Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532769
MD5:	3e3f0fde7c8332ff13596a7427d0489a
SHA1:	944b78c5b35ef8e062b38c3bab40967d7af3ddbe
SHA256:	519d0aa9c6202bd223d96dc7553bd372e1bd3243fdb48c91d1c1d7c55e4e627d
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found evasive API chain (may stop execution after checking a module file name)

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7348 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 3E3F0FDE7C8332FF13596A7427D0489A)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B596D9 CryptVerifySignatureA,

0_2_00B596D9

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1734054743.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4A0A6	0_2_00A4A0A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3C0A7	0_2_00A3C0A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2408A	0_2_00A2408A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A360EF	0_2_00A360EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9	0_2_00A6C0E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB20FF	0_2_00AB20FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A160C7	0_2_00A160C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7C0C0	0_2_00A7C0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC00DA	0_2_00AC00DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C20E6	0_2_009C20E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5C0DE	0_2_00A5C0DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A70020	0_2_00A70020
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DA008	0_2_009DA008
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0E037	0_2_00A0E037
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA00B	0_2_00ABA00B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A42016	0_2_00A42016
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD6069	0_2_00AD6069
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0062	0_2_00AD0062
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BE04A	0_2_009BE04A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A46076	0_2_00A46076
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FC07D	0_2_009FC07D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0804F	0_2_00A0804F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A14051	0_2_00A14051
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A26050	0_2_00A26050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A541AE	0_2_00A541AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1A1B0	0_2_00A1A1B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A841BD	0_2_00A841BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB61BC	0_2_00AB61BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D01BE	0_2_009D01BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AA1D2	0_2_009AA1D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE	0_2_00AF41FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A021D4	0_2_00A021D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A0118	0_2_009A0118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2012B	0_2_00A2012B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD4124	0_2_00AD4124
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E010A	0_2_009E010A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A2102	0_2_009A2102
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD2135	0_2_00AD2135
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A76105	0_2_00A76105
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3210E	0_2_00A3210E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DC12C	0_2_009DC12C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7A110	0_2_00A7A110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9A161	0_2_00A9A161
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8167	0_2_00AD8167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FE151	0_2_009FE151
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2C173	0_2_00A2C173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D814E	0_2_009D814E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A12143	0_2_00A12143
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC14E	0_2_00ADC14E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EA167	0_2_009EA167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC6157	0_2_00AC6157
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A342A9	0_2_00A342A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE629E	0_2_00AE629E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E42AA	0_2_009E42AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E62A9	0_2_009E62A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1C29B	0_2_00A1C29B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A02D9	0_2_009A02D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A942EA	0_2_00A942EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA22F7	0_2_00AA22F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAA2DF	0_2_00AAA2DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F62E3	0_2_009F62E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A22228	0_2_00A22228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6622B	0_2_00A6622B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C020B	0_2_009C020B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACE236	0_2_00ACE236
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABC209	0_2_00ABC209
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B422A	0_2_009B422A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D425F	0_2_009D425F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A04269	0_2_00A04269
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA827B	0_2_00AA827B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A98271	0_2_00A98271
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4E240	0_2_00A4E240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8224F	0_2_00A8224F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F4275	0_2_009F4275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E8275	0_2_009E8275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6024A	0_2_00A6024A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5E24B	0_2_00A5E24B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE23A8	0_2_00AE23A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE3B2	0_2_00ABE3B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C43BC	0_2_009C43BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8E388	0_2_00A8E388
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2E38D	0_2_00A2E38D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3239C	0_2_00A3239C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2C3EF	0_2_00A2C3EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CC3C8	0_2_009CC3C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A503F3	0_2_00A503F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A443CB	0_2_00A443CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB03DC	0_2_00AB03DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A523DB	0_2_00A523DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0321	0_2_00AA0321
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD033E	0_2_00AD033E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9033D	0_2_00A9033D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5C330	0_2_00A5C330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8333	0_2_00AB8333
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C337	0_2_00A9C337
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EC332	0_2_009EC332
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC2318	0_2_00AC2318
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4C310	0_2_00A4C310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3A314	0_2_00A3A314
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1E31A	0_2_00A1E31A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD6311	0_2_00AD6311
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5A364	0_2_00A5A364
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF0379	0_2_00AF0379
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9E37E	0_2_00A9E37E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3C37B	0_2_00A3C37B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96348	0_2_00A96348
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A56350	0_2_00A56350
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD2354	0_2_00AD2354
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC04BB	0_2_00AC04BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE049E	0_2_00AE049E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A72490	0_2_00A72490
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F24DF	0_2_009F24DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A404E1	0_2_00A404E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A924E4	0_2_00A924E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB24E5	0_2_00AB24E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A164C1	0_2_00A164C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8C4C8	0_2_00A8C4C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA4CF	0_2_00ABA4CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EA4F6	0_2_009EA4F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9A4C5	0_2_00A9A4C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B24EC	0_2_009B24EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A364D4	0_2_00A364D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A264D8	0_2_00A264D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A76426	0_2_00A76426
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FA41A	0_2_009FA41A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BE41C	0_2_009BE41C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A06428	0_2_00A06428
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2442C	0_2_00A2442C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8A436	0_2_00A8A436
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A88402	0_2_00A88402
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8641F	0_2_00A8641F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4412	0_2_00AC4412
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2E46B	0_2_00A2E46B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DA453	0_2_009DA453
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4A470	0_2_00A4A470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098C47B	0_2_0098C47B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A246B	0_2_009A246B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B646E	0_2_009B646E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A085A7	0_2_00A085A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CA58A	0_2_009CA58A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C8586	0_2_009C8586
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6E5BA	0_2_00A6E5BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C05BD	0_2_009C05BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18591	0_2_00A18591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8259A	0_2_00A8259A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C65A9	0_2_009C65A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2C5F0	0_2_00A2C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB65FC	0_2_00AB65FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1A5FE	0_2_00A1A5FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A42524	0_2_00A42524
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00998515	0_2_00998515
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8453E	0_2_00A8453E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A80500	0_2_00A80500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A70516	0_2_00A70516
