad855d0ed57c44d421f1de6adba9faa4c03dc29bba640a76f8c32451d2
Instruction ID: 477178b4282c32f2be6e0d064d33fca7ae248f1c7f6bc07f3e26f4e3e78db7d6
Opcode Fuzzy Hash: f9aaa9ad855d0ed57c44d421f1de6adba9faa4c03dc29bba640a76f8c32451d2
Instruction Fuzzy Hash: F501E83760010AFFCF119FA5CC15EDEBB7AEF45350F0081B1A90AA4460E7329A61EF64

Function 0098D124 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,0098D120,?,?,0098CE26,?,?,0098CE26,?,?,0098CE26), ref: 0098D144

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b1beb94a9ace58e83e0a2d37490612d5fe22058069366458a7a2415193fa688a
Instruction ID: a89822ba4d994e648e9634b3837effed12aa7b9fba87cdba90137569beae8fb4
Opcode Fuzzy Hash: b1beb94a9ace58e83e0a2d37490612d5fe22058069366458a7a2415193fa688a
Instruction Fuzzy Hash: 75F0DCB1904205EFD728DF14CD09B59BFE4FF48761F108028E54A9F691E3B1A8C0CB90

Function 00982449 Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 0097F6F5: GetCurrentThreadId.KERNEL32 ref: 0097F704
Part of subcall function 0097F6F5: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 0097F747

CloseHandle.KERNELBASE(00981E0C,-11B25FEC,?,?,00981E0C,?), ref: 00982487

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: CloseCurrentHandleSleepThread
String ID:
API String ID: 4003616898-0
Opcode ID: 7ce4b36397b6715e0708533fe95bf47b9aabdde4f562911354d868f2ea1b5540
Instruction ID: 2d4b99bfa494d732ebd2c2430bda7d71dda5a01ac44a2692f2cd5b5b11b38c4c
Opcode Fuzzy Hash: 7ce4b36397b6715e0708533fe95bf47b9aabdde4f562911354d868f2ea1b5540
Instruction Fuzzy Hash: F6E04F73204106A9CA207BBDD81EE6E2A6DFFD1344B508535B007A6121DA24C5928335

Function 007AE2CE Relevance: 1.3, APIs: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 007AE537

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2e8683a04553baf4877f93c85d29e00a82de6c25b2e2db28e423fcd9b7d571e3
Instruction ID: 94317928801a388aa34c8b012da81c333d663e456eafa9ab0f95641f47e4469b
Opcode Fuzzy Hash: 2e8683a04553baf4877f93c85d29e00a82de6c25b2e2db28e423fcd9b7d571e3
Instruction Fuzzy Hash: 58F0397644E309DBD7082F3285081AEBBA0EF45721F668A2DE8DA47681D6354C90DB16

Function 0098150E Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,0097F594,?,?), ref: 00981514

Memory Dump Source

Source File: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0006d99d6cf12ba648c65204fe939011e871754c2da188d2313f65b8161b1dbe
Instruction ID: 2e14ea055e510579baf3c020ca4a695d89ddb4c74a448679fb61e96acc8190aa
Opcode Fuzzy Hash: 0006d99d6cf12ba648c65204fe939011e871754c2da188d2313f65b8161b1dbe
Instruction Fuzzy Hash: 3BB09231000208BBCB41BFA1DC06C4DBF6DFF913A8B508120B90655132DB76E9729BA4

Non-executed Functions

Function 00912222 Relevance: 11.6, Strings: 8, Instructions: 1640COMMON

Download Yara Rule

Strings

{O;N, xrefs: 00913030
W&[, xrefs: 00912C24
H}w{, xrefs: 009126BB
:1Y, xrefs: 00913107
3}o, xrefs: 00913158
>^N, xrefs: 00913606
FX?, xrefs: 0091307E
r*], xrefs: 00912DCA

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: 3}o$:1Y$>^N$FX?$H}w{$W&[${O;N$r*]
API String ID: 0-1195994877
Opcode ID: 75e9955e9a7ebb1214c8ae8646655fb479476468cd66de130765baa3f9a66d9d
Instruction ID: 9cf2feffc78e5b368e1980d90ecb7bd2a355a7b723da7f367dc96919738cc515
Opcode Fuzzy Hash: 75e9955e9a7ebb1214c8ae8646655fb479476468cd66de130765baa3f9a66d9d
Instruction Fuzzy Hash: 2CB209F360C2049FE304AE2DEC8577ABBE6EF94320F1A853DE6C4C7744E67598058696

Function 0092613D Relevance: 9.1, Strings: 6, Instructions: 1640COMMON

Download Yara Rule

Strings

dL~:, xrefs: 009261D4
Y{[, xrefs: 00926C77
V/;, xrefs: 00926A97
&l?~, xrefs: 00926A33
ed?_, xrefs: 00926CBA
WQ-?, xrefs: 00926ACC

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: &l?~$V/;$WQ-?$Y{[$dL~:$ed?_
API String ID: 0-4168958788
Opcode ID: 5ef1f261aea9bad5e553dcb07805073c8ef070090b4d483d08f4d767654150b2
Instruction ID: a84cbeb44df217d94607d6e04a9fd761f4f4a2b467814b862f58a96ea5384201
Opcode Fuzzy Hash: 5ef1f261aea9bad5e553dcb07805073c8ef070090b4d483d08f4d767654150b2
Instruction Fuzzy Hash: 98B226F3A0C2049FE7046E2DEC4567ABBE9EF94720F1A492DEAC5C7340EA3558058797

Function 009246D9 Relevance: 9.1, Strings: 6, Instructions: 1595COMMON

Download Yara Rule

Strings

Bu=, xrefs: 00924A6F
_uz, xrefs: 00924880
;>?|, xrefs: 00924FF6
4x9, xrefs: 00925801
Rwqw, xrefs: 00925743
/S5, xrefs: 009249C4

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: Bu=$/S5$4x9$;>?|$Rwqw$_uz
API String ID: 0-819627457
Opcode ID: 62e97cc729247f2a744023b2c43277707d720f6d6cd634738584bb5e318c9e12
Instruction ID: 953d6e25fd4ebc251309495488b6669428495e8879311daf8fe32ea5ad520841
Opcode Fuzzy Hash: 62e97cc729247f2a744023b2c43277707d720f6d6cd634738584bb5e318c9e12
Instruction Fuzzy Hash: CAB2C5F3A086009FE304AE2DDC8566AFBE6EFD8320F16893DE6C4C7744E63558158697

Function 0080E189 Relevance: 3.0, Strings: 2, Instructions: 456COMMON

Download Yara Rule

Strings

xo>, xrefs: 0080E61E
#s}O, xrefs: 0080E56C

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: #s}O$xo>
API String ID: 0-2401486272
Opcode ID: 2192b74d62593fb779c26c26dd53bfcf31b5a9dac613b6d762c8dce91b26c23c
Instruction ID: 7acad875213683e6cd1e670457f1385cc03a5dc03e33f391ded00d70d9fe54ac
Opcode Fuzzy Hash: 2192b74d62593fb779c26c26dd53bfcf31b5a9dac613b6d762c8dce91b26c23c
Instruction Fuzzy Hash: 7DE1F2F3E145208BF3485E28DC5537AB6D6EB94320F2B823D9E89977C4D93E9D098385

Function 007F6015 Relevance: 2.9, Strings: 2, Instructions: 371COMMON

Download Yara Rule

Strings

", xrefs: 007F616F
}u, xrefs: 007F6346

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: "$}u
API String ID: 0-1845426528
Opcode ID: af9aa03ffd2c53909da81d4933e9adaae13e573ccf488c4f363bfe3a435a51ae
Instruction ID: 94236c38d61dce33a0a3703933dd74598182df865ccce94d7e86d2cb87e7cbe8
Opcode Fuzzy Hash: af9aa03ffd2c53909da81d4933e9adaae13e573ccf488c4f363bfe3a435a51ae
Instruction Fuzzy Hash: 69C1E0F3F152144BF3444E29DC94366B697EBE4350F2B813CCA88977C8E97A9D0A8385

Function 00824488 Relevance: 1.8, Strings: 1, Instructions: 556COMMON

Download Yara Rule

Strings

A](,, xrefs: 00824C7E

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: A](,
API String ID: 0-151887854
Opcode ID: 126bd55ed223beee75bed739e3bc870ac7325693dd5c2adf126a7248d00bb74f
Instruction ID: e078f5efd8343f396edbed77c3463b7e139caa14c815413fc677c9bc0c96f372
Opcode Fuzzy Hash: 126bd55ed223beee75bed739e3bc870ac7325693dd5c2adf126a7248d00bb74f
Instruction Fuzzy Hash: 0802D0F3E146244BF3544929DC883667686DBE4324F2F82389F88AB7C9E87E9D0543C5

Function 008021C0 Relevance: 1.7, Strings: 1, Instructions: 486COMMON

Download Yara Rule

Strings

5_, xrefs: 008027D9

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: 5_
API String ID: 0-3436942435
Opcode ID: 1b8486a09adf777673e6899d1cf6206175aa996cacf9f1a94042493cc19e000e
Instruction ID: d545f7aa5bd2c4c8b86987e8fe5338cfec8c5b4f07d75b3cc49733e8aeef7ca9
Opcode Fuzzy Hash: 1b8486a09adf777673e6899d1cf6206175aa996cacf9f1a94042493cc19e000e
Instruction Fuzzy Hash: 47F1EEF3E146104BF3505A38DC983667692EB94320F2B853CDE889B7C5E93E9D0A8785

Function 00828606 Relevance: 1.7, Strings: 1, Instructions: 481COMMON

Download Yara Rule

Strings

$`n3, xrefs: 00828C42

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: $`n3
API String ID: 0-40700778
Opcode ID: 0beadbdcc0d981c4dcf1eb86644fefb77ce523ae1a0fd3a01f9790c1352bf5bf
Instruction ID: a6225aeedc9f74e3b144cced4f328c3714c257ae59b158c5727533cf6f89ada0
Opcode Fuzzy Hash: 0beadbdcc0d981c4dcf1eb86644fefb77ce523ae1a0fd3a01f9790c1352bf5bf
Instruction Fuzzy Hash: CAF1D2B3E142108BF7549E29DD98366B6D2EFD4320F2F853C8A88A77C4D93E5D098785

Function 00814475 Relevance: 1.7, Strings: 1, Instructions: 463COMMON

Download Yara Rule

Strings

*dJw, xrefs: 0081493E

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: *dJw
API String ID: 0-1709355178
Opcode ID: 2f33c620908fd3d099e0d78358fa1208e93a143f3a675d2bfa0e83cc18a73f6c
Instruction ID: 243b71adeb4af85299aaa996ed9d667dc3c15d09ea24d527d667a757d0311276
Opcode Fuzzy Hash: 2f33c620908fd3d099e0d78358fa1208e93a143f3a675d2bfa0e83cc18a73f6c
Instruction Fuzzy Hash: A2E10FB3F1422447F3089D29DC49366B686DB94320F2F823D9A99E77C4D97E9D0A8380

Function 0089005D Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

A=, xrefs: 008905CC

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: A=
API String ID: 0-1059836486
Opcode ID: c2b1a99d89ad85fac779e24a97fc7b6b9792dc94e8672157da16e7d5c272e9d8
Instruction ID: 5c20a75e7c2caa679767d304b16773230406d21fa1e0f8ee03878e2182f53e86
Opcode Fuzzy Hash: c2b1a99d89ad85fac779e24a97fc7b6b9792dc94e8672157da16e7d5c272e9d8
Instruction Fuzzy Hash: D7E1F5F3E156148BF3145D28DC84366B697EBD4320F2B823D8A98977C8E93E9D098781

Function 007E6175 Relevance: 1.7, Strings: 1, Instructions: 420COMMON

Download Yara Rule

Strings

1<Y, xrefs: 007E6657

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: 1<Y
API String ID: 0-2546145481
Opcode ID: 6f08f46fa20ca387e9db23c4f0126152a58ec356e270321418376a4ffe5f6863
Instruction ID: 9e691b3e1d1dd73ef0a61150cc6726c49f00ffa45d8d84c9cdefc0e431c6fb0b
Opcode Fuzzy Hash: 6f08f46fa20ca387e9db23c4f0126152a58ec356e270321418376a4ffe5f6863
Instruction Fuzzy Hash: 1DD10FF3E152108BF3504E29DC94366B7A6EBE4720F2F853DDA88977C4E93E59098784

Function 008251B4 Relevance: 1.6, Strings: 1, Instructions: 336COMMON

Download Yara Rule

Strings

U, xrefs: 008253BE

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 5eb5bcfdabfc53a6ad8794cbcf81fbfa0acd3b29cdd3efea0e635436dcf8cd00
Instruction ID: a458ffb3d63a5afcc8aa55a3147f551bff5fd5007be747a2693b557d28f60ebe
Opcode Fuzzy Hash: 5eb5bcfdabfc53a6ad8794cbcf81fbfa0acd3b29cdd3efea0e635436dcf8cd00
Instruction Fuzzy Hash: D9B159F3F1162447F3544838CD983A26583D7E4315F2F82788E5CABBCAE87E9D0A5284

Function 0083E343 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

7, xrefs: 0083E441

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 27c2ddefca64e0d6b7450af3e0e1354b13039d6cb70347008135f91acdfd4df1
Instruction ID: 257a608c97f1a594351b1c11ea43d590956e76520d7e62e6c0990d3713d5329d
Opcode Fuzzy Hash: 27c2ddefca64e0d6b7450af3e0e1354b13039d6cb70347008135f91acdfd4df1
Instruction Fuzzy Hash: CBB16EB3F1152547F3544938CD583A2658397D4321F2F82788E5CABBC9EC7E5D4A5384

Function 008841C2 Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

(, xrefs: 00884351

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 6801db5f857d59001d09628f312c33fe3c7352368f469034d0587c42131bef2c
Instruction ID: 8e3c7e1138cd5909702f4401b26340452f57827c5d372cd208242cf1589aa490
Opcode Fuzzy Hash: 6801db5f857d59001d09628f312c33fe3c7352368f469034d0587c42131bef2c
Instruction Fuzzy Hash: 8AB17AB7E121254BF3540938CD58362B653AB95320F2F82788E5C6BBC5DD7E5E0A93C4

Function 00893050 Relevance: 1.5, Strings: 1, Instructions: 288COMMON

Download Yara Rule

Strings

p.#I, xrefs: 0089325B

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: p.#I
API String ID: 0-3372325439
Opcode ID: 3b1fe54ecf52f6b85536ea7ea156a1b949c635730b099e763b39fb945f54b4c3
Instruction ID: 098b7be6536c16319f8e27e58c3b05e6fe4a7878f1f1201e27439fa696d1589b
Opcode Fuzzy Hash: 3b1fe54ecf52f6b85536ea7ea156a1b949c635730b099e763b39fb945f54b4c3
Instruction Fuzzy Hash: 5EA1AEB3F1122547F3544928DC983A16683E7E5324F2F82788E5DAB7C5D87F9D0A5384

Function 008A106B Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

', xrefs: 008A1163

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: '
API String ID: 0-1997036262
Opcode ID: ffa020e50c2c26c79c42f3371614a637628d9a5f372cbff39bdec8a0c8b1400d
Instruction ID: 5fa7653fed3fe02dbc25b0b90d2876fd0c052678e2ec68cbfa32ff9a4c766b0f
Opcode Fuzzy Hash: ffa020e50c2c26c79c42f3371614a637628d9a5f372cbff39bdec8a0c8b1400d
Instruction Fuzzy Hash: F2A16CB3F2112647F3584D39CC983627283DB95320F2F82798E5DAB7C5D97E9D0A9284

Function 00819096 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

<, xrefs: 008192D5

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 4e405c5536612db956f16206ae39ba767446636db6da2abc6f160c74a7d9f257
Instruction ID: 8150abdd05a16a8e4c921d6749d407ddc3da3e104b6ef0844acb64e20bdd37b1
Opcode Fuzzy Hash: 4e405c5536612db956f16206ae39ba767446636db6da2abc6f160c74a7d9f257
Instruction Fuzzy Hash: 1A9166F3F5062547F3584839CC693A26583DBA4314F2F817D8F4AAB7C9D87E9D0A9284

Function 008622C5 Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

U, xrefs: 00862426

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 4bc291dabe49dff4ebc2e95e02fedacb3422fb97353235a0810638f5502f5183
Instruction ID: 519620e9941c8d2a859af79c1a832cdc6cbea7b9d3f38eb421063d072a09b2c6
Opcode Fuzzy Hash: 4bc291dabe49dff4ebc2e95e02fedacb3422fb97353235a0810638f5502f5183
Instruction Fuzzy Hash: D291A0B3F116258BF3504D28CC983A27292EB95321F2F42788E5CAB7C5D97E5E0997C4