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AE528	0_2_009AE528
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A20560	0_2_00A20560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099C552	0_2_0099C552
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099E541	0_2_0099E541
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C2546	0_2_009C2546
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB0571	0_2_00AB0571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FC57D	0_2_009FC57D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC55D	0_2_00ADC55D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D869E	0_2_009D869E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D069A	0_2_009D069A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AA693	0_2_009AA693
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A166B5	0_2_00A166B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DE681	0_2_009DE681
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC6B1	0_2_00ADC6B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A54688	0_2_00A54688
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E66AF	0_2_009E66AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A00692	0_2_00A00692
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7669D	0_2_00A7669D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABC6E9	0_2_00ABC6E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C6E0	0_2_00A9C6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A186ED	0_2_00A186ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A626F3	0_2_00A626F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A286FA	0_2_00A286FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE86C0	0_2_00AE86C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2A620	0_2_00A2A620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD6609	0_2_00AD6609
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E8635	0_2_009E8635
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F4631	0_2_009F4631
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A78613	0_2_00A78613
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6666F	0_2_00A6666F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A94660	0_2_00A94660
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAC666	0_2_00AAC666
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2266C	0_2_00A2266C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5A66A	0_2_00A5A66A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EA64D	0_2_009EA64D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAA67E	0_2_00AAA67E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7E67F	0_2_00A7E67F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3467F	0_2_00A3467F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1064A	0_2_00A1064A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A38655	0_2_00A38655
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099679D	0_2_0099679D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A247A5	0_2_00A247A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAE7A1	0_2_00AAE7A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACC79C	0_2_00ACC79C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BE7AF	0_2_009BE7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A27D7	0_2_009A27D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DA7CB	0_2_009DA7CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BA7C3	0_2_009BA7C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A867F0	0_2_00A867F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7E7FE	0_2_00A7E7FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE47D5	0_2_00AE47D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE7D5	0_2_00ABE7D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3A721	0_2_00A3A721
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA872C	0_2_00AA872C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C8715	0_2_009C8715
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5672C	0_2_00A5672C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1C73D	0_2_00A1C73D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D2702	0_2_009D2702
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A50709	0_2_00A50709
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BC72F	0_2_009BC72F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F875E	0_2_009F875E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E075C	0_2_009E075C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA076C	0_2_00AA076C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C0745	0_2_009C0745
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C4740	0_2_009C4740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CE743	0_2_009CE743
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A60743	0_2_00A60743
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B6899	0_2_009B6899
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA8A3	0_2_00ABA8A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099E889	0_2_0099E889
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5E880	0_2_00A5E880
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADE88B	0_2_00ADE88B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA2886	0_2_00AA2886
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2688C	0_2_00A2688C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE8EC	0_2_00AEE8EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A308ED	0_2_00A308ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B88FD	0_2_009B88FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A808CE	0_2_00A808CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A388C9	0_2_00A388C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA68D2	0_2_00AA68D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5C804	0_2_00A5C804
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A88805	0_2_00A88805
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D6825	0_2_009D6825
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0E819	0_2_00A0E819
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B285A	0_2_009B285A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C865	0_2_00A9C865
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A98864	0_2_00A98864
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1E87C	0_2_00A1E87C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E487A	0_2_009E487A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F2874	0_2_009F2874
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC485B	0_2_00AC485B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC49AC	0_2_00AC49AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1A9A0	0_2_00A1A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A149A8	0_2_00A149A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA49A5	0_2_00AA49A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC89BB	0_2_00AC89BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3E9BF	0_2_00A3E9BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A20982	0_2_00A20982
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FC9BB	0_2_009FC9BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A42981	0_2_00A42981
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A48995	0_2_00A48995
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7499C	0_2_00A7499C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A349F6	0_2_00A349F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B49FF	0_2_009B49FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6A92E	0_2_00A6A92E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7292A	0_2_00A7292A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7A918	0_2_00A7A918
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB0968	0_2_00AB0968
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FE958	0_2_009FE958
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0966	0_2_00AA0966
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EC953	0_2_009EC953
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8897E	0_2_00A8897E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5E97D	0_2_00A5E97D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2897C	0_2_00A2897C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DC971	0_2_009DC971
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6AAA4	0_2_00A6AAA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92AAA	0_2_00A92AAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A76AA3	0_2_00A76AA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099AA97	0_2_0099AA97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A6A8B	0_2_009A6A8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A98ABB	0_2_00A98ABB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8AB4	0_2_00AD8AB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C0ABF	0_2_009C0ABF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6EA82	0_2_00A6EA82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD4A87	0_2_00AD4A87
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A60A95	0_2_00A60A95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8CAEF	0_2_00A8CAEF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009ACAC2	0_2_009ACAC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A4AC1	0_2_009A4AC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A94AF5	0_2_00A94AF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18AC7	0_2_00A18AC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A2AF7	0_2_009A2AF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABAA21	0_2_00ABAA21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A02A36	0_2_00A02A36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABCA01	0_2_00ABCA01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D4A32	0_2_009D4A32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BAA2D	0_2_009BAA2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D0A20	0_2_009D0A20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE4A11	0_2_00AE4A11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A58A66	0_2_00A58A66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A04A6F	0_2_00A04A6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0CA75	0_2_00A0CA75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A54A7C	0_2_00A54A7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A36A47	0_2_00A36A47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E8A76	0_2_009E8A76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D2A72	0_2_009D2A72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C8A6C	0_2_009C8A6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A8A63	0_2_009A8A63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8A66	0_2_009D8A66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8BB8	0_2_00AB8BB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BCB83	0_2_009BCB83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABCB8A	0_2_00ABCB8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA8B95	0_2_00AA8B95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18BFF	0_2_00A18BFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0EBD7	0_2_00A0EBD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB4B28	0_2_00AB4B28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C4B0E	0_2_009C4B0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1CB37	0_2_00A1CB37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F0B01	0_2_009F0B01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4EB15	0_2_00A4EB15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E0B4C	0_2_009E0B4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CAB42	0_2_009CAB42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8EB4C	0_2_00A8EB4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC2B47	0_2_00AC2B47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABECAF	0_2_00ABECAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DAC9A	0_2_009DAC9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A44CAE	0_2_00A44CAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1ACAF	0_2_00A1ACAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6CCB4	0_2_00A6CCB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0CB6	0_2_00AD0CB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE2C8D	0_2_00AE2C8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A40C81	0_2_00A40C81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC0C86	0_2_00AC0C86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DCCA7	0_2_009DCCA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8AC92	0_2_00A8AC92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9CCE8	0_2_00A9CCE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F8CDC	0_2_009F8CDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABACE3	0_2_00ABACE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A90CE2	0_2_00A90CE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD2CE6	0_2_00AD2CE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BECC5	0_2_009BECC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA2CCD	0_2_00AA2CCD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2CCD3	0_2_00A2CCD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A70CD5	0_2_00A70CD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099ECE5	0_2_0099ECE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00996C18	0_2_00996C18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E2C1A	0_2_009E2C1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B8C28	0_2_009B8C28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C6C5F	0_2_009C6C5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A80C6D	0_2_00A80C6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A2C5D	0_2_009A2C5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B0C55	0_2_009B0C55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A8C46	0_2_009A8C46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9AC4B	0_2_00A9AC4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EEC6F	0_2_009EEC6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5CC57	0_2_00A5CC57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAEDA2	0_2_00AAEDA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A22DA8	0_2_00A22DA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACCD8F	0_2_00ACCD8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A74D83	0_2_00A74D83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC6D8B	0_2_00AC6D8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A28D93	0_2_00A28D93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1CD92	0_2_00A1CD92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3ED97	0_2_00A3ED97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A26DE1	0_2_00A26DE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A20DE6	0_2_00A20DE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A16DF2	0_2_00A16DF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A06DFD	0_2_00A06DFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB0DC0	0_2_00AB0DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FEDF1	0_2_009FEDF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A4DF5	0_2_009A4DF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00998DEB	0_2_00998DEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AECDDC	0_2_00AECDDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F0DE9	0_2_009F0DE9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6ADDD	0_2_00A6ADDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA6D2A	0_2_00AA6D2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8D2C	0_2_00AC8D2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8D29	0_2_00AB8D29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AACD20	0_2_00AACD20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DED11	0_2_009DED11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32D31	0_2_00A32D31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A14D3C	0_2_00A14D3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A08D0D	0_2_00A08D0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AED23	0_2_009AED23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A30D60	0_2_00A30D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2D78	0_2_00AB2D78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A36D7D	0_2_00A36D7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA4D4C	0_2_00AA4D4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A46D43	0_2_00A46D43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A84D59	0_2_00A84D59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E8D63	0_2_009E8D63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CCE9D	0_2_009CCE9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E0E85	0_2_009E0E85
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D8EAC	0_2_009D8EAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6EE9C	0_2_00A6EE9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6CE9B	0_2_00A6CE9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A00E9E	0_2_00A00E9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADCEF5	0_2_00ADCEF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CAEC1	0_2_009CAEC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8AEC9	0_2_00A8AEC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C8EFA	0_2_009C8EFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD6ED6	0_2_00AD6ED6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D2E19	0_2_009D2E19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A72E2B	0_2_00A72E2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B2E16	0_2_009B2E16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009F4E11	0_2_009F4E11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A48E36	0_2_00A48E36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD4E34	0_2_00AD4E34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A58E3F	0_2_00A58E3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BCE3E	0_2_009BCE3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9EE1D	0_2_00A9EE1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A64E13	0_2_00A64E13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A66E5A	0_2_00A66E5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18FBE	0_2_00A18FBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A86FB7	0_2_00A86FB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB4F88	0_2_00AB4F88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8CF99	0_2_00A8CF99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A02F9F	0_2_00A02F9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A56FE5	0_2_00A56FE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABEFE9	0_2_00ABEFE9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5EFEB	0_2_00A5EFEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009CEFC2	0_2_009CEFC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB6FF4	0_2_00AB6FF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0FCE	0_2_00AA0FCE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92FC4	0_2_00A92FC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABCFC4	0_2_00ABCFC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D0F19	0_2_009D0F19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A34F27	0_2_00A34F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A14F2A	0_2_00A14F2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A50F07	0_2_00A50F07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96F0E	0_2_00A96F0E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AAF2D	0_2_009AAF2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7CF1D	0_2_00A7CF1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA8F69	0_2_00AA8F69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A98F70	0_2_00A98F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0AF41	0_2_00A0AF41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D4F76	0_2_009D4F76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1CF4D	0_2_00A1CF4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A04F50	0_2_00A04F50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5AF59	0_2_00A5AF59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8F51	0_2_00AD8F51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7F0A6	0_2_00A7F0A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9D0AD	0_2_00A9D0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A750AF	0_2_00A750AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3B0B0	0_2_00A3B0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1F0B8	0_2_00A1F0B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD1085	0_2_00AD1085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3908F	0_2_00A3908F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF083	0_2_00ADF083
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BF0A6	0_2_009BF0A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FD0A1	0_2_009FD0A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009FB0A0	0_2_009FB0A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A830E2	0_2_00A830E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6B0F2	0_2_00A6B0F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C50F0	0_2_009C50F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A090D1	0_2_00A090D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009EF016	0_2_009EF016
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099D013	0_2_0099D013
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E300F	0_2_009E300F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1300A	0_2_00A1300A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4D00F	0_2_00A4D00F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4B011	0_2_00A4B011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC7014	0_2_00AC7014
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADB068	0_2_00ADB068
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7B043	0_2_00A7B043
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD3042	0_2_00AD3042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009AF191	0_2_009AF191
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BB195	0_2_009BB195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1B1B4	0_2_00A1B1B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D3188	0_2_009D3188
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A071BD	0_2_00A071BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2F186	0_2_00A2F186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC9180	0_2_00AC9180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0F195	0_2_00A0F195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A91194	0_2_00A91194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D71A2	0_2_009D71A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD51ED	0_2_00AD51ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC71ED	0_2_00AC71ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A691EC	0_2_00A691EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009DD1C9	0_2_009DD1C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A451F2	0_2_00A451F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3F1FD	0_2_00A3F1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA31C9	0_2_00AA31C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF1D9	0_2_00ADF1D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD11D7	0_2_00AD11D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A611D9	0_2_00A611D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACB12E	0_2_00ACB12E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9B123	0_2_00A9B123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F122	0_2_00A9F122