Function 0088057B Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

1, xrefs: 00880613

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: 418524871ce6f6bdacf052834454219fcc436b14a2bde6aef9c635fc2f0e4af5
Instruction ID: de4af0c51d7c97300f8e0201395b71bc37eb8c1bcc9286c331ef009257579260
Opcode Fuzzy Hash: 418524871ce6f6bdacf052834454219fcc436b14a2bde6aef9c635fc2f0e4af5
Instruction Fuzzy Hash: 02918AB3F116254BF3444929CC583627683DBE5725F2F81788B495B7C8EC7E9E0A9384

Function 0085B011 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

Q, xrefs: 0085B0B4

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: Q
API String ID: 0-3463352047
Opcode ID: 5f48098bfc06b1aa119bd5a6f47a239968575d3cac9f5b1124218b1fc7d915b8
Instruction ID: da1037e957cd8cf64613a01d6134e84ebaced0098651a2b069b6c9731a1681e5
Opcode Fuzzy Hash: 5f48098bfc06b1aa119bd5a6f47a239968575d3cac9f5b1124218b1fc7d915b8
Instruction Fuzzy Hash: 5D819AF3E1113047F3540968CC98362A682AB95320F2F82788E5C7B7C5E9BF9D0A53C4

Function 008C615C Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

C, xrefs: 008C62C5

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 1039ef791c81601223716787e449845826858bb181332a56d656383d25154d57
Instruction ID: 1d7126905ad0759ac7ae4f442fe61ab5962bf78db1d17034588ae0d6d52082f9
Opcode Fuzzy Hash: 1039ef791c81601223716787e449845826858bb181332a56d656383d25154d57
Instruction Fuzzy Hash: 34814BB3E1162587F3548D29CD583627683D7D4321F2F82788E8C677C9D97E5E0A9384

Function 00834588 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

t, xrefs: 00834693

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: e06128210bb17139c44b76794b7c95d2749f83820d3de23164e87c88097fcff8
Instruction ID: c925de28856a0376f57ae373aec736fe51e69806a13aa77c0115bf83e43f3755
Opcode Fuzzy Hash: e06128210bb17139c44b76794b7c95d2749f83820d3de23164e87c88097fcff8
Instruction Fuzzy Hash: 5A8159F7F1262547F3844939CD983626683DBE1325F2F82788B585BBC9DC7E5D0A8284

Function 0086E109 Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

@, xrefs: 0086E1AC

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 271ab35cbab53c4ebae382fa67016d4072bf446dd38c5d373e501a992de40bf9
Instruction ID: 8886a8ef1799faa6b5d332abaa81f672a2422e03770603734b89c112e4b58227
Opcode Fuzzy Hash: 271ab35cbab53c4ebae382fa67016d4072bf446dd38c5d373e501a992de40bf9
Instruction Fuzzy Hash: 0A71BCB7F2162547F3580D28CCA83A27682DBA5310F2F827C8F496B7C9D87E5D099384

Function 007EB14E Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

`, xrefs: 007EB1D0

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 3f169b93fd6b25fd0d8d575c0226e7be2b25cbcc7e7c0eeaa8767f2a61345121
Instruction ID: c296ccee09ff955fe37409fc762171099a0106bd84fee92468bd8ff510e0f361
Opcode Fuzzy Hash: 3f169b93fd6b25fd0d8d575c0226e7be2b25cbcc7e7c0eeaa8767f2a61345121
Instruction Fuzzy Hash: BA6188B3F211248BF3544E28CC983A27653EBD4714F2E417D8A896B7C4D97F6E0A9384

Function 007F6330 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

}u, xrefs: 007F6346

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID: }u
API String ID: 0-2145603133
Opcode ID: e3d156d519129a559962abc16c176ebe4b6d26bd4877229cecc3bd81f42bb620
Instruction ID: c87f754b5aaec0ce3424bb1cd9ca880e6b7a977e9a52fb6359d89c436fdd8229
Opcode Fuzzy Hash: e3d156d519129a559962abc16c176ebe4b6d26bd4877229cecc3bd81f42bb620
Instruction Fuzzy Hash: DA5149F3A083045BD3016E2DEC8572AB7D9DFA0250F1B463DEAC4D7748EAB69D054396

Function 008C82E0 Relevance: .6, Instructions: 560COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b1c1294cb6ab4a276abb06fd830be99f4dcef1166b5d166f0b2be2f8058bed
Instruction ID: 73089c320352792fcaa981d5d966bf021ad118076dc46194a956563f9d199143
Opcode Fuzzy Hash: b5b1c1294cb6ab4a276abb06fd830be99f4dcef1166b5d166f0b2be2f8058bed
Instruction Fuzzy Hash: 3C12C0F3F146208BF3545D29DC88366B692EBD4320F2B863D8E88977C5D97E8D098781

Function 008046F1 Relevance: .6, Instructions: 559COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bd440f6a967f85acf8e095ee0f328e3bf9a2e6f578954d3ad1a56f3f957280b
Instruction ID: ed3438a4f947caeb079bd973e8b9d43dd154ce0844a261611f9025b6f25f5a14
Opcode Fuzzy Hash: 2bd440f6a967f85acf8e095ee0f328e3bf9a2e6f578954d3ad1a56f3f957280b
Instruction Fuzzy Hash: F802BCF3F142108BF3484E29DC99376B692EB94720F2F863D8B89973C4D97E5D068685

Function 00852199 Relevance: .5, Instructions: 533COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eea2cc42355a821b82d4abc3347b3af510d69fa9d172afe3dac8a51693f493d
Instruction ID: 149b98976b0741dfa241d1798316117773abfd9e99727dd35632f949dc5f0a3d
Opcode Fuzzy Hash: 5eea2cc42355a821b82d4abc3347b3af510d69fa9d172afe3dac8a51693f493d
Instruction Fuzzy Hash: 69024AF7E60B250BF7640878DDD83A15583E7A5325F2F42788F989B3C2E8BE5C494284

Function 00866236 Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aefade77e1cef0c1ddd0a3f9d825a0e1337ff5e6fad216abbbed7933b1748f1c
Instruction ID: 83f146ad0dd7f9ec70782674c964f1df1b5cb3db5c8fe84d39e9a6cb689df137
Opcode Fuzzy Hash: aefade77e1cef0c1ddd0a3f9d825a0e1337ff5e6fad216abbbed7933b1748f1c
Instruction Fuzzy Hash: 1B02AEF3F146144BF3585939DC993A6B692DB94320F2B823C8F8D9B7C4D93E5D0A8285

Function 008D8173 Relevance: .5, Instructions: 510COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a6e872cb3498873e41e98103ed1828e466bc9730cd18c9e9f39411cd7f4ac24
Instruction ID: ef612e296a2a3a430b93b6cb5f8af9bbed06932cb4d1e5e9249c65f19de31cd3
Opcode Fuzzy Hash: 0a6e872cb3498873e41e98103ed1828e466bc9730cd18c9e9f39411cd7f4ac24
Instruction Fuzzy Hash: 45F103B3E142248BF3145E39DC98366BA92EB94310F1B863DDE88A77C4D97E5C0987C5

Function 007C427A Relevance: .5, Instructions: 500COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c03bb4fac6c88ac3900c4d83e6294c530e11d1a75831d36c55e9897f87f5910d
Instruction ID: 62a48e7193c92c11b0a2d5c3dfc6851c4411bf73342d8ad8b938be2afbda6c3d
Opcode Fuzzy Hash: c03bb4fac6c88ac3900c4d83e6294c530e11d1a75831d36c55e9897f87f5910d
Instruction Fuzzy Hash: 3AF1F0F3F152248BF3145928DC5837AB696EBD4720F2F823C8E98977C5E93E5D098285

Function 007E0270 Relevance: .5, Instructions: 490COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf90f665139f24a2d8a5181fee2d30fe4132b1211d18a8d4339f6d658fe44c6c
Instruction ID: e9d457cec751fd11915187bb47a1689150cceed92615d0879ec494da0ade6e8b
Opcode Fuzzy Hash: cf90f665139f24a2d8a5181fee2d30fe4132b1211d18a8d4339f6d658fe44c6c
Instruction Fuzzy Hash: 5BF1E1F3F142204BF3445E28DC843667692EB95320F2F863C9B989B7C4D93E9D0A9785

Function 0080C24C Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c510d730404b706bf774387a9357f08d458401afeeeb836a3f2e18d37ede3d2d
Instruction ID: 2374b86dfa751aa37dd07f4056f7ecab8af297ebd21c36bd1111c677cce39936
Opcode Fuzzy Hash: c510d730404b706bf774387a9357f08d458401afeeeb836a3f2e18d37ede3d2d
Instruction Fuzzy Hash: 17F1BDF3E142108BF3545E29CC54366B6D3EBD4320F2B863C9A98977C4DA7E5D0A8785

Function 0088C5F3 Relevance: .5, Instructions: 451COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b86b26bff5a5613bd1185423891756746c76b840b7e35b4acedefbb92a9736
Instruction ID: 599a869d6d9cf1925599833a4285f582fb9010efacdb7921e9d36b76219308da
Opcode Fuzzy Hash: 30b86b26bff5a5613bd1185423891756746c76b840b7e35b4acedefbb92a9736
Instruction Fuzzy Hash: DEF1E3F3E142248BF3445E28CC9436AB692EB94320F2F863CCAD99B7C4D93E5D458785

Function 007EE2C1 Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ff8c6e13a1960aba3ab4055fe0c8a99a097ea87a1de4764dcaed335d4e717a2
Instruction ID: 1af069f9e925e72458c4404b4d489a88143a52ba2b04652137931e381b3a79ab
Opcode Fuzzy Hash: 6ff8c6e13a1960aba3ab4055fe0c8a99a097ea87a1de4764dcaed335d4e717a2
Instruction Fuzzy Hash: EAE1E2F3F102104BF3544939DD983667AD6DBD4324F2B823C9B989BBC4D97E5D0A8284

Function 008E2515 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 969d23f483ca5139b8cc1a8e82100970dc0a077aa9a7b20de2a41a71d800707e
Instruction ID: 18104cdf20d163ce7a2932b7497b11704ac2ebb0adfe9a18d7280f2b37ec8c7e
Opcode Fuzzy Hash: 969d23f483ca5139b8cc1a8e82100970dc0a077aa9a7b20de2a41a71d800707e
Instruction Fuzzy Hash: 5DD115F3E146258BF3504D39DC8836676D6DBD4720F2F823D9A88A77C8D97E4D098281

Function 0085E421 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af0a1d8213b68b008ab5e0a0352343322c1273f86313b2e76967e0b515f1cf24
Instruction ID: e1ddf88f5c3e44096e2b0fe2b1c4a9a960ac295b67e70866ce04f5b3b8390ca8
Opcode Fuzzy Hash: af0a1d8213b68b008ab5e0a0352343322c1273f86313b2e76967e0b515f1cf24
Instruction Fuzzy Hash: 5DD1F2B3F142244BF3144D29DD583667697DBE4320F2F823D9A889B7C8E93E9D068385

Function 00852267 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99beec2b599a92dd06f865535c77c30b8e0a35c269cd246aa1e9d0ad7c70e85f
Instruction ID: c2ba3cac9f5daef3f6a2b71af4020b7fdf8076b6d2575db732e5d96fa2fbc573
Opcode Fuzzy Hash: 99beec2b599a92dd06f865535c77c30b8e0a35c269cd246aa1e9d0ad7c70e85f
Instruction Fuzzy Hash: E3D16DF7FA0B550BF7640878DDC83A15983D3A5325E2F42788F989B3C2E8BE5C494258

Function 0083C0A3 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 619bc1bd85508bf6846ba982bda767cbd3d85514f0ca0e53bff989d03e5e9db2
Instruction ID: f62cc7e91c7b6d7e6d4bb0fc6d3b0ee611726497425eea8ba8a87401594cf1a3
Opcode Fuzzy Hash: 619bc1bd85508bf6846ba982bda767cbd3d85514f0ca0e53bff989d03e5e9db2
Instruction Fuzzy Hash: 18D18BB3F1152547F3544929CD583A26683DBD4324F2F82788E8DABBC5E87F9D0A9384

Function 008BC398 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9910d03b6fe0afb0951e4bd99e1c9bf303c8f279a3c445bd4273021698c1d27
Instruction ID: 8a83597927839a8f7a92f78e5a1f48ee2e7c23ea26085ccc00e585080c88793d
Opcode Fuzzy Hash: a9910d03b6fe0afb0951e4bd99e1c9bf303c8f279a3c445bd4273021698c1d27
Instruction Fuzzy Hash: FDD16AF7F5022547F3540928DD983A26683EBA4324F2F82398F9DAB7C5E97E5D064384

Function 007F803D Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b69dbf9273cea6436967641180d3c43647c6b20f1bd000c9671df249231295
Instruction ID: 1d934248b235fabca10e64b5e529a3b5eebca6b6348637ac6292df3eeb34e425
Opcode Fuzzy Hash: 84b69dbf9273cea6436967641180d3c43647c6b20f1bd000c9671df249231295
Instruction Fuzzy Hash: 9EC19BF3F112254BF3544929CD983626683DBD5324F2F82388E9CAB7C5E97E9D0A5384

Function 0085445D Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08fdd0036e3b6039055482875366077a95198a853fc454792b850c173ee3ad5c
Instruction ID: a8748a3ddb1fb05a9e17321ec215c871e6b060e8d3d4e92b3e84e01b65c1f5ac
Opcode Fuzzy Hash: 08fdd0036e3b6039055482875366077a95198a853fc454792b850c173ee3ad5c
Instruction Fuzzy Hash: F2C1E1B3F1122547F3544978CC983626683DBD5325F2F82788E58ABBC9DCBE9D0A5384

Function 008A3194 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 876c26758a2784b104c5cbf8850063c9e94f154fe1fbc738ecd51637baf1ddef
Instruction ID: 91e15acbbf2f67140fb3bc7abed06da42c2b1005fcfe18b5c8332f6614545a38
Opcode Fuzzy Hash: 876c26758a2784b104c5cbf8850063c9e94f154fe1fbc738ecd51637baf1ddef
Instruction Fuzzy Hash: 98C1ADB3F111244BF3544D78CD983626683DB95310F2F82798E8DABBC9D87E5E0A9784

Function 0090251B Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6578bccdcadd00eb050c6c8b65573748dceb6b449e3010986bfd2db83e4403ba
Instruction ID: 5b5963087b02710c2314530b5f6b666c5f04396c29cb48a45a74b34e3382be7c
Opcode Fuzzy Hash: 6578bccdcadd00eb050c6c8b65573748dceb6b449e3010986bfd2db83e4403ba
Instruction Fuzzy Hash: 3BC16DB3F125254BF3944929CD583A266839BD4325F3F81788A4C9BBC9DC7E9D0A5384

Function 007D2158 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71db14f200333da93e19e19438771a096c84899cd221cff818b0aa8421dc544d
Instruction ID: aad8dbf7116ac0decc4a483c81e3b4e9739a5c0d03a7adb762a199f79e58cbdb
Opcode Fuzzy Hash: 71db14f200333da93e19e19438771a096c84899cd221cff818b0aa8421dc544d
Instruction Fuzzy Hash: F6C16CF3F1152547F3544928CC983626243EBD5325F2F82788B58AB7C5E93FAD0A9384

Function 007F861D Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f16b61c2691491d5d593101db541be1d75f18e2ddea2e1758d780e109dc9105e
Instruction ID: 8fb4478ee344a66984e2955795ee39a9db040b56ec6506843150a2ccfb457447
Opcode Fuzzy Hash: f16b61c2691491d5d593101db541be1d75f18e2ddea2e1758d780e109dc9105e
Instruction Fuzzy Hash: 13C167F3F115244BF3584928CC683A266839BD5325F2F82788F5D6BBC5E87E5D0A5284

Function 0081C1CF Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53dbaa2f45e90f253b27c9deaf0308404efd9773aa7be5833c66bb371a3bc156
Instruction ID: 04fa9ddecd6ff8606766dd52c441d045360f27f5befc3c2e5d66de8d865f61c4
Opcode Fuzzy Hash: 53dbaa2f45e90f253b27c9deaf0308404efd9773aa7be5833c66bb371a3bc156
Instruction Fuzzy Hash: 9BB1F3F3E141208BF3580D28DC99376B696DB94320F2F423DDE99A77C4E97E9E058285