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA713B	0_2_00AA713B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0099B10F	0_2_0099B10F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A37106	0_2_00A37106
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E7137	0_2_009E7137
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009E912F	0_2_009E912F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5F161	0_2_00A5F161
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADD17B	0_2_00ADD17B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009C7145	0_2_009C7145
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A33140	0_2_00A33140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6D14A	0_2_00A6D14A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009A916F	0_2_009A916F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC5153	0_2_00AC5153
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009B9299	0_2_009B9299
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A852A6	0_2_00A852A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009BD28A	0_2_009BD28A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD92B8	0_2_00AD92B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009ED289	0_2_009ED289

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00B546CE appears 35 times

Source: file.exe, 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.1867661924.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: wnpxidru ZLIB complexity 0.9950356088033536

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 1704448 > 1048576

Source: file.exe

Static PE information: Raw size of wnpxidru is bigger than: 0x100000 < 0x19a000

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.980000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wnpxidru:EW;ugnddmqc:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1a629f should be: 0x1aa165

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: wnpxidru
Source: file.exe	Static PE information: section name: ugnddmqc
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098E5CC push esi; mov dword ptr [esp], ecx	0_2_0098E5CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098E5CC push 586F5019h; mov dword ptr [esp], ecx	0_2_0098F24C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098E5CC push 1AE95282h; mov dword ptr [esp], esi	0_2_0098F6B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00990C37 push ecx; mov dword ptr [esp], 3867F642h	0_2_00990C49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00990C37 push ebx; mov dword ptr [esp], edi	0_2_00990C5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9 push 558CD86Fh; mov dword ptr [esp], ecx	0_2_00A6C54F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9 push 2D2E5F89h; mov dword ptr [esp], ecx	0_2_00A6C58C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9 push ecx; mov dword ptr [esp], 3FEA4AA9h	0_2_00A6C6C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9 push 1F49695Dh; mov dword ptr [esp], edi	0_2_00A6C707
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9 push edx; mov dword ptr [esp], ebx	0_2_00A6C751
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9 push esi; mov dword ptr [esp], edx	0_2_00A6C7A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9 push 1EAB3466h; mov dword ptr [esp], edx	0_2_00A6C7B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6C0E9 push eax; mov dword ptr [esp], esi	0_2_00A6C808
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B60030 push 6B9476E0h; mov dword ptr [esp], ebp	0_2_00B6004B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0098C045 push ebx; mov dword ptr [esp], 41FC599Ch	0_2_0098C053
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push ebp; mov dword ptr [esp], 1F770500h	0_2_00AF421E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push ecx; mov dword ptr [esp], 11254AFCh	0_2_00AF42F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push 7B7A5DE2h; mov dword ptr [esp], edi	0_2_00AF4321
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push 14EF695Ah; mov dword ptr [esp], eax	0_2_00AF4443
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push edx; mov dword ptr [esp], 52479393h	0_2_00AF44C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push esi; mov dword ptr [esp], eax	0_2_00AF451A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push 2C55830Fh; mov dword ptr [esp], edi	0_2_00AF4537
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push ebx; mov dword ptr [esp], eax	0_2_00AF45D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push ebp; mov dword ptr [esp], ecx	0_2_00AF4614
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push ebx; mov dword ptr [esp], eax	0_2_00AF4622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push eax; mov dword ptr [esp], 7426D07Bh	0_2_00AF4705
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push 1FC3C07Dh; mov dword ptr [esp], ecx	0_2_00AF4762
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push 01F62F8Eh; mov dword ptr [esp], ecx	0_2_00AF4831
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push edx; mov dword ptr [esp], ebx	0_2_00AF4867
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push eax; mov dword ptr [esp], 586E1B40h	0_2_00AF4919
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF41FE push esi; mov dword ptr [esp], 0D31287Eh	0_2_00AF4994

Source: file.exe	Static PE information: section name: entropy: 7.807345230582023
Source: file.exe	Static PE information: section name: wnpxidru entropy: 7.953866841930244

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E409 second address: 98E413 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD9B5237076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E413 second address: 98E417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98E417 second address: 98DC6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD9B523707Eh 0x0000000e nop 0x0000000f jng 00007FD9B523707Ch 0x00000015 push dword ptr [ebp+122D016Dh] 0x0000001b sub dword ptr [ebp+122D1FBAh], ebx 0x00000021 jmp 00007FD9B5237089h 0x00000026 call dword ptr [ebp+122D17E8h] 0x0000002c pushad 0x0000002d mov dword ptr [ebp+122D17C1h], ebx 0x00000033 xor eax, eax 0x00000035 pushad 0x00000036 mov edx, dword ptr [ebp+122D2DACh] 0x0000003c popad 0x0000003d mov dword ptr [ebp+122D17C1h], edx 0x00000043 mov edx, dword ptr [esp+28h] 0x00000047 jmp 00007FD9B523707Ah 0x0000004c mov dword ptr [ebp+122D17C1h], ebx 0x00000052 mov dword ptr [ebp+122D2D0Ch], eax 0x00000058 pushad 0x00000059 and ecx, 50A82D14h 0x0000005f mov eax, dword ptr [ebp+122D2CF8h] 0x00000065 popad 0x00000066 mov esi, 0000003Ch 0x0000006b add dword ptr [ebp+122D17C1h], edx 0x00000071 add esi, dword ptr [esp+24h] 0x00000075 mov dword ptr [ebp+122D17C1h], ecx 0x0000007b lodsw 0x0000007d sub dword ptr [ebp+122D17C1h], ebx 0x00000083 mov dword ptr [ebp+122D17C1h], ecx 0x00000089 add eax, dword ptr [esp+24h] 0x0000008d cld 0x0000008e mov ebx, dword ptr [esp+24h] 0x00000092 jmp 00007FD9B5237082h 0x00000097 nop 0x00000098 push ebx 0x00000099 push eax 0x0000009a push edx 0x0000009b push eax 0x0000009c push edx 0x0000009d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98DC6A second address: 98DC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98DC6E second address: 98DC72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA30A second address: AFA318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA318 second address: AFA31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA61E second address: AFA62A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD9B4D7BAD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFA8D3 second address: AFA8DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFAA51 second address: AFAA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B4D7BADCh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFAA64 second address: AFAA6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFAA6C second address: AFAA73 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFAA73 second address: AFAA91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007FD9B5237086h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFAA91 second address: AFAA97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD7C5 second address: 98DC6A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 5E94ABDEh 0x0000000f push dword ptr [ebp+122D016Dh] 0x00000015 adc si, 70A7h 0x0000001a call dword ptr [ebp+122D17E8h] 0x00000020 pushad 0x00000021 mov dword ptr [ebp+122D17C1h], ebx 0x00000027 xor eax, eax 0x00000029 pushad 0x0000002a mov edx, dword ptr [ebp+122D2DACh] 0x00000030 popad 0x00000031 mov dword ptr [ebp+122D17C1h], edx 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b jmp 00007FD9B523707Ah 0x00000040 mov dword ptr [ebp+122D17C1h], ebx 0x00000046 mov dword ptr [ebp+122D2D0Ch], eax 0x0000004c pushad 0x0000004d and ecx, 50A82D14h 0x00000053 mov eax, dword ptr [ebp+122D2CF8h] 0x00000059 popad 0x0000005a mov esi, 0000003Ch 0x0000005f add dword ptr [ebp+122D17C1h], edx 0x00000065 add esi, dword ptr [esp+24h] 0x00000069 mov dword ptr [ebp+122D17C1h], ecx 0x0000006f lodsw 0x00000071 sub dword ptr [ebp+122D17C1h], ebx 0x00000077 mov dword ptr [ebp+122D17C1h], ecx 0x0000007d add eax, dword ptr [esp+24h] 0x00000081 cld 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 jmp 00007FD9B5237082h 0x0000008b nop 0x0000008c push ebx 0x0000008d push eax 0x0000008e push edx 0x0000008f push eax 0x00000090 push edx 0x00000091 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD885 second address: AFD8A6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9B4D7BAE6h 0x00000008 jmp 00007FD9B4D7BAE0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD8A6 second address: AFD8CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237085h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD8CE second address: AFD927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FD9B4D7BADCh 0x0000000c popad 0x0000000d pop eax 0x0000000e jmp 00007FD9B4D7BAE4h 0x00000013 push 00000003h 0x00000015 mov edi, ebx 0x00000017 push 00000000h 0x00000019 sub dword ptr [ebp+122D1F47h], ecx 0x0000001f mov di, cx 0x00000022 push 00000003h 0x00000024 mov dword ptr [ebp+122D1F93h], edi 0x0000002a call 00007FD9B4D7BAD9h 0x0000002f pushad 0x00000030 pushad 0x00000031 jmp 00007FD9B4D7BADCh 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD927 second address: AFD944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B5237086h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD944 second address: AFD96B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnl 00007FD9B4D7BADAh 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jns 00007FD9B4D7BADAh 0x0000001c push esi 0x0000001d push edx 0x0000001e pop edx 0x0000001f pop esi 0x00000020 mov eax, dword ptr [eax] 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD96B second address: AFD97A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD97A second address: AFD9BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD9B4D7BADAh 0x0000000d popad 0x0000000e popad 0x0000000f pop eax 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FD9B4D7BAD8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a lea ebx, dword ptr [ebp+1244370Dh] 0x00000030 push eax 0x00000031 pushad 0x00000032 jo 00007FD9B4D7BADCh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD9BB second address: AFD9C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007FD9B5237076h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFD9C7 second address: AFD9CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFDB09 second address: AFDB1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 js 00007FD9B5237084h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFDBCE second address: AFDBD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFDBD2 second address: AFDBD8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFDBD8 second address: AFDC38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9B4D7BADCh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FD9B4D7BAD8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 mov cx, 13DEh 0x00000034 add dh, FFFFFFECh 0x00000037 push 6E54B004h 0x0000003c push edx 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFDC38 second address: AFDCFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD9B5237076h 0x0000000a popad 0x0000000b pop edx 0x0000000c xor dword ptr [esp], 6E54B084h 0x00000013 clc 0x00000014 push 00000003h 0x00000016 mov ecx, 0FD58129h 0x0000001b cmc 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007FD9B5237078h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 mov esi, dword ptr [ebp+122D2A80h] 0x0000003e push 00000003h 0x00000040 call 00007FD9B5237088h 0x00000045 sbb si, 5208h 0x0000004a pop ecx 0x0000004b push 9812C7B9h 0x00000050 jne 00007FD9B52370A0h 0x00000056 xor dword ptr [esp], 5812C7B9h 0x0000005d pushad 0x0000005e or edx, dword ptr [ebp+122D2CA4h] 0x00000064 mov si, bx 0x00000067 popad 0x00000068 mov si, cx 0x0000006b lea ebx, dword ptr [ebp+12443721h] 0x00000071 sub edi, 57FC91E9h 0x00000077 xchg eax, ebx 0x00000078 push edx 0x00000079 pushad 0x0000007a push edi 0x0000007b pop edi 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFDCFE second address: AFDD13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jbe 00007FD9B4D7BAD6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D5BE second address: B1D5CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FD9B523707Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1B4C5 second address: B1B4C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BC0C second address: B1BC10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BC10 second address: B1BC16 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BC16 second address: B1BC1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BC1C second address: B1BC22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BC22 second address: B1BC26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BC26 second address: B1BC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007FD9B4D7BAD6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BD8B second address: B1BD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BEFA second address: B1BF00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BF00 second address: B1BF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1BF06 second address: B1BF12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FD9B4D7BAD6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C03A second address: B1C03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C34F second address: B1C377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD9B4D7BADCh 0x0000000b popad 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD9B4D7BAE0h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C377 second address: B1C38B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237080h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C38B second address: B1C395 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD9B4D7BADEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1C395 second address: B1C39E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B10BCC second address: B10BD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B10BD2 second address: B10BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CC86 second address: B1CC97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FD9B4D7BAD8h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CC97 second address: B1CCA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD9B5237076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CDDD second address: B1CE09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD9B4D7BAD6h 0x0000000a je 00007FD9B4D7BAD6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007FD9B4D7BAD6h 0x00000019 jmp 00007FD9B4D7BAE3h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CE09 second address: B1CE21 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD9B5237076h 0x00000008 jmp 00007FD9B523707Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1CE21 second address: B1CE25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D0FF second address: B1D105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D105 second address: B1D139 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jp 00007FD9B4D7BAD6h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e jmp 00007FD9B4D7BADFh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jmp 00007FD9B4D7BADFh 0x0000001b pushad 0x0000001c push esi 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1D139 second address: B1D152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD9B523707Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B21FF6 second address: B21FFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF1A0F second address: AF1A29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237086h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF1A29 second address: AF1A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF1A39 second address: AF1A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF1A3D second address: AF1A41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23F50 second address: B23F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23F55 second address: B23F74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007FD9B4D7BAE8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23F74 second address: B23F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B23F78 second address: B23F7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28E0B second address: B28E13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B281BE second address: B28219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE2h 0x00000009 jmp 00007FD9B4D7BAE5h 0x0000000e popad 0x0000000f ja 00007FD9B4D7BADAh 0x00000015 jp 00007FD9B4D7BAE4h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FD9B4D7BADEh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28219 second address: B2822D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B523707Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2822D second address: B28231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B283BD second address: B283C4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2854F second address: B28554 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28554 second address: B2855C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2855C second address: B28562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28ACD second address: B28AF3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD9B5237086h 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28AF3 second address: B28AFB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B28C53 second address: B28C6F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD9B5237082h 0x00000008 js 00007FD9B523707Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2A20E second address: B2A235 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BADCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 1AD526B4h 0x00000010 mov esi, dword ptr [ebp+122D2D3Ch] 0x00000016 push 73E20F29h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2A235 second address: B2A240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD9B5237076h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2A5F8 second address: B2A616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD9B4D7BAE4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2A616 second address: B2A61A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2A61A second address: B2A620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2AEC6 second address: B2AECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2AECA second address: B2AED0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2AED0 second address: B2AF20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD9B5237081h 0x0000000e xchg eax, ebx 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FD9B5237078h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D2EE4h], esi 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 push ebx 0x00000033 jmp 00007FD9B523707Ah 0x00000038 pop ebx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2B1A1 second address: B2B1B2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD9B4D7BAD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2B1B2 second address: B2B1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2B493 second address: B2B4E4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD9B4D7BAE4h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FD9B4D7BAD8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 add dword ptr [ebp+122D24BEh], ecx 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FD9B4D7BADDh 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2B4E4 second address: B2B4EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2D3B1 second address: B2D3BB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD9B4D7BAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DB63 second address: B2DB67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2DB67 second address: B2DB7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B4D7BAE0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2E754 second address: B2E75B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B30BD0 second address: B30BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B30BDE second address: B30BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5DB0 second address: AE5DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5DB6 second address: AE5DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3098B second address: B3099D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b jno 00007FD9B4D7BAD6h 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B35717 second address: B3571E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3670A second address: B3670E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B376C6 second address: B376DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B5237082h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B376DD second address: B3774B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FD9B4D7BAD6h 0x00000009 jno 00007FD9B4D7BAD6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 je 00007FD9B4D7BADAh 0x00000019 push edi 0x0000001a pushad 0x0000001b popad 0x0000001c pop edi 0x0000001d nop 0x0000001e pushad 0x0000001f mov dword ptr [ebp+122D3134h], esi 0x00000025 mov eax, dword ptr [ebp+122DB717h] 0x0000002b popad 0x0000002c push 00000000h 0x0000002e sub dword ptr [ebp+122D17EFh], eax 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007FD9B4D7BAD8h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 mov bx, E657h 0x00000054 xchg eax, esi 0x00000055 js 00007FD9B4D7BADEh 0x0000005b jl 00007FD9B4D7BAD8h 0x00000061 push edx 0x00000062 pop edx 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3774B second address: B3774F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3774F second address: B37755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B37755 