Function 007E22C7 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 776f804a71fbc4a427c5cc130d1933610512a4eff52186dcfcf6cb2f9b809778
Instruction ID: 9c53bf571b97ca4d8863e5e71cd3f046259587259a17b7465854d8ac65b44258
Opcode Fuzzy Hash: 776f804a71fbc4a427c5cc130d1933610512a4eff52186dcfcf6cb2f9b809778
Instruction Fuzzy Hash: 46C13CF3F1112547F3544839CD983A265839BD4324F2F82788E9CABBC9EC7E9D0A5284

Function 00838319 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0111acd2579d9f1321470a84002c0def8188e0f87411d8f8bcc742aa1c919a
Instruction ID: 635781814090ca9c8e94c4fedcb34c1c974fcbc28909a38c3542b20be5f67281
Opcode Fuzzy Hash: ed0111acd2579d9f1321470a84002c0def8188e0f87411d8f8bcc742aa1c919a
Instruction Fuzzy Hash: A4C19CF3F1122547F3544968CD983A2A683DBA5720F2F82388E5D6B7C5DCBE5D0A5384

Function 007F0326 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7db757bb8023026cb9d8059db0e62d764b0399c511196a55bf456911c939d0ed
Instruction ID: 5d785ee0b4767687259768f7ad3f95f49e2459e873bef4ab9e2e9f3fc0374184
Opcode Fuzzy Hash: 7db757bb8023026cb9d8059db0e62d764b0399c511196a55bf456911c939d0ed
Instruction Fuzzy Hash: EDC169B3F112254BF3544939DC983627683DBD5325F2F82788B586B7C9D8BE5E0A8384

Function 008506EC Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd33025b6fc5b9dcf68ceff5f789a3c2754f7f07d0369a649b2e6e0a2848dbcf
Instruction ID: 30dbca1462aee27275221ea1ca96a50607bd594a653c92784ac440d25b4b3055
Opcode Fuzzy Hash: bd33025b6fc5b9dcf68ceff5f789a3c2754f7f07d0369a649b2e6e0a2848dbcf
Instruction Fuzzy Hash: F6C18AF3F5062547F3544978CD983626683DBA5324F2F82788F4D6BBC9D87E4D0A5284

Function 00822685 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d227ccc842684591dc1e28de65d13e44145510f56dceebfe55e55783905b4be
Instruction ID: 3008560f1575a33c24ac8f2352f73dae171e872a39960729a87ce879d315b268
Opcode Fuzzy Hash: 8d227ccc842684591dc1e28de65d13e44145510f56dceebfe55e55783905b4be
Instruction Fuzzy Hash: 86B19AB3F1022547F3984979CDA83626283DBD4314F2F82788F5DAB7C5D87E5D0A9284

Function 0081E463 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd16a628933387f7bd171b2b842901822d1b886e7d34527f59cae0fe2010614
Instruction ID: 1811e2d2490704d3e8bb64ec1ced0a2d06c0b2f797a4deb372f4a6d53259008f
Opcode Fuzzy Hash: ffd16a628933387f7bd171b2b842901822d1b886e7d34527f59cae0fe2010614
Instruction Fuzzy Hash: D9B1A8F3F1122547F3544929CC683626283DBD5325F2F82788F49AB7C9E87E9D0A9384

Function 008846B7 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 422a4f54186e5612f2b7b3e0cf8c254e18b0d32e1210126b571a29ac2e1e43b2
Instruction ID: ac57fbd0d8a8fc6acd13ef59e67560466578393c41c60437d1445c895180dd35
Opcode Fuzzy Hash: 422a4f54186e5612f2b7b3e0cf8c254e18b0d32e1210126b571a29ac2e1e43b2
Instruction Fuzzy Hash: 7EB1DCB3E106354BF3544978CC983A26682DB94320F2F42788F4CABBC5D97F5E0992C4

Function 0082615C Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743f1c852787f4257c18a463c4308011ed89ef4d4e6cb113db5bdb7bf8db1a49
Instruction ID: 033a4e04acbf1ac00370d0838ba5e9c6c513902679eabe282c7a71152c5a78c6
Opcode Fuzzy Hash: 743f1c852787f4257c18a463c4308011ed89ef4d4e6cb113db5bdb7bf8db1a49
Instruction Fuzzy Hash: 77B199F3F116254BF3544978DCA83A22683DB94324F2F82788F5CAB7C5E87E5D0A5284

Function 008501B4 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eaf12122eab3ebc17c1ef9808b146c1989d5894c5cf1a17196cb19a50da8402
Instruction ID: 446e81014d702ffc6fdedf70812a546bafbd3a389d647142d8d0b8e826b77c7a
Opcode Fuzzy Hash: 9eaf12122eab3ebc17c1ef9808b146c1989d5894c5cf1a17196cb19a50da8402
Instruction Fuzzy Hash: 00B169B3F5112447F7544968CC983A26583EBD5321F2F82788E58AB7C9DC7F5D0A5384

Function 0081227C Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 480aaeb53e33df2bf40148534c80e7e62de3b3e2d9ca314b01a9f884257320b8
Instruction ID: b1d9ded97548697726d8edb0d25e0f48a226f96d69a9c63640abf94cc39651a3
Opcode Fuzzy Hash: 480aaeb53e33df2bf40148534c80e7e62de3b3e2d9ca314b01a9f884257320b8
Instruction Fuzzy Hash: 06B1BDB3F5062547F3540978DD883A27683E795324F2F82788E5CAB7C6E8BE9D464384

Function 0080A3FE Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a28e69d5bb25e27e72d84eea40781d1c73dade2facfdd8f28a804f8d1ec20284
Instruction ID: 2603124f259de3f9ec773efe5e7d17b8ec1e7e561b11c79992f2cc0a0187a321
Opcode Fuzzy Hash: a28e69d5bb25e27e72d84eea40781d1c73dade2facfdd8f28a804f8d1ec20284
Instruction Fuzzy Hash: 6AB16DF3F1062447F3544969DC98362A683DB94324F2F82798F5CAB7C5E8BF9D069284

Function 007C827A Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c68a1074e558292c8f36d9ef4622983cdb1dffc00db919ff287bfde2e247fbb
Instruction ID: 2205d55ab7bee00df9b4b9d9866648a92cad09fc46e54a804b25fcaa7505c1c7
Opcode Fuzzy Hash: 6c68a1074e558292c8f36d9ef4622983cdb1dffc00db919ff287bfde2e247fbb
Instruction Fuzzy Hash: AFB19CB3F2152647F3544929CD58362A683DBD0324F2F82388E5DABBC6DD7E9D0A5384

Function 0084C38B Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10638794a309db78241168b6bb233eb6c049451da9755e8c15df44d1d0f8717f
Instruction ID: 45c93ca9b7e2871973f9c0af49c94e920bb81920afd770f399b1d497246f3f2c
Opcode Fuzzy Hash: 10638794a309db78241168b6bb233eb6c049451da9755e8c15df44d1d0f8717f
Instruction Fuzzy Hash: 39B1ABF3E5162547F3584878CCA83A26683DBE4325F2F82388E5D6B7C9EC7E4D065284

Function 008CC4B1 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba3e0916d2cf7e856737dd2dbe04edbb402bffa602181f7f272924dd77edce5d
Instruction ID: 6a286d8854168af7f360020722ef3bb17d2ad611249db167daadbd44c28aa1a3
Opcode Fuzzy Hash: ba3e0916d2cf7e856737dd2dbe04edbb402bffa602181f7f272924dd77edce5d
Instruction Fuzzy Hash: E6B169F3F116254BF3544838CD983A26583DBD5324F2F82398E59ABBC9DC7E9D0A5284

Function 0082216E Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f1aa671994913f28beb91bbfa91f2c912aec34e25840719a1cecdcad500ce00
Instruction ID: 431183f49620f5b75052e63dbb15f4750a0d6f0cd46db6f553d22a27862b4b7c
Opcode Fuzzy Hash: 6f1aa671994913f28beb91bbfa91f2c912aec34e25840719a1cecdcad500ce00
Instruction Fuzzy Hash: 87B16AF7F116204BF3584828DDA93A62583D794324F2F42798F5EAB7C2DC7E5D064284

Function 007D0472 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fa807574de964e3be50bf3e773b838e022107e1306244e6184dd14e79298e3d
Instruction ID: 0d3d7dff6125a15d4095926d846018fe2654063ec2536eff47efc4e3619dfdaa
Opcode Fuzzy Hash: 9fa807574de964e3be50bf3e773b838e022107e1306244e6184dd14e79298e3d
Instruction Fuzzy Hash: 1DB18EF3F1062547F3544979DC983A26583DBD4314F2F82788E486BBCAE87E5D4A9380

Function 008AE260 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96fd69ad2498edfe0b25779813d8e4802e5d8030b7b8509d2bb8bb8e4c9055fd
Instruction ID: 1c94f8c6f52f402d246294cf98893ee40edefeee9bf25be128bc57b7ec24482c
Opcode Fuzzy Hash: 96fd69ad2498edfe0b25779813d8e4802e5d8030b7b8509d2bb8bb8e4c9055fd
Instruction Fuzzy Hash: 73B17BB3F112254BF3584939CCA83627683EBD5314F2F82788B596BBC9DC7E5D0A5284

Function 008AC272 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37aeef3e70b13e35502ea801b7879a8818e5de61dc67edfdf301f1f8d86e9bd3
Instruction ID: 1c31088e6876a741238dd41311fb8dd403bcfd396e9b11be0b25e5ee9f4b7693
Opcode Fuzzy Hash: 37aeef3e70b13e35502ea801b7879a8818e5de61dc67edfdf301f1f8d86e9bd3
Instruction Fuzzy Hash: 77B156F3F112244BF3544929CC583A266839B95324F2F82788F9DAB7C5D83E9E0A5384

Function 008711B7 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc52d4b744fc7b54b2a1110dbbdc661abebb93c1b9d9b25f222f32b9d46251e1
Instruction ID: 4e72dce581bfab852da21bad4f73c625d4c35f4359068e3cef8c3094328c7d9c
Opcode Fuzzy Hash: cc52d4b744fc7b54b2a1110dbbdc661abebb93c1b9d9b25f222f32b9d46251e1
Instruction Fuzzy Hash: D7A1A3B3F1052147F7544979CD583A26683EBD5320F2F82788E48ABBC9DD7E9D0A9384

Function 008B01C1 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd01791cfdb1febfc77409b1f56f0959ed4bd5f442432f31897f748c996674e
Instruction ID: 2b44dc4394e428e4ef6e81ec8ba6092f844daa822c53e52bd79aa76f6682d42a
Opcode Fuzzy Hash: 1fd01791cfdb1febfc77409b1f56f0959ed4bd5f442432f31897f748c996674e
Instruction Fuzzy Hash: 81B169F3F1152547F3584929CC683A26683EBD4314F2F817D8E4DABBC9D87E5E0A9284

Function 0082C1E2 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b3d3dc76c1b79c28d266d04b3eb001c6906c0fe277eed08a92855b3b72dcc14
Instruction ID: 496314b797f6c550eddd1fd51fd40cb24c0c3158fa571a32eb3de6fd1915c52c
Opcode Fuzzy Hash: 3b3d3dc76c1b79c28d266d04b3eb001c6906c0fe277eed08a92855b3b72dcc14
Instruction Fuzzy Hash: 2CB18BB3F1122547F3584978CD683A66683DBD4324F2F823D8A59AB7C9DC7E9D0A5280

Function 00836048 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479929afea5ff890bdf60456c2f7ac3dfd8dfe3567dfe6abecc22d7353afc31a
Instruction ID: 44dfa88976f9b584dd693e0c9d86d4f735d50da6315bea401c9e007213885bf3
Opcode Fuzzy Hash: 479929afea5ff890bdf60456c2f7ac3dfd8dfe3567dfe6abecc22d7353afc31a
Instruction Fuzzy Hash: ACB17AB3F1062587F3544968CD98392A293DB94324F2F82388E5C6B7C9E97E9D1A53C4

Function 0089E4F8 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f737b375151bd91ba24c052633efd6b5cdaf56b2ec273d7ee5a6d4f927913731
Instruction ID: aff79517fd2370715506f8bb457093b243938303065d10b9a51495a570aa716b
Opcode Fuzzy Hash: f737b375151bd91ba24c052633efd6b5cdaf56b2ec273d7ee5a6d4f927913731
Instruction Fuzzy Hash: DDB1BEB3F516254BF3844978CC983A27643EB95324F2F82788E5C6B7C5C97E5E0A9384

Function 008E46F6 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dead2c9794aa28c68a9d1196e7aaa866f42caff88b5aa5e887c706c6dddabe40
Instruction ID: 455de70356a0f4402d4e637b79c0f4b1570decca84faf06e275fa4a80f0972fc
Opcode Fuzzy Hash: dead2c9794aa28c68a9d1196e7aaa866f42caff88b5aa5e887c706c6dddabe40
Instruction Fuzzy Hash: A2B19AB7F116214BF3540939CD983626683EBD1325F3F82788A585BBC6ED3E9D0A5384

Function 007F916D Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220525a0aaf6b8562a915e32b92128a3c10f6c5cfa5c021a51fc44f6efefab64
Instruction ID: 69faa30ab5a11be3265e308b082aad164cf848d14e4cf259cb0c296c1c675bfb
Opcode Fuzzy Hash: 220525a0aaf6b8562a915e32b92128a3c10f6c5cfa5c021a51fc44f6efefab64
Instruction Fuzzy Hash: 76A1BEB3F102254BF3584969DC983A27683EBD5314F2F81788F48AB7C5E97E5D0A5384

Function 009065AF Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e3e601b3f6b71ef22ed2d03dfd5186d519fa04b21b256ad3e30a33042aa5d5c
Instruction ID: d53d49a7356c5163c214db1c6fd9740dba86d41e3c471ab3908f4b719e1d8962
Opcode Fuzzy Hash: 2e3e601b3f6b71ef22ed2d03dfd5186d519fa04b21b256ad3e30a33042aa5d5c
Instruction Fuzzy Hash: 85B1E0B3F1022587F3540E64CCA43627682EB95724F2F42788F58AB7C1E97F6D1A9384

Function 0086A2C4 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5523c317825683889e79227fa3a1ca60c23aec2414d87ed138361766bed42a9
Instruction ID: 39dbba64bdf9ebe257fbc4c60fc216b6ad70ac2f60de9c4e2489b9594368819b
Opcode Fuzzy Hash: f5523c317825683889e79227fa3a1ca60c23aec2414d87ed138361766bed42a9
Instruction Fuzzy Hash: 4DA158B3F506258BF3544928DC983A27293DBD5324F2F827C8E496B7C4D93E9D4A9384

Function 007B64E8 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3f7e151a0f6e991b8eba38796a211fcd9ae749c0a0ed3dfaa95c122834d89aa
Instruction ID: b92125ee69b5cc212a6f5d9220488f93f0186711274e7b8c06d3bb8c3c0900ca
Opcode Fuzzy Hash: f3f7e151a0f6e991b8eba38796a211fcd9ae749c0a0ed3dfaa95c122834d89aa
Instruction Fuzzy Hash: E7A168F3F1162647F3544869DD983626683DBD4324F2F82388F5C6BBC6D9BE9D064284

Function 0086450C Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01dbee21f5b4451a947cc2520dbb0f8b26ef51bacf07e630e004f268350c1439
Instruction ID: 28a78cf6629040b3a6fa4b003336d0fc6bce34d8db6b8053b68250eb7e411ba0
Opcode Fuzzy Hash: 01dbee21f5b4451a947cc2520dbb0f8b26ef51bacf07e630e004f268350c1439
Instruction Fuzzy Hash: 69A1ADB3F015254BF3584D38CD983626683ABD5324F2F82788A5D6B7C5ED3E5E0A9384

Function 008DA6A1 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f3c6a2dac7de90e14f6c5470c8105519155e6732375e4efdbdd4b7128fcf09a
Instruction ID: b61388d1ad5c2c4839fc10a7ed000688661300350529430e20eb637528bbfa83
Opcode Fuzzy Hash: 8f3c6a2dac7de90e14f6c5470c8105519155e6732375e4efdbdd4b7128fcf09a
Instruction Fuzzy Hash: AEA19BB3F1062547F3584939CC983A26683DBA4310F2F82788F9DAB7C6E87F5D495284