second address: B3775A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3775A second address: B37760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B358EB second address: B358F0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B358F0 second address: B358FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B387FA second address: B38800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36915 second address: B36919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B36919 second address: B36923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3B820 second address: B3B82A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD9B4D7BADCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3AB30 second address: B3AB34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3C917 second address: B3C91C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D79E second address: B3D7B4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD9B5237078h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jng 00007FD9B5237080h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3CA73 second address: B3CA91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE9h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3CA91 second address: B3CA96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3CB4A second address: B3CB4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3F812 second address: B3F81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3FDD2 second address: B3FDF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 clc 0x0000000a push 00000000h 0x0000000c or dword ptr [ebp+122D2E6Ch], edx 0x00000012 sub dword ptr [ebp+122D1800h], ebx 0x00000018 push 00000000h 0x0000001a mov dword ptr [ebp+12448011h], edx 0x00000020 xchg eax, esi 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3FDF8 second address: B3FE18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3FE18 second address: B3FE26 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3FE26 second address: B3FE2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40E42 second address: B40E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B4D7BAE6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B40E5C second address: B40E60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3D9BC second address: B3D9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3FF1D second address: B3FF64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD9B5237083h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FD9B5237089h 0x00000015 jmp 00007FD9B523707Fh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B42F03 second address: B42F08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43EA1 second address: B43EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43EA8 second address: B43EAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B43EAE second address: B43EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B431CC second address: B431D1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45012 second address: B4502B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9B523707Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B44134 second address: B441D7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD9B4D7BAD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FD9B4D7BAD8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 jno 00007FD9B4D7BAD9h 0x0000002f sub dword ptr [ebp+122D24A7h], edi 0x00000035 push dword ptr fs:[00000000h] 0x0000003c or bl, 00000045h 0x0000003f mov dword ptr fs:[00000000h], esp 0x00000046 movzx edi, si 0x00000049 mov ebx, 32B9254Dh 0x0000004e mov eax, dword ptr [ebp+122D1331h] 0x00000054 call 00007FD9B4D7BAE3h 0x00000059 mov bl, al 0x0000005b pop edi 0x0000005c push FFFFFFFFh 0x0000005e mov ebx, dword ptr [ebp+122DB736h] 0x00000064 nop 0x00000065 pushad 0x00000066 push eax 0x00000067 pushad 0x00000068 popad 0x00000069 pop eax 0x0000006a push ebx 0x0000006b jmp 00007FD9B4D7BAE3h 0x00000070 pop ebx 0x00000071 popad 0x00000072 push eax 0x00000073 push edi 0x00000074 push eax 0x00000075 push edx 0x00000076 jc 00007FD9B4D7BAD6h 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B4502B second address: B45096 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push edi 0x00000009 jnp 00007FD9B5237077h 0x0000000f pop ebx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007FD9B5237078h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c adc bx, D6FAh 0x00000031 jmp 00007FD9B5237088h 0x00000036 xor dword ptr [ebp+122D2443h], ebx 0x0000003c push 00000000h 0x0000003e pushad 0x0000003f mov eax, 516EC800h 0x00000044 or eax, dword ptr [ebp+122D2E97h] 0x0000004a popad 0x0000004b xchg eax, esi 0x0000004c push eax 0x0000004d push edx 0x0000004e push ecx 0x0000004f push eax 0x00000050 pop eax 0x00000051 pop ecx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45096 second address: B450BC instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD9B4D7BADCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD9B4D7BAE3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B46097 second address: B4609C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45252 second address: B45272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B4D7BAE9h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B45313 second address: B4531A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B49963 second address: B49967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51C1F second address: B51C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51C25 second address: B51C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B4D7BAE7h 0x00000009 jp 00007FD9B4D7BAD6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51C46 second address: B51C50 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD9B5237076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51C50 second address: B51C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FD9B4D7BAE2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jng 00007FD9B4D7BAF1h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51C73 second address: B51C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B5237085h 0x00000009 jnp 00007FD9B5237078h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51C98 second address: B51C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51C9C second address: B51CAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B523707Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51324 second address: B51328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51328 second address: B5132E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5132E second address: B51333 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51333 second address: B5134F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD9B5237081h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51621 second address: B51625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51625 second address: B51629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B51629 second address: B51634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B517B3 second address: B517B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B517B7 second address: B517BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B5326D second address: B53280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FD9B5237078h 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B53280 second address: B53284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62DBC second address: B62E12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B523707Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e jnc 00007FD9B523708Fh 0x00000014 pop esi 0x00000015 mov eax, dword ptr [eax] 0x00000017 push ebx 0x00000018 push edx 0x00000019 jl 00007FD9B5237076h 0x0000001f pop edx 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 jnl 00007FD9B5237084h 0x0000002b push eax 0x0000002c push edx 0x0000002d jg 00007FD9B5237076h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62ED6 second address: B62EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FD9B4D7BAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62EE0 second address: B62EEE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62EEE second address: B62EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62EF2 second address: B62EFF instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD9B5237076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62EFF second address: B62F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9B4D7BAE9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62F24 second address: B62F46 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD9B5237078h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push ebx 0x0000000f push edi 0x00000010 jns 00007FD9B5237076h 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B62F46 second address: B62F4C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B63020 second address: 98DC6A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD9B523707Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e js 00007FD9B5237080h 0x00000014 jmp 00007FD9B523707Ah 0x00000019 pop eax 0x0000001a stc 0x0000001b push dword ptr [ebp+122D016Dh] 0x00000021 pushad 0x00000022 adc edi, 0091DD99h 0x00000028 popad 0x00000029 call dword ptr [ebp+122D17E8h] 0x0000002f pushad 0x00000030 mov dword ptr [ebp+122D17C1h], ebx 0x00000036 xor eax, eax 0x00000038 pushad 0x00000039 mov edx, dword ptr [ebp+122D2DACh] 0x0000003f popad 0x00000040 mov dword ptr [ebp+122D17C1h], edx 0x00000046 mov edx, dword ptr [esp+28h] 0x0000004a jmp 00007FD9B523707Ah 0x0000004f mov dword ptr [ebp+122D17C1h], ebx 0x00000055 mov dword ptr [ebp+122D2D0Ch], eax 0x0000005b pushad 0x0000005c and ecx, 50A82D14h 0x00000062 mov eax, dword ptr [ebp+122D2CF8h] 0x00000068 popad 0x00000069 mov esi, 0000003Ch 0x0000006e add dword ptr [ebp+122D17C1h], edx 0x00000074 add esi, dword ptr [esp+24h] 0x00000078 mov dword ptr [ebp+122D17C1h], ecx 0x0000007e lodsw 0x00000080 sub dword ptr [ebp+122D17C1h], ebx 0x00000086 mov dword ptr [ebp+122D17C1h], ecx 0x0000008c add eax, dword ptr [esp+24h] 0x00000090 cld 0x00000091 mov ebx, dword ptr [esp+24h] 0x00000095 jmp 00007FD9B5237082h 0x0000009a nop 0x0000009b push ebx 0x0000009c push eax 0x0000009d push edx 0x0000009e push eax 0x0000009f push edx 0x000000a0 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67F9C second address: B67FA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD9B4D7BAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67FA6 second address: B67FAF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B66BB9 second address: B66BC6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD9B4D7BAD8h 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67148 second address: B6714E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6746A second address: B67488 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FD9B4D7BADCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67488 second address: B6748C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67606 second address: B6760C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6760C second address: B67610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67610 second address: B67626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD9B4D7BADCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67626 second address: B6762A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6762A second address: B67642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67642 second address: B67649 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67649 second address: B67668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007FD9B4D7BAE7h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67668 second address: B6766E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B677C5 second address: B677CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B677CB second address: B677CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B677CF second address: B677F2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FD9B4D7BAEDh 0x0000000c jmp 00007FD9B4D7BAE5h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B677F2 second address: B677FC instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD9B5237093h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67C5B second address: B67C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B4D7BAE9h 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B67C7D second address: B67C97 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD9B5237081h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B31CBD second address: B10BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD9B4D7BAD6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007FD9B4D7BAE7h 0x00000013 popad 0x00000014 popad 0x00000015 mov dword ptr [esp], eax 0x00000018 pushad 0x00000019 mov eax, dword ptr [ebp+122D2E88h] 0x0000001f popad 0x00000020 lea eax, dword ptr [ebp+12477A46h] 0x00000026 call 00007FD9B4D7BAE3h 0x0000002b add edi, dword ptr [ebp+122D2D64h] 0x00000031 pop edi 0x00000032 push eax 0x00000033 jmp 00007FD9B4D7BAE4h 0x00000038 mov dword ptr [esp], eax 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007FD9B4D7BAD8h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 00000016h 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 xor edi, 1907E897h 0x0000005b call dword ptr [ebp+1243FFF8h] 0x00000061 push eax 0x00000062 push edx 0x00000063 jp 00007FD9B4D7BAE3h 0x00000069 jmp 00007FD9B4D7BADDh 0x0000006e push ecx 0x0000006f jmp 00007FD9B4D7BAE5h 0x00000074 pop ecx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3225B second address: B32261 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B32261 second address: B32265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B32311 second address: B3232C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B5237087h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3232C second address: B32343 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD9B4D7BAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007FD9B4D7BADCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B32343 second address: B32347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3244B second address: B3244F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B32508 second address: B32512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FD9B5237076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B32F32 second address: B32F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B32F36 second address: B32F48 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jbe 00007FD9B5237084h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C45E second address: B6C468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD9B4D7BAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C468 second address: B6C472 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD9B5237076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C472 second address: B6C478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C5D0 second address: B6C5D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C5D6 second address: B6C628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jg 00007FD9B4D7BAD6h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e ja 00007FD9B4D7BAD6h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jnp 00007FD9B4D7BAF2h 0x0000001d jmp 00007FD9B4D7BAE6h 0x00000022 jp 00007FD9B4D7BAD6h 0x00000028 jmp 00007FD9B4D7BAE9h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6C628 second address: B6C62D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6CA3E second address: B6CA66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE0h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007FD9B4D7BAE1h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B6CBDF second address: B6CBF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FD9B5237084h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7174B second address: B7174F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE5DA0 second address: AE5DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 je 00007FD9B523707Ah 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71186 second address: B711BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD9B4D7BAE9h 0x0000000d ja 00007FD9B4D7BAD6h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007FD9B4D7BAD6h 0x0000001c ja 00007FD9B4D7BAD6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B71EC9 second address: B71ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7219C second address: B721C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FD9B4D7BAE1h 0x0000000b popad 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD9B4D7BAE0h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B721C7 second address: B721CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B721CD second address: B721D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD9B4D7BAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75CAF second address: B75CCA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD9B5237085h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B75CCA second address: B75CE7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jno 00007FD9B4D7BADCh 0x0000000f jo 00007FD9B4D7BADEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7A108 second address: B7A10C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7AA96 second address: B7AAA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7AD2F second address: B7AD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7F2D7 second address: B7F2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7F2DB second address: B7F2E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7F2E1 second address: B7F2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7F2E7 second address: B7F2F1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD9B523707Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7F2F1 second address: B7F329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FD9B4D7BAE8h 0x00000013 jl 00007FD9B4D7BAD6h 0x00000019 jmp 00007FD9B4D7BADCh 0x0000001e jnl 00007FD9B4D7BAD8h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7F329 second address: B7F331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7F331 second address: B7F335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8186E second address: B81890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 jmp 00007FD9B5237085h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B81890 second address: B818A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE0h 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B81562 second address: B81586 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FD9B5237085h 0x0000000c jmp 00007FD9B523707Dh 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push edi 0x00000018 pop edi 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B84109 second address: B84116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jl 00007FD9B4D7BADCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B84116 second address: B84120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B84276 second address: B8427A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8427A second address: B84290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237082h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B843BE second address: B843ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BADFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9B4D7BAE2h 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B843ED second address: B843F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B89452 second address: B89465 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BADFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88794 second address: B8879A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8879A second address: B887A5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B887A5 second address: B887B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD9B5237076h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B887B0 second address: B887B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B887B5 second address: B887BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B887BB second address: B887CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007FD9B4D7BAD6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88946 second address: B8894A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88C29 second address: B88C33 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD9B4D7BAE7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88C33 second address: B88C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B523707Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88C48 second address: B88C50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B88C50 second address: B88C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE3B7 second address: AEE3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD9B4D7BADDh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE3CD second address: AEE3EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FD9B5237085h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEE3EB second address: AEE3F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E9B6 second address: B8E9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FD9B5237087h 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD9B5237081h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8E9EE second address: B8E9F3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8EB8A second address: B8EBA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FD9B5237080h 0x0000000a jo 00007FD9B5237084h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8EBA8 second address: B8EBAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B3293C second address: B32953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FD9B523707Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B32953 second address: B329F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD9B4D7BAE0h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov di, cx 0x00000011 mov ebx, dword ptr [ebp+12477A85h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FD9B4D7BAD8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 xor edx, dword ptr [ebp+122D3844h] 0x00000037 add eax, ebx 0x00000039 mov dl, FEh 0x0000003b push eax 0x0000003c jmp 00007FD9B4D7BAE0h 0x00000041 mov dword ptr [esp], eax 0x00000044 mov dword ptr [ebp+1243D7D4h], ebx 0x0000004a call 00007FD9B4D7BAE6h 0x0000004f mov dl, DCh 0x00000051 pop edi 0x00000052 push 00000004h 0x00000054 jmp 00007FD9B4D7BAE3h 0x00000059 xor dword ptr [ebp+122D3683h], eax 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 push edx 0x00000066 pop edx 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8ECF5 second address: B8ED10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FD9B5237076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FD9B523707Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8EE72 second address: B8EE77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8F8CB second address: B8F8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92B5D