Function 0087A35C Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75490f2cd88b7b141b8858ccd6b3c9e99a670259f021bcddbc98d5b8d801532f
Instruction ID: c10f9dfe84791bcf6965283c9ff5010b53c853af57a200850d51045013049735
Opcode Fuzzy Hash: 75490f2cd88b7b141b8858ccd6b3c9e99a670259f021bcddbc98d5b8d801532f
Instruction Fuzzy Hash: 2BA16CF3E1162547F3584878CC983626183D7E5361F2F82388F1CABBC9E97E5E0A5284

Function 007DF172 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb81b1bd366ae6b5b96a9340e331bb56b26bf97eaec7b7181cd9055dc8c64bd2
Instruction ID: 59f62efef3aba2afb43805e20c61f1ba34bdcc11acb798b3022be806d39c5689
Opcode Fuzzy Hash: bb81b1bd366ae6b5b96a9340e331bb56b26bf97eaec7b7181cd9055dc8c64bd2
Instruction Fuzzy Hash: E1A1ACF3F116244BF3944924DC983626283EBA5324F2F82798F5C6B3C5D83E5D0A9384

Function 008E613E Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4f345d77087c7a39b5f1e614e9315f5a547ce55d35df39a2f1c7908a29188fc
Instruction ID: ea01836ac724ca027d4fdfaa85c7baeac68445fea103c8104a42d367110a91f2
Opcode Fuzzy Hash: c4f345d77087c7a39b5f1e614e9315f5a547ce55d35df39a2f1c7908a29188fc
Instruction Fuzzy Hash: 3BA18DB3F112268BF3544D35CD583626683EBD4314F2F82788E4CABBC5D97E5D1A9284

Function 007E50BB Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 602f9b43f488e76c96b4721a45c97ce76736419d6c2bdcacab5c6f5e5c04972f
Instruction ID: 12d6ce52cfb9bdfae63f6509e94dc4d6f1ff86d2f7872b85e8f0c0454ca7186e
Opcode Fuzzy Hash: 602f9b43f488e76c96b4721a45c97ce76736419d6c2bdcacab5c6f5e5c04972f
Instruction Fuzzy Hash: A0A1A9F3F1162547F3980839DCA83A266839BE5325F2F82788E4C6B7C5E87E5D0652C4

Function 00892489 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b99297227b0b4641297ff82ad3db02897534de128b435e0b8b079423848b930
Instruction ID: c9208f1ce283ef0a6d874dab929091bcf030ce36026600c37f4b7b3d96580466
Opcode Fuzzy Hash: 7b99297227b0b4641297ff82ad3db02897534de128b435e0b8b079423848b930
Instruction Fuzzy Hash: 5EA18AF3F1162547F3544928CC983626683EBE4324F3F42388E5D6BBC5E97E9E0A5284

Function 0085A2CD Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0310b6571beee085b35c20831dba43de112ce8a57959e6806f1570acd35f5522
Instruction ID: 1aeac9d494b7085a552476fc09cf2d57d5ceea603c1c1f2a321f1b60acb240e3
Opcode Fuzzy Hash: 0310b6571beee085b35c20831dba43de112ce8a57959e6806f1570acd35f5522
Instruction Fuzzy Hash: 45A16DB3F112254BF3540968CC583627683DB95325F2F42788F5CAB7C6E97E9D0A9388

Function 008E0399 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87753248e74a27052b37bb9b1012c83ae4dd12f5b4b827a61e86e6ac12950f4e
Instruction ID: 2b87df44d1dd246f20a82de1d27f860f9e666bd7078a4f7183b07ecfb022de7f
Opcode Fuzzy Hash: 87753248e74a27052b37bb9b1012c83ae4dd12f5b4b827a61e86e6ac12950f4e
Instruction Fuzzy Hash: B9A17EB3F6162547F3544D69CC983A26283DBD4315F2F827C8E48AB7C5D87EAD0A9384

Function 008205C8 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bff758a2ec6fdedec2a0eb47775a7d0b997cd3a7daaf7576291b59eb33a9cc0
Instruction ID: bacd2cff9e1f7d444f2c0b9c01b1dafadee07a1cf5009851d99b7be25fa426a9
Opcode Fuzzy Hash: 4bff758a2ec6fdedec2a0eb47775a7d0b997cd3a7daaf7576291b59eb33a9cc0
Instruction Fuzzy Hash: 50A1ACF3F1022147F3544929DCA83626683EB95314F2F82788E5D6BBC6D87E5E0A9384

Function 008A2326 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db81dd158030926f1f464823b7f8c142bdf7e6f96527919eb40c36ba68e13358
Instruction ID: 3dd138206fe7b06fcdd65d35c61cfa1459417caf8f7df6c422f6732d07ebfbbd
Opcode Fuzzy Hash: db81dd158030926f1f464823b7f8c142bdf7e6f96527919eb40c36ba68e13358
Instruction Fuzzy Hash: DFA18DB3E216254BF3584938CDA83617683DBE4320F2F827C8F99AB7C5D97E5D095284

Function 00908533 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd226109833ecccf9eace967175fd43844df26f2ba1c0d91555d991b4a0151f
Instruction ID: 611f7c457653df372d92b62027be0b5974062c894c4dcd8c77824e554bbf56b2
Opcode Fuzzy Hash: 8dd226109833ecccf9eace967175fd43844df26f2ba1c0d91555d991b4a0151f
Instruction Fuzzy Hash: 52A18DB3F5162547F3944839DD993526583DBD4324F2F82788B58ABBCADC7E8D0A4384

Function 00888196 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e41938fa98467c217202d27d89ebb5fb49f236179867317944fce5dc03fc80ef
Instruction ID: 9c2f0db3cb6e69f4d70d3898d201fb9a3cc68ae5ec1de2e014a30354208e706d
Opcode Fuzzy Hash: e41938fa98467c217202d27d89ebb5fb49f236179867317944fce5dc03fc80ef
Instruction Fuzzy Hash: B6A19BF3F1023587F3544969CD58362A6839BE1324F2F82788E9C6B7C6E87E5D0A52C4

Function 008F90B1 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f22403a1fed0ee849612ccab56e570810966dc74d414f89899e4d832579439
Instruction ID: d536649bea284911f1fcfa97fd64f6008eaf2fcca72044e083a0428888c6ea95
Opcode Fuzzy Hash: 16f22403a1fed0ee849612ccab56e570810966dc74d414f89899e4d832579439
Instruction Fuzzy Hash: E9A18BB3F6162547F3984838CC983A26583D7A5315F2F827C8E4CAB7C5D97E9D0A9384

Function 008D904D Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c41c69afb518e158d89623f75b37ac75624beaa11ee63315594c80c7b028ed
Instruction ID: 56ffd844878e9bfd6f9d001f04382ec4fc80b8ad71fbd4b3f8ec1ac7185ad43a
Opcode Fuzzy Hash: 37c41c69afb518e158d89623f75b37ac75624beaa11ee63315594c80c7b028ed
Instruction Fuzzy Hash: 91A18BF7F5152647F3544838CD98362A6839BD0324F2F82788E5C6BBC9D87E5D4A5384

Function 008E42AD Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abff14a878e19c114c19d2ee89f72e230aecd07e2576877d3eecb14aec4b17a
Instruction ID: fe38e62c979f6b9e18f462edbb9d7b80ca7be3cecca0c3cd9d85152e110d3632
Opcode Fuzzy Hash: 6abff14a878e19c114c19d2ee89f72e230aecd07e2576877d3eecb14aec4b17a
Instruction Fuzzy Hash: 47A1A1B3F111254BF3544D79CC883A2B693DB95320F2F42788E58AB7C5D97EAE099384

Function 008E500D Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ee0bbab23f79f6e81ee878d69dba8c1448077e06a50d956c8f449431741e506
Instruction ID: 769026e67c8ee48c6cd8965df3af88b3ba3517a4ff5b70a1241ffd6a2b0d4c31
Opcode Fuzzy Hash: 9ee0bbab23f79f6e81ee878d69dba8c1448077e06a50d956c8f449431741e506
Instruction Fuzzy Hash: 7AA1D1F3F516254BF3504929DC883A23693EBE5314F2F81788B48AB7C9D97E9D0A5384

Function 008D23DC Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b6b3bdb587a622a8919ee32d61b02315c4165026b41d89ad8068c2ec901ab07
Instruction ID: 64dc6a9f19bb563b90bcf72723c61b642f3b6997a8812aa39705f5fcaaad9214
Opcode Fuzzy Hash: 9b6b3bdb587a622a8919ee32d61b02315c4165026b41d89ad8068c2ec901ab07
Instruction Fuzzy Hash: 73A1ABB3F5022587F3500E68DC843A27293EBA5314F2F41788E4C6B7C5E97E5E0AA784

Function 007D26EE Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e77b898dc4ada85ead71252989f179846d9c034bfe0bb75d2b0ceb8b4f2fd118
Instruction ID: 497d1339672e9cae7ed23cdd25cf9743be83f5376586be36df16c07fed3cdf09
Opcode Fuzzy Hash: e77b898dc4ada85ead71252989f179846d9c034bfe0bb75d2b0ceb8b4f2fd118
Instruction Fuzzy Hash: 56A178F3F116254BF3544968DD98362A683DBD4324F2F82388F4CAB7C6E97E5D0A5284

Function 00818595 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a785b58a4e7371a6a2f2f1ab16725e16a28273f2f1fd7f184f57b059f2252662
Instruction ID: c6f40007b2c213a5c2929da9691d0987ebd3fb9d201c18092a2b08f08385ec25
Opcode Fuzzy Hash: a785b58a4e7371a6a2f2f1ab16725e16a28273f2f1fd7f184f57b059f2252662
Instruction Fuzzy Hash: 8BA1ACB7F102254BF3584D78DC983626682DB95314F2F427C8F89AB7C5D87E5E099384

Function 0085C20F Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c888953c26b6d232659570917e3bdabe8e989d63260f700537adee5f0e7fa6
Instruction ID: cbc658eca5e840865e5efa67bbbb0095bdc0bd0511a3e7e4ede27ff596eb2553
Opcode Fuzzy Hash: 43c888953c26b6d232659570917e3bdabe8e989d63260f700537adee5f0e7fa6
Instruction Fuzzy Hash: 96A159B3F116258BF3544D39CC983622643DBD5715F2F82788A48AB7C9ED3E9D0A9384

Function 0086C52F Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c577d7567981d2ca180f4b9ba4ec1708b8b1d2746b2080695627cbe523f52477
Instruction ID: 2bed5effa5f764b51f90c26ff2d598b03b0272d9ff36f0b24211c7502430ecc8
Opcode Fuzzy Hash: c577d7567981d2ca180f4b9ba4ec1708b8b1d2746b2080695627cbe523f52477
Instruction Fuzzy Hash: 5BA179B3F1162547F3944878CC5836265839BE4324F2F82798F9DABBC6D87E5D0A52C4

Function 008706AC Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f38570e4242e734c2622167c48e7e48061b67b5b33ee559c06e8a9ad65eca0
Instruction ID: 7327521e61cc4a34678b38fb21009776a5eba28f2c422966703a9063c7c3e182
Opcode Fuzzy Hash: 77f38570e4242e734c2622167c48e7e48061b67b5b33ee559c06e8a9ad65eca0
Instruction Fuzzy Hash: D9A179F3F5162547F3944925CC993A26683DB90324F2F82798F4CAB7C5D87E9E0A9384

Function 008EA2E4 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e426742d4f02c2e4b5695b86e1af050130fc68c3ed68341575e31c4ee9516ea
Instruction ID: ca600e1d0c38b2c2db946e36883204ed306ebeb438141c7a206cd1e5f767301f
Opcode Fuzzy Hash: 3e426742d4f02c2e4b5695b86e1af050130fc68c3ed68341575e31c4ee9516ea
Instruction Fuzzy Hash: 3CA17CB3F112144BF3884928CDA83A67653EBD5310F2F81788B596B7C5DD7EAE099384

Function 008D4486 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 107098f04bca8310ff5f14c1e8d5c2909cf7cb7508e121e19931f190ec05c693
Instruction ID: 77dba3979dbfb0acc3ca9ffec65e3061157ed6990a984afea81488d5310c796a
Opcode Fuzzy Hash: 107098f04bca8310ff5f14c1e8d5c2909cf7cb7508e121e19931f190ec05c693
Instruction Fuzzy Hash: BFA1A1F3F1062547F3580928CCA43A26683DBE5315F2F427C8B49AB7C5E97E9D4A9384

Function 008B655D Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3591df025f040d79a1f033d1e662ea29eed5ed5e238915a03b577776d8060edf
Instruction ID: 172f9dc81f41f4a92eb1baaaa8337d06817a983f5076444d95901ad9bad1fe39
Opcode Fuzzy Hash: 3591df025f040d79a1f033d1e662ea29eed5ed5e238915a03b577776d8060edf
Instruction Fuzzy Hash: A491BBF7F516244BF3444968DDD83A22683DBA8315F1F81788F486B7CAD8BE5D0A9384

Function 008D6092 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25af9af89938bf9c908b5fb65d963c12f7a6f50c678803b89fa5c122ed120d5f
Instruction ID: 30294f45488ce29e2717a1fd77daff34c1940c65301342e61e006f3aa8a31874
Opcode Fuzzy Hash: 25af9af89938bf9c908b5fb65d963c12f7a6f50c678803b89fa5c122ed120d5f
Instruction Fuzzy Hash: 319198F3F1162547F3580928DCA43626683EBA5324F2F42398E896B7C6E97F5D0A53C4

Function 0086E475 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e12914ee0ec8c8f87986dcbfe51bbc225459873c0b1a99b5df0327835cf9207
Instruction ID: dd2709ce03bae5228fe9e8957a71e6a73a20531415ad1959ebdeb4478243ddf3
Opcode Fuzzy Hash: 9e12914ee0ec8c8f87986dcbfe51bbc225459873c0b1a99b5df0327835cf9207
Instruction Fuzzy Hash: 3A91ACB7F1112587F3544D28DC983627683DBD5324F2F82788A58AB7C9E93F9D0A8384

Function 008B442B Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b09b5c12f312e266feddb238d94de08e90e3f9cc7402f9554c4570eeaf636c4
Instruction ID: 82ae81578e8dae8b2a6948fe62b2b73e892028912785703c32c7d9495c315812
Opcode Fuzzy Hash: 3b09b5c12f312e266feddb238d94de08e90e3f9cc7402f9554c4570eeaf636c4
Instruction Fuzzy Hash: 8C916AF3F1112547F3584939CC583A26583EBE5324F2F82788E5D6B7C9D8BE5D0A5284

Function 0090A6EA Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32aa48c85cf1f4a387cc370531f7386f5f99a70ba45a49b1001d36956ad21832
Instruction ID: 2fa372e0bc9a9326694448575527c13e08381fc63c010672f59b22e749cf1615
Opcode Fuzzy Hash: 32aa48c85cf1f4a387cc370531f7386f5f99a70ba45a49b1001d36956ad21832
Instruction Fuzzy Hash: 49A14CB3E102258BF3644D78CD983627692DB95320F2F82788E5C6BBC9D93E5D0993C4

Function 007EA085 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69fb8cd748b36a056ebdf83c94728e6398c64afa6cf8065fb5348113c1e31d59
Instruction ID: 8222f10be2869e1211bb10d24ad95776019a7c709e4126b9f828a89ba5dfead7
Opcode Fuzzy Hash: 69fb8cd748b36a056ebdf83c94728e6398c64afa6cf8065fb5348113c1e31d59
Instruction Fuzzy Hash: 7B91BEF3F116354BF3500968DC98362A6929BA5324F2F42788E1CBB7D1D97E6E0993C4

Function 00836525 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29d938f84e8ffc176fcb2d5ab7f1e97c03735524eaa73d2c569f5d18d5a11da3
Instruction ID: 39293cd96f87839b404c22c0bc884de81708fbb9f16f0a3e8d5a459d7d41b1ed
Opcode Fuzzy Hash: 29d938f84e8ffc176fcb2d5ab7f1e97c03735524eaa73d2c569f5d18d5a11da3
Instruction Fuzzy Hash: 29917BF3F0122547F3540D29CD983A2A683EB95714F2F81788B8DAB7C5E97E5D0A9284

Function 008EB050 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc89ece343354ef07a7b9ab14c07b2a02c5ad561464b23d3da5e7cd60b72e26d
Instruction ID: e8ff0c8a191d5a89b5abd67c20fb3d6d01373c3e2b872a056c1ba0e16efbb8f1
Opcode Fuzzy Hash: fc89ece343354ef07a7b9ab14c07b2a02c5ad561464b23d3da5e7cd60b72e26d
Instruction Fuzzy Hash: B0918CF3F115254BF3548939CC593A26683EBD1305F2F81788E48ABBC9E97E9D0A5384

Function 0089F1AC Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe853ec90bf4266554c1db0ec2bf363870caad08412d06f592a652cb3e4d9d80
Instruction ID: 7a1038e84514512ea90c73df9d2505341dcae453ea20baff764816888a553599
Opcode Fuzzy Hash: fe853ec90bf4266554c1db0ec2bf363870caad08412d06f592a652cb3e4d9d80
Instruction Fuzzy Hash: AD9189B3F1062587F3584968DCA83623283DB99324F2F42788F596B7C5E97F5D0A9384

Function 007BC31B Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3cdffe74fc05eeb381398c7cc7e15a398a4c5263988e9b73d07cffcd31acdfd
Instruction ID: e40420cf44c933d06d4c1ecfb6064cf94a36e8487d6f4129e789f27140693bcd
Opcode Fuzzy Hash: d3cdffe74fc05eeb381398c7cc7e15a398a4c5263988e9b73d07cffcd31acdfd
Instruction Fuzzy Hash: F0919BB3F1022547F3544969CD583A26683DB94314F2F82788E4C6B7C5D9BF5E0A93C4

Function 007D65F7 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a105c0bb9cd303bdff6c317accbc5a6c1eb8f5df99525f5843b15119fef3902
Instruction ID: f38238669332626c087c09a867f559dc1c1333f1175b35be352a9ce33e3b47ce
Opcode Fuzzy Hash: 9a105c0bb9cd303bdff6c317accbc5a6c1eb8f5df99525f5843b15119fef3902
Instruction Fuzzy Hash: FF917BB3F112254BF3444D39CC993A27683DB95320F2F417D8E49AB7C5D97EAE0A9284

Function 008A4456 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d61709de19739dfc65e5e6f69a2265741bb85d2f114b6d9cc32f6bf212b2d6
Instruction ID: 95019a392b4d991c81f065b5898dbb1c8fc92d81f6153e133c5002ad14f0dd43
Opcode Fuzzy Hash: e0d61709de19739dfc65e5e6f69a2265741bb85d2f114b6d9cc32f6bf212b2d6
Instruction Fuzzy Hash: 0B91ADF3F116254BF3540928DC983626683DBD5321F2F82788E5CAB7C5D97E9E0A5384

Function 007C6483 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17f99421b8043f76f81f86dc273bdb0697fe2476c914acdb7c9cb128322c860e
Instruction ID: fd0d1a64c569ac06abd51afe0e0f3e87eb1ad4b08d18ed56bd465158a9ee3fd7
Opcode Fuzzy Hash: 17f99421b8043f76f81f86dc273bdb0697fe2476c914acdb7c9cb128322c860e
Instruction Fuzzy Hash: 94916CB3F1112547F3544928CC983A27293EB95325F2F827C8E586B7C9D93E5E0A9784

Function 008BA603 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72870f06338c1858d86b7a9e5d99af97bc0a4a4f65e7fd3ef5b886e70e60840
Instruction ID: d3f9a1c58631690b0038aa2962e1836f98ae3f1c294d526a92a449bdefebd1cd
Opcode Fuzzy Hash: a72870f06338c1858d86b7a9e5d99af97bc0a4a4f65e7fd3ef5b886e70e60840
Instruction Fuzzy Hash: B9917AB7F5112547F3644928CC683A26683DB95325F2F827C8E9C6B7C4D87F5E0A9384

Function 007EC442 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc8b7fb0c466df2c4b616bf5b5bb7c37de9827424ca0990d1f44645f8b32c35
Instruction ID: 7a2ff6adee54757ece9c542230e8a24f83b9f12f0915d4d0bd5ba37416c50f96
Opcode Fuzzy Hash: 7fc8b7fb0c466df2c4b616bf5b5bb7c37de9827424ca0990d1f44645f8b32c35
Instruction Fuzzy Hash: D591ACF3F216254BF3444938CD983627683DBE5314F2F82788A4C5BBC9D87E5E0A9284

Function 007FA4FE Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ec78ec2bff7504206180f141d4b22fe49abd901383657506b9261219fbe9e77
Instruction ID: b806e49d27ec4e10929a4656fbb89ea16b9cf3c26287e30f3b55b9f6724d53ff
Opcode Fuzzy Hash: 5ec78ec2bff7504206180f141d4b22fe49abd901383657506b9261219fbe9e77
Instruction Fuzzy Hash: D191A9B3E501254BF3644968CC983A276939BD1324F2F42788E8C6BBC5E97F5D0A93C4

Function 008B2433 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84460bb1a1a42bdcc1544aebffba56d255b2ef1e4cb9cef200a992fd483f278b
Instruction ID: 14b518b984cbb8614327bfb61784fb239f389febc494ea26fe4a246ccae9918c
Opcode Fuzzy Hash: 84460bb1a1a42bdcc1544aebffba56d255b2ef1e4cb9cef200a992fd483f278b
Instruction Fuzzy Hash: E39147F3E2152587F3944968CC9836261839BE5321F2F82788F5CAB7C9D97E9D0A53C4

Function 00886172 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0825c37674d1794dbad3373a8fab3a84dd47646135d88111bae25acaae4241f1
Instruction ID: 9eb1950069b1217d993cf9a443af058024438f887916ee5e2baef48ad7c470ea
Opcode Fuzzy Hash: 0825c37674d1794dbad3373a8fab3a84dd47646135d88111bae25acaae4241f1
Instruction Fuzzy Hash: F39190B3F5122547F3540969DC983A67282EB95324F2F42788E4CAB7C5E97F9D0A83C4

Function 008605A0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ea2d29f196fcb1e2f6fd4b35c350f58540c6ef874c088ec97a24bbe9a275cc
Instruction ID: 7f83133252ecce7ee87af87c3ac7ba768245dd55dcf15570c6ee7e92513c9f76
Opcode Fuzzy Hash: 31ea2d29f196fcb1e2f6fd4b35c350f58540c6ef874c088ec97a24bbe9a275cc
Instruction Fuzzy Hash: 49917EF3F5022547F7584978DDA83626683DB94320F2F42388E8D6BBC5D97E5E0A5384

Function 008AA519 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 932ef1bb96364633712ee38cd4f00f640443dc4905f3fae035bc927ebe1eb742
Instruction ID: d5fe18190c3c81ec2ae7a46ecd692c278a50ce6a591c8a2ee507611d31b9d233
Opcode Fuzzy Hash: 932ef1bb96364633712ee38cd4f00f640443dc4905f3fae035bc927ebe1eb742
Instruction Fuzzy Hash: BA9180F3F116258BF3544D69CC883626683DBD5320F3F82388E58AB7C5D97E9E1A5284

Function 0086809C Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 643652611a92648105836da75cb1c2ccd3722680b563a7d59542a035f9408873
Instruction ID: 7ef99dbbe61b8be324344e8206fd8f654b5c6d87c946b257a7d8341568b67f25
Opcode Fuzzy Hash: 643652611a92648105836da75cb1c2ccd3722680b563a7d59542a035f9408873
Instruction Fuzzy Hash: 2991ACF7F216254BF3644829DC993A22183DBE4324F2F827C8E8D6B7C5D87E5D0A5284

Function 007FC513 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb0b8e8b9c6b940fe991bb68945a010d7818af0adc9cb62e5f94a6079f12397f
Instruction ID: b70db1567c9ff6bace840f3454680d32407f4ef24a49e1ba13e5945185f53772
Opcode Fuzzy Hash: fb0b8e8b9c6b940fe991bb68945a010d7818af0adc9cb62e5f94a6079f12397f
Instruction Fuzzy Hash: 279159B3F1122547F3984864CC693A26683EB95320F2F81398F59ABBC9DC7E9D465284

Function 00828189 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff0b794adc7c7b815e1de8d83ccaed38ff494ef7d72b82cce98d7ca882b8e48e
Instruction ID: 68ab6d62288a75fa85f4ed8c507585b618cb9e0a11a4cfd54c1db4beb086b51f
Opcode Fuzzy Hash: ff0b794adc7c7b815e1de8d83ccaed38ff494ef7d72b82cce98d7ca882b8e48e
Instruction Fuzzy Hash: CC9160F3F5162547F3644D29CC993A261839BE5320F2F827C8E5CA77C5D87E5E0A9284

Function 009040BD Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a604e91c5db53a292209b6d1664355a3f0c7c008757adf76ed77dd42526588
Instruction ID: 2a1cbfe20add0448e81d0df877ff46d050cf318b7976873008973a7596174670
Opcode Fuzzy Hash: 81a604e91c5db53a292209b6d1664355a3f0c7c008757adf76ed77dd42526588
Instruction Fuzzy Hash: 89918BF7F5062587F3544929CC983627693EBD4314F2F82388E4C9B7C5E97E9E0A9284

Function 0081E06B Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41938ada0583d2ee9725dae6f90ef175e07f354561cc0bbdfd3b40eab8b4f6a
Instruction ID: fafe953c64cab5b59ad05230c03881901137a2cda073924aef050ee267ce65fe
Opcode Fuzzy Hash: b41938ada0583d2ee9725dae6f90ef175e07f354561cc0bbdfd3b40eab8b4f6a
Instruction Fuzzy Hash: 00917DB3F2122547F3544A29CCA43A27283DB95720F2F417D8E49AB3C5D97FAD0A9384

Function 007E309D Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f422eecb1bdb30ac6fdbaef6c57404ffaa34378ccbd16481f9128db8dbfd157
Instruction ID: e8b3a417addf8aca58cdc1799989cb413dc4eb98e5d374e7535aa5e399f5aff4
Opcode Fuzzy Hash: 0f422eecb1bdb30ac6fdbaef6c57404ffaa34378ccbd16481f9128db8dbfd157
Instruction Fuzzy Hash: 0C919EF3F0062447F3544929DCA83626683DBE5314F2F81788F4DAB7C6D87E9D0A9284

Function 007ED09A Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f65f0f847db6554163a44a1b553da5e335f6dda79ff00f7c6a75a438f66fa38
Instruction ID: f010ce92da97ff8263591515ed592a6e6eb7839069291533adf1b39e126a9fb8
Opcode Fuzzy Hash: 4f65f0f847db6554163a44a1b553da5e335f6dda79ff00f7c6a75a438f66fa38
Instruction Fuzzy Hash: 7C916CF3F112258BF3544928CC983627693EB95310F2F82788E586B7C5D93F9D099384

Function 009080ED Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82fcac1234b4fafaa4bd94a3d739e028617a7de050ceaabf0c82da94c2f721b1
Instruction ID: 7e4159a00dd6d4b2e6c5f3f9ff137b33c66d167e81d66bc70972d257b1c96f43
Opcode Fuzzy Hash: 82fcac1234b4fafaa4bd94a3d739e028617a7de050ceaabf0c82da94c2f721b1
Instruction Fuzzy Hash: B6914BF3E1062547F3644D38CDA83A26582DBA4324F2F827D8EAD6B7C5D87F5E095284

Function 008FA222 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba09c265f44506cfdddad45aa4953a90a6442f37dc99158a19df8c993179f78
Instruction ID: 11ff7971c0e48e5655e105a6d807ab4f6e8510143f5124acb94aff0efdddf7ba
Opcode Fuzzy Hash: 7ba09c265f44506cfdddad45aa4953a90a6442f37dc99158a19df8c993179f78
Instruction Fuzzy Hash: 7D8167F7F1152547F3644D29DD983626683ABE4324F2F82388E9C6B3C5E97F1D0A5284

Function 008F8118 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46a80f49bc5839afa48f3637fcc3291e950f68285052a92d1686618bc2433e7
Instruction ID: c444577b96601b774ac91a9d09512fe64b7fb9ec84699765500c18cbe1ecafd7
Opcode Fuzzy Hash: a46a80f49bc5839afa48f3637fcc3291e950f68285052a92d1686618bc2433e7
Instruction Fuzzy Hash: E7917BB3F111254BF3544939CC883A16683ABD5320F2F42788E9C6B7C5EC7E5E4A9384

Function 0081A0BB Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d84563d3966f98c780df044d6ff5694c082ffcdb9110e071bdd41b8e5950dd9
Instruction ID: 32d234da14a28dabd04988f461d53e14aa1ec6232eaab97f5633f5f2b1e3d1d6
Opcode Fuzzy Hash: 3d84563d3966f98c780df044d6ff5694c082ffcdb9110e071bdd41b8e5950dd9
Instruction Fuzzy Hash: DF819DF3F1122547F358487DCDA83626287DBA4325F2F42398F59A77C5E87E9D0A4284

Function 008E20F5 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2936d34f17fc840729a0ff8417a6032e63fd5d13e6eb4c24faf60a8e494f641
Instruction ID: 7cf0c61a3fe0abacb523885efa0e1c8c51d7718716dea9a5918083c62bf7fd71
Opcode Fuzzy Hash: b2936d34f17fc840729a0ff8417a6032e63fd5d13e6eb4c24faf60a8e494f641
Instruction Fuzzy Hash: BF91BCF3F506154BF3444928DD983626683D7D4318F2F82388E5C9BBCAD97E9E0A9384

Function 0082020B Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b12909b242411fa85330070b8de8d4879c0268dfdcbeb210b6b8ac7ca431c94
Instruction ID: 2aad7beb8db06ba5be623ce642a4b2122110818e895743753302eaa9887a188f
Opcode Fuzzy Hash: 1b12909b242411fa85330070b8de8d4879c0268dfdcbeb210b6b8ac7ca431c94
Instruction Fuzzy Hash: 5181BFB3E0122547F3504E29DC94362B253EB95724F2F82788E8C6B7C5E97F6D0A9384

Function 008D6502 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 390a90cbe89a5e0b62f8a0c5257ff7676c80869281450516de461067050b53d9
Instruction ID: 1bb368d093379755d9e85d4f9ad54ffa8fc5cf2e35ee60d91da081dc913c2442
Opcode Fuzzy Hash: 390a90cbe89a5e0b62f8a0c5257ff7676c80869281450516de461067050b53d9
Instruction Fuzzy Hash: B9818CF3F1122A47F3544928DCA83A26653DBA5324F2F42388E4C6B7C5E97F9D199384

Function 00876565 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd2117c37b67c06769fcfc6dbdc35d66b514b671c812ae051f81eb2c19240b2
Instruction ID: 95a718ee25f285ddc692ad536bef2b2a6417462c525392bfed525567ad41ed18
Opcode Fuzzy Hash: 8fd2117c37b67c06769fcfc6dbdc35d66b514b671c812ae051f81eb2c19240b2
Instruction Fuzzy Hash: A781AFF3F5062547F3540979CD893A26683DBA4314F2F82788E5CAB7C9D87E9E0A5284

Function 0083025F Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6b48259239d5256cd56f2ca63cb65f6ba6c091a316f433fef4ebfcb3d8690cd
Instruction ID: 52867be37cb17fc6a731032a6a46696390c22d28e8e9175073cbd605d18120a2
Opcode Fuzzy Hash: d6b48259239d5256cd56f2ca63cb65f6ba6c091a316f433fef4ebfcb3d8690cd
Instruction Fuzzy Hash: C08167B3F112248BF3544965CC983A27283EBE5314F2F41788F9D6B7C5E97E5D0A9288

Function 007FE39A Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204064bfd9bc7b9bd660fb6ee2e5a8424ca993b6663dda582154530f7e0eb0f9
Instruction ID: a43134f5d4c9fa32198b8e8dac31fccb52a05d39160f431ba1900fa63132f666
Opcode Fuzzy Hash: 204064bfd9bc7b9bd660fb6ee2e5a8424ca993b6663dda582154530f7e0eb0f9
Instruction Fuzzy Hash: 0D8169B3F001254BF3544D39CD983627693DB95710F2B82788B896B7C9E97E5E0A9284

Function 008830CB Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb564d71eb4a5bb2ee80b36da81a59bca43073deb5bed0068b322e2f13c6d3c4
Instruction ID: c2626704cb3ae978b2f6174e02ce3ce3c1175c12a87e1fae0a09bd35d1592cc4
Opcode Fuzzy Hash: eb564d71eb4a5bb2ee80b36da81a59bca43073deb5bed0068b322e2f13c6d3c4
Instruction Fuzzy Hash: 24819DB3F1122547F3544938CC583627293EBD5714F2F82788A59AB7C5ED3E9E099384

Function 007F42B4 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6308a4e3f55b25a712d3b1495d25619309d4affb4e4e770999e39d6aad2c5016
Instruction ID: 0e7411efa7d6554e49999a9c2eaff7bd1cce1a4f849d2d17f30fb137c9f4e066
Opcode Fuzzy Hash: 6308a4e3f55b25a712d3b1495d25619309d4affb4e4e770999e39d6aad2c5016
Instruction Fuzzy Hash: 828157B7F1122587F3504E14DC983627293EBA9310F2F41788A8C6B7C5E93F6D4AA784