second address: B92B68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FD9B4D7BAD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92B68 second address: B92B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD9B5237076h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jns 00007FD9B5237086h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92B9A second address: B92BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92BA0 second address: B92BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92BA4 second address: B92BC0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FD9B4D7BAE2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92818 second address: B92838 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FD9B5237082h 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007FD9B5237076h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B92838 second address: B9283C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9283C second address: B92842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B97EF8 second address: B97EFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B98090 second address: B98094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B981BF second address: B981C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B981C3 second address: B981F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD9B5237076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD9B523707Bh 0x00000016 jmp 00007FD9B5237087h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B981F6 second address: B98207 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD9B4D7BADBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B987A0 second address: B987AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B987AB second address: B987B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B987B1 second address: B987B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B98A6C second address: B98A70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B98A70 second address: B98A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FD9B5237085h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B98A90 second address: B98A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B98DA7 second address: B98DB3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD9B5237076h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B98DB3 second address: B98DBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B98DBB second address: B98DBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B98DBF second address: B98DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99385 second address: B99389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99654 second address: B99659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99659 second address: B9966C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B523707Dh 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9966C second address: B99670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99CA7 second address: B99CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B523707Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99CB5 second address: B99CBF instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD9B4D7BAD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99CBF second address: B99CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FD9B5237076h 0x0000000e jne 00007FD9B5237076h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B99CD3 second address: B99CD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B9F5F2 second address: B9F60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 je 00007FD9B523708Ch 0x0000000e jo 00007FD9B523707Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA0BCC second address: BA0BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B4D7BADEh 0x00000009 jmp 00007FD9B4D7BADFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA3C96 second address: BA3C9F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA3F47 second address: BA3F64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA3F64 second address: BA3F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA43B5 second address: BA43B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA47F4 second address: BA4802 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FD9B5237076h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4802 second address: BA4806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA4806 second address: BA482A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD9B5237076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jp 00007FD9B5237076h 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 jmp 00007FD9B523707Ch 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BABBA0 second address: BABBA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BABBA4 second address: BABBBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FD9B5237082h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAC193 second address: BAC198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAC340 second address: BAC35F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD9B5237076h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007FD9B5237080h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAC35F second address: BAC38B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD9B4D7BAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007FD9B4D7BADAh 0x00000010 jmp 00007FD9B4D7BAE0h 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BACA1D second address: BACA2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAD38D second address: BAD3A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FD9B4D7BAD6h 0x0000000d jmp 00007FD9B4D7BADCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAF81A second address: BAF821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAF821 second address: BAF826 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAF826 second address: BAF859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007FD9B5237083h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007FD9B523708Eh 0x00000014 pushad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 ja 00007FD9B5237076h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f popad 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB4CAA second address: BB4CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB4E65 second address: BB4E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB4FC2 second address: BB4FC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB4FC6 second address: BB4FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB4FCC second address: BB501A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9B4D7BAF4h 0x00000008 pushad 0x00000009 je 00007FD9B4D7BAD6h 0x0000000f jmp 00007FD9B4D7BAE9h 0x00000014 jno 00007FD9B4D7BAD6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB501A second address: BB502A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jl 00007FD9B523707Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB502A second address: BB505E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jmp 00007FD9B4D7BAE6h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jmp 00007FD9B4D7BAE5h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB505E second address: BB5068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC0FA3 second address: BC0FB0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD9B4D7BAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC0FB0 second address: BC0FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC0FB6 second address: BC0FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE2h 0x00000009 jns 00007FD9B4D7BAD6h 0x0000000f popad 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC0FD8 second address: BC0FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3AC1 second address: BC3AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB62F second address: BCB63A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jc 00007FD9B5237076h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCA23F second address: BCA247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCA247 second address: BCA251 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD9B5237076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCA251 second address: BCA267 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE1h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA90B second address: BDA90F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA90F second address: BDA92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD9B4D7BAE5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA92A second address: BDA94C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B5237088h 0x00000009 jnc 00007FD9B5237076h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA94C second address: BDA963 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA963 second address: BDA977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FD9B5237076h 0x0000000e jne 00007FD9B5237076h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDA977 second address: BDA97B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDAAD9 second address: BDAAFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007FD9B523707Fh 0x0000000e pop edi 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDAAFA second address: BDAB0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB19E second address: BDB1AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB1AD second address: BDB1B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBE2B second address: BDBE44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FD9B5237082h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDE941 second address: BDE945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDE945 second address: BDE949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDEAB2 second address: BDEAB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE1222 second address: BE123F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237081h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE123F second address: BE1245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE29D2 second address: BE29E5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD9B5237076h 0x00000008 jne 00007FD9B5237076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE29E5 second address: BE29EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE29EA second address: BE2A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FD9B5237076h 0x00000009 pushad 0x0000000a popad 0x0000000b jno 00007FD9B5237076h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jg 00007FD9B5237076h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2A08 second address: BE2A0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2A0C second address: BE2A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2A12 second address: BE2A17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2A17 second address: BE2A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD9B5237076h 0x0000000a je 00007FD9B5237076h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007FD9B523707Fh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2A3A second address: BE2A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2881 second address: BE2885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6C67 second address: BF6C6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF6C6B second address: BF6C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01E3E second address: C01E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01FC