Function 009044D6 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 593daf7012c8628fcee2f4c5e0befe4864af46769c69b735d2320d2a3bc5d297
Instruction ID: 0b76d2586c4d30ad5d56078870324035d07910abf9ac265dda499b778c6769f4
Opcode Fuzzy Hash: 593daf7012c8628fcee2f4c5e0befe4864af46769c69b735d2320d2a3bc5d297
Instruction Fuzzy Hash: F081ACF3F102254BF3584878DD983A26683DB95314F2F42798F4DABBC6E87E5E095284

Function 007F20AE Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32913f22a49b9557abd7aefd074c2c41167ea9960824bd2b397d65ab71e3a627
Instruction ID: 3c1480e2f8c0327aefa237016bb6b89ce2b49db909b4f338ca173191790cfdc8
Opcode Fuzzy Hash: 32913f22a49b9557abd7aefd074c2c41167ea9960824bd2b397d65ab71e3a627
Instruction Fuzzy Hash: 45818CF3E1162547F3544929CCA83626683DBA4720F2F82398F596B7C5ED7E5D0A8384

Function 008601D1 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10f03b043397fc42550e5061c91fb13c99d661a2e41d94bbf98e773f891e96c
Instruction ID: fe35efa99aae1a45fef1a8d11cb91a34a076249794010246f50e6740c6d5d455
Opcode Fuzzy Hash: a10f03b043397fc42550e5061c91fb13c99d661a2e41d94bbf98e773f891e96c
Instruction Fuzzy Hash: 3981AEB3F112258BF3544D29CC583A23693EBD5320F2F82788E58AB7C5D97E5E099384

Function 008084FD Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1377cc68e9045a8dc28aa9201f3ed95fc74d5fde9b48d45db4873d8a07ab7ec
Instruction ID: db6caf0183b08ea961bbfa1d43c6ec8a06f03703b8d1bb4a9b79a1c21039dba4
Opcode Fuzzy Hash: a1377cc68e9045a8dc28aa9201f3ed95fc74d5fde9b48d45db4873d8a07ab7ec
Instruction Fuzzy Hash: E98169B3F1122587F3640D29CC943A27293EB95324F2F42788E99AB7C5D97F5D0A9384

Function 007C0629 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7744d70bc864517a332064c9738aeb833d6bd0527855b613288e74e669111971
Instruction ID: d8cf2ff716e6888e25483300e1ce324e5344fc8a06de8e343bb5345af6a5f163
Opcode Fuzzy Hash: 7744d70bc864517a332064c9738aeb833d6bd0527855b613288e74e669111971
Instruction Fuzzy Hash: 828169B3F115244BF3544939CD983626683DBE4324F2F82788E99AB7CAD97F5D0A5380

Function 008C2017 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fcd1def062afbc9f7734ba484df2e175779e80637976d40b9658bb6d0267d81
Instruction ID: b4baadcf9663f975750dedf217cd73b0c14015af475196c1d0a3297b7438e9d3
Opcode Fuzzy Hash: 0fcd1def062afbc9f7734ba484df2e175779e80637976d40b9658bb6d0267d81
Instruction Fuzzy Hash: 54817AB3E011258BF3544D29CC943A2B693DBD5324F2F42788E586B7C4E97F6D0A9684

Function 007C60AB Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff1b1c29cdf929ca3ebb5a7920ffb220d5e87a2c7790ef648c9ec255ec26be03
Instruction ID: ce3be0db215469c549965bbb13dcddf764f93a7b2a4a986bc7fcffe4da1af363
Opcode Fuzzy Hash: ff1b1c29cdf929ca3ebb5a7920ffb220d5e87a2c7790ef648c9ec255ec26be03
Instruction Fuzzy Hash: E1818FF7E506258BF3644D78CC983A16682DBA4320F2F827C8F59AB7C5D87E5D0952C4

Function 0085408D Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 532c87f4c47531cc2c05336477005506295ba3d7d7642b6fd03c3ceb08551d49
Instruction ID: d77d2ce9c6861d6f4af385b338c432e8de9bc5d3d3a2a9c0be6b6e70ace8e9e6
Opcode Fuzzy Hash: 532c87f4c47531cc2c05336477005506295ba3d7d7642b6fd03c3ceb08551d49
Instruction Fuzzy Hash: C381B0F7F116214BF3544978DC883627693EBA5314F2F42388E589B7C5E97E9E0A8384

Function 008B9043 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c07235e1bc8d9832179c91583e5650d3cfa1687e1348a3721db25f39b15614fa
Instruction ID: 1ab77e999474e32d1dfa2b0a8610f6d0f68dc4ce94fb5c6d91100c4d51fdb5f6
Opcode Fuzzy Hash: c07235e1bc8d9832179c91583e5650d3cfa1687e1348a3721db25f39b15614fa
Instruction Fuzzy Hash: 3F819CB3F1122447F3544D68DC983A27683DB94325F2F42798F8C6B7C9E97E5E0A9284

Function 007DE2F4 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 470c9e34a586de4148fdc076d5c22ad2f63f1cc4f1f14a196fdec574d82e4bc1
Instruction ID: bb7974c4fc9ad83ac21a68335a6225ad94851f8288218dc30f8e992b385da720
Opcode Fuzzy Hash: 470c9e34a586de4148fdc076d5c22ad2f63f1cc4f1f14a196fdec574d82e4bc1
Instruction Fuzzy Hash: DD817EF3F1162547F3944839CC5836266839BE4324F2F82788B5CAB7C6ED7E9D0A5284

Function 0090E26F Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df126d945bb88bf224ce25647269f1d69475b274d8f932f1dc84256d8707d8af
Instruction ID: edcef4c437e37a7dc28220fe8d510bb106f333ad6e7384a4df0c006ff1ad8fe1
Opcode Fuzzy Hash: df126d945bb88bf224ce25647269f1d69475b274d8f932f1dc84256d8707d8af
Instruction Fuzzy Hash: C9819CB3F112254BF3544929CC983626683DBE5320F2F827C8E996B7C9DC7E9D4A4384

Function 007DA4B5 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c53cbeb130c57f6736c320aa158a7b19a2f011feaf422e376138decc212d20d0
Instruction ID: 252f0fc208eeddc8244dd151fa0d32ee710b02f77296c294c84ba0335980c076
Opcode Fuzzy Hash: c53cbeb130c57f6736c320aa158a7b19a2f011feaf422e376138decc212d20d0
Instruction Fuzzy Hash: 6F8148B3F111254BF3944928DC583A27693EBD4324F2F81798E8C6B7C5E97E5E0A9384

Function 007D6256 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a52e2c5820b8acebee6df04ba74b64631f253c70e629adb0c8f3294f8e168c
Instruction ID: 459a2558cf87a52039d5eb44efcf9e1dd8a41947d7bde7d214d80cfa968682fe
Opcode Fuzzy Hash: d6a52e2c5820b8acebee6df04ba74b64631f253c70e629adb0c8f3294f8e168c
Instruction Fuzzy Hash: E68125B3E111258BF3644D29CC18362B693ABD4320F2F82798E8D6B7C4E93F5E159784

Function 007E44B9 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e295760b8a26940f257f80b2a564c8bfc59eea2c7f662493227d17fadc5e1ec
Instruction ID: e3fcd8efe8e1748d9140d37dca7361d4169f4d1bc4f541804754fcce2983546c
Opcode Fuzzy Hash: 4e295760b8a26940f257f80b2a564c8bfc59eea2c7f662493227d17fadc5e1ec
Instruction Fuzzy Hash: A1819BB3F216254BF3584924CC943A26283DBE5320F2F427C8E586B7C5D97F5D0A9384

Function 008A816A Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfbbbceefa71f139e7400e8f45b72a0094d072d458b642f96f6acc159adceba1
Instruction ID: 74b156242b9f7358f56bcf40177f081b281e48ca51e6b35b5fa90b1c0dff31c9
Opcode Fuzzy Hash: cfbbbceefa71f139e7400e8f45b72a0094d072d458b642f96f6acc159adceba1
Instruction Fuzzy Hash: E5819BB3F115258BF3544968CC98362B692EB95310F2F82788E8CAB7C4D97F5E099784

Function 00842249 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ddf426f56cf9cf2fc990f9460058482cb8422db2c3514af47fa6cde27b65eb5
Instruction ID: f755b1caf6d59dc08ab9dc162f0cb0da364b3f135299456b69eba4a7660124ff
Opcode Fuzzy Hash: 1ddf426f56cf9cf2fc990f9460058482cb8422db2c3514af47fa6cde27b65eb5
Instruction Fuzzy Hash: 6B8156B3F1052547F3584929CD683626683D7D1324F2F82788E5A6BBC9EC3F9D4A5384

Function 007CA57A Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3c0f1c8d4127af65cabc632f758180aacfc354c502e94f8b089d7b99034971
Instruction ID: 7f687945b72023834be5b650d30ebdf0566e55257be06431b315f3907be25fa5
Opcode Fuzzy Hash: cf3c0f1c8d4127af65cabc632f758180aacfc354c502e94f8b089d7b99034971
Instruction Fuzzy Hash: 81817DB3F1112587F3504A29CD583627693DB94724F2F42788E8C6B7C4E97FAE1A9384

Function 00848116 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb698e30f5f7d144b8c2ff923c4872a672494160405fd5e52fa4ec91c2029178
Instruction ID: 729c112d9db91aaaa8bd89efc00a079dea92525102ebc37662e6363a93b33b27
Opcode Fuzzy Hash: fb698e30f5f7d144b8c2ff923c4872a672494160405fd5e52fa4ec91c2029178
Instruction Fuzzy Hash: B08159F3F1162547F3944878DD88392668397E4325F3F82748E5CABBC9E97E8D0A5284

Function 008CA27F Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa1559bcaef90ea27e8d04159356aab31b16f8dda8067cbcf05213b300ae76f2
Instruction ID: 10eccfc63e28a6786cfbac9888166a0fcc4eef2cc1a0f98376e1cead62b8c2d7
Opcode Fuzzy Hash: fa1559bcaef90ea27e8d04159356aab31b16f8dda8067cbcf05213b300ae76f2
Instruction Fuzzy Hash: AA816BF3F5122547F3940974DC983A26293D795324F2F42388F1CABBC5E97E9E0A9284

Function 008A01FD Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6806b3dfebfdf59ad8e4f659e0f1024b8497d0ebcf7dd18df290365e204d56c
Instruction ID: dda0399707fa0908c3236da46ecb4b5c4fb6f9edb58203ee15552aa8d43ace2e
Opcode Fuzzy Hash: d6806b3dfebfdf59ad8e4f659e0f1024b8497d0ebcf7dd18df290365e204d56c
Instruction Fuzzy Hash: 57817AB3F1112547F3984928CC653627683EBE1324F2F823D8A9A6B7D4ED3E5D099384

Function 008785E6 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b54fb009359284523fc99620518cc0c20cb1138f5cac8128647f64aab63f694
Instruction ID: ac6814a5ee2cfb9f0891f8366a45f1719b31bc09f56d6355934990d490179f0a
Opcode Fuzzy Hash: 9b54fb009359284523fc99620518cc0c20cb1138f5cac8128647f64aab63f694
Instruction Fuzzy Hash: 068158F3F116254BF3544928DD983A2268397E4325F2F82788E8C6B7C5E87F5E065388

Function 008A706D Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a94abf910731f1931e63dacd164b10d65bed271cec202cf98b3dfd93278d93
Instruction ID: 8ab5aa52d25785992e4e2f81752210d3e21fd0b06b53c3abc51145e750e88417
Opcode Fuzzy Hash: 85a94abf910731f1931e63dacd164b10d65bed271cec202cf98b3dfd93278d93
Instruction Fuzzy Hash: F0816AB3E0122587F3684D79CC94362B6839BE5320F2F82788E5D6B7C4E97E5D069780

Function 007FA16C Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d4fb9b22dbb4dbed5bcf9c7347c08fab0b0119299eb8122b643cd937b284ac
Instruction ID: ead1858472691b1867b149cfac9bfecdc251a9f1ab5aa375e612b544074be7bb
Opcode Fuzzy Hash: d4d4fb9b22dbb4dbed5bcf9c7347c08fab0b0119299eb8122b643cd937b284ac
Instruction Fuzzy Hash: EF815CF3F1162547F3584929CC94362B293ABE5321F2F82788E5C6B7C5D93E9D0A5384

Function 0088C261 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1313c9b427e82874dc8a555956f933205c7a36143729075eaad944f746ceb002
Instruction ID: 7a563d4a97ba569bb0cd54c0e83968df283a2c960e7770bd7829e6802d4a05e5
Opcode Fuzzy Hash: 1313c9b427e82874dc8a555956f933205c7a36143729075eaad944f746ceb002
Instruction Fuzzy Hash: F7816DB3F105244BF3544938CDA83662593DBD5325F2F827C8E5D6BBC9D83E5E0A9284

Function 00800445 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05b9c4e678307bc8376941b6d74cd0cd74fd89e3c06b7b2184121ae5a351bdff
Instruction ID: 06d79b2dc76ef4b810cfd41e6e26b8202ab3ed6ad7918f9d272027d47619eeeb
Opcode Fuzzy Hash: 05b9c4e678307bc8376941b6d74cd0cd74fd89e3c06b7b2184121ae5a351bdff
Instruction Fuzzy Hash: 3E81DEB3F5022587F3580D38CCA83627692EBA5314F2F427C8B599B7C5E97F5D099284

Function 008451C3 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58905ce6703b69be7181bf3f83448c818e03d00e9d72daf34a0839da382b1a10
Instruction ID: b4e4a0b5cca30cc86b91d59bd02c86eea2848a307ff497bc54c5b46ed5d9ab1e
Opcode Fuzzy Hash: 58905ce6703b69be7181bf3f83448c818e03d00e9d72daf34a0839da382b1a10
Instruction Fuzzy Hash: 298182B3F106154BF3544D29CC983A17683DB95315F2F82788E48AB7C8D97F9E0A9384

Function 0090A0CF Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7890f512923848321ab4cd43a9c4f9f1ea00fc4c2b2d5baddb1cec0155d5ece6
Instruction ID: 6ebce0599eb284ae6474fcecfc9cbec498e27cff8914ffe6100364a347926f31
Opcode Fuzzy Hash: 7890f512923848321ab4cd43a9c4f9f1ea00fc4c2b2d5baddb1cec0155d5ece6
Instruction Fuzzy Hash: E8819EF3F016244BF3544D68DC88352B293EB95311F2F82788E586B7C9E97E5D098784

Function 007B6108 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cca7db9f26b389988eec2ad93ca84513255ec7aee6a63db2271c5d90a762a57
Instruction ID: aa924c80cb2e7ee6ddc60b73c982b11fa5bfd123dcd142eafa7b4f3662aa3aad
Opcode Fuzzy Hash: 7cca7db9f26b389988eec2ad93ca84513255ec7aee6a63db2271c5d90a762a57
Instruction Fuzzy Hash: CE816BB3F116258BF3544969CC883527693EBD4320F3F82388A5C6B7C5D97EAD0A9784

Function 0082E580 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bae77580f7f698bfa785a3b3177c0fb4925ccd328c32bf7ae812d8b2979f33a
Instruction ID: 8f1f58faee3a4d82b24372ae5b0cf027d02859c13dcbc32da3a3d29be9c2d991
Opcode Fuzzy Hash: 9bae77580f7f698bfa785a3b3177c0fb4925ccd328c32bf7ae812d8b2979f33a
Instruction Fuzzy Hash: A2716CB3E1112447F3544A28CC583627693AB94324F2F42788E5DAB3C0E97F6E1953C4

Function 008B06A3 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f60ad1ebf0f0b35d66f29f89354e505726e08c99fc313541f951ff688ea15be
Instruction ID: 7ac083c72a2d7339ab44dad3e70e150336c79defd20147adf327c47d55501a7f
Opcode Fuzzy Hash: 7f60ad1ebf0f0b35d66f29f89354e505726e08c99fc313541f951ff688ea15be
Instruction Fuzzy Hash: 3C717BB3F1122487F3544D25DC943627293DBE4314F2F82788A886B7C8E97E6D0A8784

Function 008130C3 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceb6f4621c38c457bb702a4e02d7c852269232160b63fdf0695b45d2e362f65b
Instruction ID: 9b29f369e1f1c4a4c3c2b1a578a8351c0e69faaa13eab2ae0b41531aa681ae53
Opcode Fuzzy Hash: ceb6f4621c38c457bb702a4e02d7c852269232160b63fdf0695b45d2e362f65b
Instruction Fuzzy Hash: B371ABB3F2162547F3540C38CD583626683ABE4324F2F82388E5DAB7C9D87E5D0A5384

Function 008F63E7 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce9e4ed4519f4405085fd13a91a3573559faef6f16b5c8e9bfa44bbc8d2a09e7
Instruction ID: a77652d60c4cf506394747584a5c42c66415c890c80dad9a48240456755c7e99
Opcode Fuzzy Hash: ce9e4ed4519f4405085fd13a91a3573559faef6f16b5c8e9bfa44bbc8d2a09e7
Instruction Fuzzy Hash: 007179B3F5122587F3584928CC983A27643DBD4325F2F41788E49AB7C5E97F9D0A9384

Function 008FC453 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f1a09cdd4bfae6e5d6055bd4a7d4754df6f2922fd2cbd96ec17e407d1365df
Instruction ID: b85ffcf8496f196ca0b901503fe861c342c63ddc37fc44fd9b873075801c73db
Opcode Fuzzy Hash: 00f1a09cdd4bfae6e5d6055bd4a7d4754df6f2922fd2cbd96ec17e407d1365df
Instruction Fuzzy Hash: AC718CB3E1122587F3540D28DC983A27692DBA4320F2F42788E8C6B7C5E97F5E0997C4

Function 0083A079 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 229cf715fff856b6a1acd34d48c8bfa94a12d1e31824779369056a352cf52889
Instruction ID: 27c6b5da3b9ae7d1304f2c9a7706e511af081b2190d11881eff152733e8df22e
Opcode Fuzzy Hash: 229cf715fff856b6a1acd34d48c8bfa94a12d1e31824779369056a352cf52889
Instruction Fuzzy Hash: 0B7168B3F1162587F3544929CC9836276839BD5325F2F82788E4C6BBC9D87E9D0A9384

Function 008BA258 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa463d0688245d92c99594d0cb5fbc177e185638a9ca112f77093c3e9fb46cda
Instruction ID: 6d34db6789518ad222e7f228307558c5b506e7534a6f520d0ba21d3cc4a57d5a
Opcode Fuzzy Hash: fa463d0688245d92c99594d0cb5fbc177e185638a9ca112f77093c3e9fb46cda
Instruction Fuzzy Hash: 2C719CF3F1063147F3140979DC98362A682EBA5315F2F82788E5D6B7C5E87E4D0952C4

Function 0082A5BB Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 680b8e61c0ee1078f71eff5d410751b85a5b83fb7a1efc70f3e3bbaf145a88fb
Instruction ID: 1bb3c79a6c734b5fa39188356ee5f8e4916e83ac8e3a0ae144fccc58a7fd1f53
Opcode Fuzzy Hash: 680b8e61c0ee1078f71eff5d410751b85a5b83fb7a1efc70f3e3bbaf145a88fb
Instruction Fuzzy Hash: 5E715CF7F115158BF3504D29CC443626693EBE4325F3F82388A5CA7BC9E97E990A9384

Function 008A6288 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a555d25817000c2e4df33e57f6f43ff6e9a0a51973b3659c6cbfb22281464185
Instruction ID: b073d78dcc729cbd95e95775e908f87eaa30eda046b2023b431f1e05bbe61445
Opcode Fuzzy Hash: a555d25817000c2e4df33e57f6f43ff6e9a0a51973b3659c6cbfb22281464185
Instruction Fuzzy Hash: A8715CB7F1152547F3604D29CC94362B253ABD5721F2F82788E8C2B7C4D97F2E0A9684

Function 007C2441 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aa3724bd442b1c2c9691d1e683e6c95aa132a6fe38c8c7abb58d784d03b9216
Instruction ID: ae0dbe9598ddaff427d51186a09baaf9b4c48d841af9b0f6155fb07aa2111fe9
Opcode Fuzzy Hash: 9aa3724bd442b1c2c9691d1e683e6c95aa132a6fe38c8c7abb58d784d03b9216
Instruction Fuzzy Hash: 197167B3F111248BF3644D29CC543627693ABD5724F2F82788E9C6B3C4D93E6E0A9784

Function 007E8566 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f639d8728584d9f28e53faaf9aa001586be6c8cf0699cda12962c158b3e2837
Instruction ID: 67ba5682e18429e3d6dcf13ae74684845933b547758976f88fec9de5d85e7802
Opcode Fuzzy Hash: 8f639d8728584d9f28e53faaf9aa001586be6c8cf0699cda12962c158b3e2837
Instruction Fuzzy Hash: B771AFB3F106214BF3584D39DDA83626683DB95324F2F42388B9D6B7C9E87E4D0A4284

Function 009102B0 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c552cb75c314727b8087255eb14d9a5695b9194776a2fde9e9e3b307c4df597
Instruction ID: 28b19f2d11a9c79d5b0f00f3ac44a9ae422a2a56c646175c7a37cf177ab9cec0
Opcode Fuzzy Hash: 0c552cb75c314727b8087255eb14d9a5695b9194776a2fde9e9e3b307c4df597
Instruction Fuzzy Hash: 2C716DB3F112254BF3444929CC543627293EBD5321F2F41788E489B7C4D97FAE0A9384

Function 008DC541 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621bf7daef2a6d56fc9a74701bd9f64742d908ccdb97488929efb51aca851acc
Instruction ID: 948e8f3969140c2d32a6e83fcd657e9e95e9a7f5921a3582e71ecbf0857dcccb
Opcode Fuzzy Hash: 621bf7daef2a6d56fc9a74701bd9f64742d908ccdb97488929efb51aca851acc
Instruction Fuzzy Hash: 0D714BB3F111258BF3644928CC583A27693ABD4360F2F82788E5C6B7C9D93E5E099784

Function 008B40EE Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26aabf1b9579c2ec4c33f4cc0a11eb960b31f07f470e951f9f21a3427942369a
Instruction ID: c2a250848e99443031911ffeaee807f1f08579ee639407d166de99bef4e82954
Opcode Fuzzy Hash: 26aabf1b9579c2ec4c33f4cc0a11eb960b31f07f470e951f9f21a3427942369a
Instruction Fuzzy Hash: B4714AB3E112254BF3644E29CC583A27692EB95324F2F417C8E8C6B7C1D97F6D0A9784

Function 008E70B8 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d1b5d36732c3d9ed815af10859b4f3c4ee724fc0c4594e45b264d9a1287f2a3
Instruction ID: 30d05e0e470d2d4f01e03ee754fd9267402e91e206bbb47efcf85e9a393011b3
Opcode Fuzzy Hash: 7d1b5d36732c3d9ed815af10859b4f3c4ee724fc0c4594e45b264d9a1287f2a3
Instruction Fuzzy Hash: D8718CB7F0162587F3544E28CC543627293EBD5324F3F81788A886B7C5E97E5D0A9784

Function 008F430C Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035ab65bc215ac688f14fbdc9afb1de845c23fa84637a33f779e8146e02d428d
Instruction ID: eea4d4670db736a0cc2903d3a8ba04e21bf2c1effc320e943c0c459243bb83bd
Opcode Fuzzy Hash: 035ab65bc215ac688f14fbdc9afb1de845c23fa84637a33f779e8146e02d428d
Instruction Fuzzy Hash: 4861AFB3F1052547F3544939CD983626683EB99320F2F42798E9CAB7C5D87F5D0A9384

Function 00844400 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 371568be5d64c81f5feaf75f07fcc2cd5d97b12133b0861e54e269f77686217d
Instruction ID: 2393873b80713400062ec78d3d0057e19ad9152a74069814a326bb00fe925d5d
Opcode Fuzzy Hash: 371568be5d64c81f5feaf75f07fcc2cd5d97b12133b0861e54e269f77686217d
Instruction Fuzzy Hash: D9718DF3F1112587F3544D38CC5836266939BD5321F2F82788E5CAB7C5D97E9E0A5284

Function 007D44FC Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d8cc967cf094566fdc33a920fbcaf2ebf590b761ee3995410a2a7c1911c5bee
Instruction ID: 16957925c7d9a0ce91bed5fd9b79e4127691bfa0b9dc2afd42bb5159d2aea041
Opcode Fuzzy Hash: 3d8cc967cf094566fdc33a920fbcaf2ebf590b761ee3995410a2a7c1911c5bee
Instruction Fuzzy Hash: D26159B7F1113547F3904939CD58362A692EB94324F2F82788E9CAB7C4D97E9E0A53C4

Function 0081037D Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac6d318bff5eaae844542418c5eb06bc9aaf9246ad83b59d2014813f5fd08591
Instruction ID: 5c83ced344e9f66840f983246408f7a7edb3ba5e960dbf3e372964a91ab3bdb2
Opcode Fuzzy Hash: ac6d318bff5eaae844542418c5eb06bc9aaf9246ad83b59d2014813f5fd08591
Instruction Fuzzy Hash: A1617BB7F115258BF3544D28CC983627683DB95324F2F82398F986B7C4D97E6E0A9384

Function 008F7057 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f357a8d41f30c091097042379e8f6288d17e27a145bb7affe189fb12164448fe
Instruction ID: 7d0f81d4464abc5159ec815937897e0ba670165d6e08611a31bc1939553f92c8
Opcode Fuzzy Hash: f357a8d41f30c091097042379e8f6288d17e27a145bb7affe189fb12164448fe
Instruction Fuzzy Hash: AF6179B3F112258BF3044E29CC943A27393EB95724F2B41788B095B7C5EABF6D569384

Function 0083425B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1667c7b0df3322d1b198e68feb1603249ad5f502c91f8cac463f483f1d9d1f24
Instruction ID: 4728964a30b2e6cc44aa9cd9e0b8881d0ef9c6c2757f89941a84b1736463e208
Opcode Fuzzy Hash: 1667c7b0df3322d1b198e68feb1603249ad5f502c91f8cac463f483f1d9d1f24
Instruction Fuzzy Hash: BD615CB3F102254BF3984D28CCA83627693DB94324F2F417D8E499B7C5EABE5D069784

Function 009105FA Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe8b5db1aa3d5c228fd1cc33213be8ae88ee51185158e6c80fac6475900d8eca
Instruction ID: a8bc9963b27c9b14133f99c9cd2a82e1ad2777baafe00e283fd85d5a3033615f
Opcode Fuzzy Hash: fe8b5db1aa3d5c228fd1cc33213be8ae88ee51185158e6c80fac6475900d8eca
Instruction Fuzzy Hash: 0B616DB3F111248BF3544E68CC943617252DB95724F2F02788E586B3C1D97FAE1AA784

Function 007C9074 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61671c1f6ea0c12e3066860c0f5d4aceac95ed350af6bdd39a5ba1b18fede725
Instruction ID: 593971cea5d8e0a4eab19e7e2e12ca062cacc0aebce256a0765adae9b764ed83
Opcode Fuzzy Hash: 61671c1f6ea0c12e3066860c0f5d4aceac95ed350af6bdd39a5ba1b18fede725
Instruction Fuzzy Hash: F4616CB3F111244BF3544938DD983A26693D795324F2F827C8E8CABBC9D87E5D4A9384

Function 0082A2CB Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 942a9f79eb930b56974204f6020633d8ec27aa3357196ac8e404d723da284141
Instruction ID: 8bc04be276af8a1f2d00bd85a75dba9e50a3e06816d883dc5601e8a8559d069e
Opcode Fuzzy Hash: 942a9f79eb930b56974204f6020633d8ec27aa3357196ac8e404d723da284141
Instruction Fuzzy Hash: 06616BB3F012208BF3144E28DC983627393EB99314F2B42788E586B7C5EA7F6D559794

Function 008C319C Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 856ee7b446cd58464f1991a9dc8bfca34c4992eaa6d913f25a8002c1b8aaad06
Instruction ID: cc52f6832eece929f3b4e5d602580abc64ebdba3b721260c94321116a1310366
Opcode Fuzzy Hash: 856ee7b446cd58464f1991a9dc8bfca34c4992eaa6d913f25a8002c1b8aaad06
Instruction Fuzzy Hash: 9B617FB7F116258BF3544E68CC983627392EB95704F2E41788F489B3C5E97F6E099384

Function 00898572 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cb762b9e7d834270867ffd8865c36781177a1f2a7d334a83e03d8fa5dcd82fb
Instruction ID: 0285ada6ed20e0a95e6a8933f83d6ca47cbdabc55806e3d0432ba591de8f39e4
Opcode Fuzzy Hash: 6cb762b9e7d834270867ffd8865c36781177a1f2a7d334a83e03d8fa5dcd82fb
Instruction Fuzzy Hash: F86169B3F102248BF3544E28CC943627293EB95724F2F8178CA886B7C5E97E6D199784

Function 0084E07F Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 967bc02e53fb563b0a695a3634946da680340b4d38eff9107e9c11e6c950cd5d
Instruction ID: 0162465b919420e787eb336f82dc136443544a446ba708d099e7ab39d02795fc
Opcode Fuzzy Hash: 967bc02e53fb563b0a695a3634946da680340b4d38eff9107e9c11e6c950cd5d
Instruction Fuzzy Hash: 0D616BF7F116254BF3544924CD983A22683DBE4314F2F82788E4D6BBC6E87E5E4A5384

Function 008A65DB Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9273f7145931b689fc355f1cea3048d46d86e53b9d1fd78db61732dfd4729e6
Instruction ID: e070954c5f9cf7cd1349405ade3529da0e0e978f8ced82f52014ca0045cc7198
Opcode Fuzzy Hash: d9273f7145931b689fc355f1cea3048d46d86e53b9d1fd78db61732dfd4729e6
Instruction Fuzzy Hash: 6C5158B3E215254BF3984968CD583A276929B91310F2F42798F4DAB7C1D87E5E0AA384

Function 0088030A Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a3ed3a40ae62c594ff23addb97533d3ef09d183fb2fde5901fa07dfa1bfa8ff
Instruction ID: 830c711e006f3c2cdbb240ed83cdc73ea7d447271319ebb30044f0c5271e36e4
Opcode Fuzzy Hash: 9a3ed3a40ae62c594ff23addb97533d3ef09d183fb2fde5901fa07dfa1bfa8ff
Instruction Fuzzy Hash: A35137B39083149FE3146E2DDC8576AB7E9EF90720F16893DEAC4D7344EA359C448B92

Function 0082C6C3 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9105dba324ce5655a1dcb87c7a28f1f9ae392df6e91985e19069d32a386a3388
Instruction ID: 3105dc1504809d37a5935b6864b3b2343eb0e0184ea3b7871b02786e88e76384
Opcode Fuzzy Hash: 9105dba324ce5655a1dcb87c7a28f1f9ae392df6e91985e19069d32a386a3388
Instruction Fuzzy Hash: 4F5190B3F1121547F3944D28CC983A27683EBD4314F2F82798E88AB3C5D97E5E0A9384

Function 008EC4B1 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c56c29cf8616481a629ccadd2bdfca24bac892c2774988dcafdddc8c4ddde864
Instruction ID: 1c7a7f84b3744a1f07b29e9b3e30dc2c6ca328fc1e3f503113e5e9fd28dbbb4f
Opcode Fuzzy Hash: c56c29cf8616481a629ccadd2bdfca24bac892c2774988dcafdddc8c4ddde864
Instruction Fuzzy Hash: E5518CB3F6152547F3544964CC983A266839BD5325F2F82388E5CAB7C4DC7E9D1A5280

Function 007DC16D Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc5058e4edea32097ce9a8c1dbf1f8b0f5933524fe116dcc13a8717afa2db57a
Instruction ID: 161d8fb1197af8a8fd6dfc5d4dcb90b39ca4ca450cd9dd6b35eea440bf5175a1
Opcode Fuzzy Hash: bc5058e4edea32097ce9a8c1dbf1f8b0f5933524fe116dcc13a8717afa2db57a
Instruction Fuzzy Hash: D1516BF3F116244BF3544968CC983627693ABD5324F2F82788F9C6B7C5E97E5D0A8284

Function 008D3045 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6ead15eaa6949b4a4ae49427d9fcc7054f51df575ae3c8927fb837165d0988d
Instruction ID: 36372c047dfef865e541aa16cdf95b0a61d509129ff7e5aff8bbd8b132e36d38
Opcode Fuzzy Hash: f6ead15eaa6949b4a4ae49427d9fcc7054f51df575ae3c8927fb837165d0988d
Instruction Fuzzy Hash: FA518DF3F1121547F3444D29CD683627683DBD4315F2F81788A489B7D9EA7E9E0A8784

Function 008C4009 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa3ad9842d2dcc6bfe0526cdf3515af434f1d879b72756fc7d52d2218988e335
Instruction ID: c11beb92c58f5ccdb1b22b4a758e24a41722122f8881ef3c847e8fd7e534bc80
Opcode Fuzzy Hash: aa3ad9842d2dcc6bfe0526cdf3515af434f1d879b72756fc7d52d2218988e335
Instruction Fuzzy Hash: 9D5189B3F1112587F3444A28CC583A27653EBD5315F2F81B88A4CAB7C8D97F9E4A9384

Function 0090A448 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abca7b7f30ae6fa108e698785b3eaa526878403a0293810b641f4d32d5fc8928
Instruction ID: eaf7fa706e2954c5a1e12bd5e9770732f22188c7255b7129330a764adc072aa0
Opcode Fuzzy Hash: abca7b7f30ae6fa108e698785b3eaa526878403a0293810b641f4d32d5fc8928
Instruction Fuzzy Hash: EB519AB3F6062547F3580938CC993A26643DB95321F2F82388E99ABBC4DD7E9D095284

Function 007BD053 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 542e54fdca9243f03d8740bdc59dde0434eb8afd4f37d6ad45cc3e724011eeba
Instruction ID: 5300f317e75a21c410b2c3d064356a978a3eec41aa2d6410f9a5251e7540320a
Opcode Fuzzy Hash: 542e54fdca9243f03d8740bdc59dde0434eb8afd4f37d6ad45cc3e724011eeba
Instruction Fuzzy Hash: 42516CB3F501258BF3544E38CC983617693EB95310F2F4278CA995B7C4D97EAE0A9784

Function 008BF1C3 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18784676d9d14c416873d7b225e62f4a25a5d4b9239a4cfc51dbafb892325d9a
Instruction ID: 030925227435ad553472f9e9ce329aefc3489e5c76592d7df735cca0e1ef88c5
Opcode Fuzzy Hash: 18784676d9d14c416873d7b225e62f4a25a5d4b9239a4cfc51dbafb892325d9a
Instruction Fuzzy Hash: 3C517DB3F112258BF7544D39CC48351B683ABD5720F3F83788AA8AB7C4E97E5D069284

Function 008EC1E1 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ab4d81af2c144a5e3b5a0cb3a6f50c382295c90a9c8155af8b12c25b6587cc
Instruction ID: 92e860932730f29e5dd3f213ec3f5fbe71420c069608a21166dec03fd772b971
Opcode Fuzzy Hash: 88ab4d81af2c144a5e3b5a0cb3a6f50c382295c90a9c8155af8b12c25b6587cc
Instruction Fuzzy Hash: 98518FB3E102258BF3984D28CC583717392EB95711F2F427C8E59AB7D0D93E6E099788

Function 0083C6A0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a591bed7f5dc522913c20707a0862ee672669681b607ab5d8b5559ebd5acc8e
Instruction ID: cc9a2b16e09eb4f688a7c1f4b6b669335745ee2a55f6b15be114cfe10fa8499b
Opcode Fuzzy Hash: 9a591bed7f5dc522913c20707a0862ee672669681b607ab5d8b5559ebd5acc8e
Instruction Fuzzy Hash: 025146B3E001258BF7648D39CC5836272939B99314F2B82788E8CAB7C5E93F5D099384

Function 0089C23F Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec736e3bb3fffb6ea387994053492846da8004b66d88c371b466c8617abcd929
Instruction ID: 4555c8a2b44dc61abcd3dade6aeb2c38ca39ad23e01d76620be277f924119daf
Opcode Fuzzy Hash: ec736e3bb3fffb6ea387994053492846da8004b66d88c371b466c8617abcd929
Instruction Fuzzy Hash: C45158B3E1122547F3884934CD683A66683DBD5314F2F82788F596BBC9DC7E5E0A9384

Function 00884405 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13b8344bb6ab03ee7252c5cfa4ef6324deda9eeaae6a55273cb2a81a66306f77
Instruction ID: ce87ecc9177fd5f8a17999df27a47f56b250ed41cd9c8f4d37fbcef54c96c7fa
Opcode Fuzzy Hash: 13b8344bb6ab03ee7252c5cfa4ef6324deda9eeaae6a55273cb2a81a66306f77
Instruction Fuzzy Hash: A251A8F3E125354BF3A44968CC98362A652ABA1320F2F82788E5C3B7C5E97F4D0953C4

Function 008F8533 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b136a35d6c82491692bace2e501fac9656e0bf3f7bd3cac4ffb032b7159901c4
Instruction ID: c42306d59a64305a99afe41884057ca0c999739d5be642a2caa868d4cf4117e1
Opcode Fuzzy Hash: b136a35d6c82491692bace2e501fac9656e0bf3f7bd3cac4ffb032b7159901c4
Instruction Fuzzy Hash: 5051AFB3F102258BF3544D39CD983623693EB95720F2F42388E8DA77C4D97E5E1A9684

Function 008DE1DD Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed3428e73d1f5e8ddd7ac60354bdb3ee5c33865973affe1a681f0432728bd39
Instruction ID: 907be710bd146c7cedaab088c3f13dccd0bce703f877a8017a2353483a1faf27
Opcode Fuzzy Hash: eed3428e73d1f5e8ddd7ac60354bdb3ee5c33865973affe1a681f0432728bd39
Instruction Fuzzy Hash: 4F514AB3E1152547F3544D29CC983627293EBD0325F3F82388E886BBC4ED3E5D0A9284

Function 00874597 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d08c2279f90156f6b2d77242b632e8e3479cf29bd95640270b50daebe24fad1
Instruction ID: 78aad342dbb6cf1f38b6ab9557791ad48103777c203057ed601e5800f7ff2d15
Opcode Fuzzy Hash: 7d08c2279f90156f6b2d77242b632e8e3479cf29bd95640270b50daebe24fad1
Instruction Fuzzy Hash: 37518FB3F1112547F3644928CC593A26243EBD0324F2F41398E8DABBC5D97F9E065384

Function 007BE0EA Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f44bf880f8d5a1b2c1815cd708e005fe4d5989966b46d3808cdf08451a2cc759
Instruction ID: d17b844a002ffa36c23b7b803bece7cd1ce28874a55dc42ca4ca21a5460befe2
Opcode Fuzzy Hash: f44bf880f8d5a1b2c1815cd708e005fe4d5989966b46d3808cdf08451a2cc759
Instruction Fuzzy Hash: 1D518CF3F1162647F3904978CC983627643EB95314F2F82388E586BBC5D97E9E0A9784

Function 007BC573 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 340e8188750b412431e7ff2f8b69dec1b89c6a5c379854c170d251a6ba307ef2
Instruction ID: f93287f2b606ef4e4a785837213d8b249464917403d1d561bcfa6a27b810a093
Opcode Fuzzy Hash: 340e8188750b412431e7ff2f8b69dec1b89c6a5c379854c170d251a6ba307ef2
Instruction Fuzzy Hash: 584165B3F012254BF350497ACD58362A643ABD5324F2B8238CE5C6B7C5E97E5E1A83C4

Function 0083F054 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e582d0afc65777b6b4763c2fe6d013cef2577ffc97caee1ed143b167f8b46da
Instruction ID: e7be22655d6d131e7cf1e86639d55fede05d5e758c52cc1a156311b87e3116d2
Opcode Fuzzy Hash: 4e582d0afc65777b6b4763c2fe6d013cef2577ffc97caee1ed143b167f8b46da
Instruction Fuzzy Hash: C14169B3F105204BF3588838CD683A265839BE5724F3F42788B6DAB7D5DC3E9D0A4284

Function 00830463 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3270662d28e03ac7f6913e40f22fd96473481efd3da910cc88caab39668d1836
Instruction ID: 600ea8a12a8d49b5319f930fbe6316432d75b8fba782f4b13e8db7cf65460ce4
Opcode Fuzzy Hash: 3270662d28e03ac7f6913e40f22fd96473481efd3da910cc88caab39668d1836
Instruction Fuzzy Hash: 6E413CB3F101254BF3944969CD583A26683DBE5320F2F42798F5CAB7D5E8BF5D068284

Function 0084C041 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e85c0e1e2c41f22e88344ae90391fca811db6f6429c8ff91beb8261bb418d1b2
Instruction ID: e05e342f12c836b6f061911e6334f401d135ffe51717789be1e524d8bf7e4519
Opcode Fuzzy Hash: e85c0e1e2c41f22e88344ae90391fca811db6f6429c8ff91beb8261bb418d1b2
Instruction Fuzzy Hash: C04149B3F113254BF3544879CD983626583D7D5325F2F82348F68ABBC9D8BE9D0A5288

Function 00872689 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f0696e1c55efdce52e0477396d321fd99140e2e003167843ed600a365a0e39c
Instruction ID: 290d2e34721605d98fb1f8e61ea97deacecfac8e67dbbc19a6a661a18f2dce35
Opcode Fuzzy Hash: 3f0696e1c55efdce52e0477396d321fd99140e2e003167843ed600a365a0e39c
Instruction Fuzzy Hash: 91318EF3F1162147F3940469DD583629583D7E0324F2F82398F58ABBCAD8BE9C4A02C4

Function 007CE581 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 095e8118a369df605e3576a38fdf35ba8498b51d8e4ed5df3fdf10f6daac9bcd
Instruction ID: fd291432e042691bfb4fa0d6082a9c2a28cf8642d4fa03d456a266e8dcbd82a9
Opcode Fuzzy Hash: 095e8118a369df605e3576a38fdf35ba8498b51d8e4ed5df3fdf10f6daac9bcd
Instruction Fuzzy Hash: 833146B3F512254BF3544825CDA83626283ABE5320F2F8239CA4C6B7C5DD7E4D4A5384

Function 007F84B0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34bbbf78fb319ad078a0a8a40ccad23f278c2aa7a7ddf68f42560419bea8e94d
Instruction ID: d9577da68b1c16c9292a2ee4cde43f86ddd3c44e6baec3e57f97935ac94521e6
Opcode Fuzzy Hash: 34bbbf78fb319ad078a0a8a40ccad23f278c2aa7a7ddf68f42560419bea8e94d
Instruction Fuzzy Hash: 22314AF3F5162147F3184879CD99362658297D5324F2F42398F5CAB7C9DC7E9D0A4288

Function 0087E113 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3973ab3d6ab4d0521a6207842ec0b2981d9e935f9f20031b698b11afe5b29e3
Instruction ID: c5e84b1402d9465fd0beddbdd752b984cc8dd9257bab1974bf3b25e5e70e2a4a
Opcode Fuzzy Hash: c3973ab3d6ab4d0521a6207842ec0b2981d9e935f9f20031b698b11afe5b29e3
Instruction Fuzzy Hash: 5C3162F3E5062647F3944878DD993765582DBA4314F2F42398F1CA7BC6E87E8D0952C4

Function 008542EA Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0478ff5d753eceb5e9ebd6c4deab63f75a6bc717820f014640dffdd6cad1a5d
Instruction ID: c25b71cb284588287e6a36129f63119d6c41adf3e70f9054d8ad8ac3e2bba677
Opcode Fuzzy Hash: c0478ff5d753eceb5e9ebd6c4deab63f75a6bc717820f014640dffdd6cad1a5d
Instruction Fuzzy Hash: 0A314CF7F1162047F7504879DD88352658297A9364F2F8238CF5CAB7C5E87E8E4A42C4

Function 0081E2FC Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71d6cf3831d4c1dc434bd027cc63df6c608bd587b44855a943f40a46ad2afd6a
Instruction ID: d1c8fef677f14ec6f3024190de7a1975082ccc988702be595a1dc91e8de6dcac
Opcode Fuzzy Hash: 71d6cf3831d4c1dc434bd027cc63df6c608bd587b44855a943f40a46ad2afd6a
Instruction Fuzzy Hash: 64213BB7E2162547F3544829CC993A265839BD4714F2F41398F4DAB3C2DCBE5D465388

Function 008A05B2 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad76b9ac2abe8485cd1f27e000d953d34568ed284b7c9a7b9eac8d9bfbbf1376
Instruction ID: f2d53db3936e3fe2b773ba77ac6b8e2d222835922f9163ba8ec687c9545f35e3
Opcode Fuzzy Hash: ad76b9ac2abe8485cd1f27e000d953d34568ed284b7c9a7b9eac8d9bfbbf1376
Instruction Fuzzy Hash: 68319CB3F1122587F3944D29CC693627243DBD0310F3F81398A8A5B7C8D93E9D0A9389

Function 009023D0 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccc62af0ce5af039a9ee991ff433af556618ffda1b5f7c2c4002c27d7d588e8c
Instruction ID: 43c85f4bfed05867c0d51a485a9840922373b01d1e0e900bd533e2da053871a2
Opcode Fuzzy Hash: ccc62af0ce5af039a9ee991ff433af556618ffda1b5f7c2c4002c27d7d588e8c
Instruction Fuzzy Hash: 03212CF3F5162547F3544839DC983962583DBD5325F2F82788B185BBC9DC3D5D0A5288

Function 008B63F0 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d6de05fea9f7437bb329a3a961dd7158a538ced9193accf3bf455a005e9b618
Instruction ID: 95aa8fc2f7b6b6b8de27433b448dbf5f0a6c3b067face8478e600c84cac3c85f
Opcode Fuzzy Hash: 6d6de05fea9f7437bb329a3a961dd7158a538ced9193accf3bf455a005e9b618
Instruction Fuzzy Hash: 20215EF7F1261147F3A84834DD693666283EBE4314F2F82398F9967BC5DC3E490A4284

Function 0091014E Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b4fbd508f5e8e584d510a973435fbd1d19bc0442a2e85ee9b76c527cb232cba
Instruction ID: c7125143905bde8e618fcbbadd460a61f729a8fcc59753685c22430115c05ed1
Opcode Fuzzy Hash: 8b4fbd508f5e8e584d510a973435fbd1d19bc0442a2e85ee9b76c527cb232cba
Instruction Fuzzy Hash: 5E2117F7E60A2247F3685874DDA836265429B90314F2F42398F5C7BAC6D87E4D0552C8

Function 0088A28A Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4568ab6bd65548502e66f61f791ee4770142c9a1a77affc5d980ad326f491b6
Instruction ID: 95ecd80caacfaabf22dd278a58ec4c3b3d11469a372256add16021579c2248c5
Opcode Fuzzy Hash: b4568ab6bd65548502e66f61f791ee4770142c9a1a77affc5d980ad326f491b6
Instruction Fuzzy Hash: B9216AB3F116254BF3A84839CC5936266839BE5320F2F42798F6EA73C1DC7D5D064284

Function 008E64D5 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34c121f4dc4ebf93bbcab124b63404b7b80d2d66049348a361a63c2f087ce0db
Instruction ID: 9f78ccf212ecbc6ab11dd32be01075ce1aa5da3b63e3acff8d532c26694789c7
Opcode Fuzzy Hash: 34c121f4dc4ebf93bbcab124b63404b7b80d2d66049348a361a63c2f087ce0db
Instruction Fuzzy Hash: 7C217FB3F516214BF3548879CD88362A6839BD5314F2F83788E1CA7BD8D8BE4D0A5284

Function 007EB01E Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2240002018.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true

Associated: 00000000.00000002.2239962468.00000000007A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239978807.00000000007A2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2239990643.00000000007A6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000934000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A3D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240002018.0000000000A4C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240191867.0000000000A4D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2240294923.0000000000BF0000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c673e9d8f5fe0ed92201ca98cb21bb3289f1dbd64ea687fba4161b3e03e4d65
Instruction ID: 3623b256a0984542c764071b49440265cb747823d51f4dc8cc2fd0d43de08355
Opcode Fuzzy Hash: 9c673e9d8f5fe0ed92201ca98cb21bb3289f1dbd64ea687fba4161b3e03e4d65
Instruction Fuzzy Hash: B62128F7E616264BF3988834DD48352268397E8314F2F82788F4CAB7C5D97E9D495284

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: file.exePID: 2964, Parent PID: 1028

General

Chronological Activities

Disassembly

Analysis Process: file.exePID: 2964, Parent PID: 1028COMMON

Execution Graph

Graph

Windows Analysis Report
file.exe

Function 0098CD81 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Function 00980DC8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Function 009812CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Function 00983C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Function 0097FCA8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Function 009813B7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Function 00983E44 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Function 009837B0 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Function 0097F6F5 Relevance: 3.0, APIs: 2, Instructions: 33
sleepthreadCOMMON

Function 0098D7AD Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Function 00981E2F Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Function 0098164B Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Function 0098D4FA Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 054F0D43 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON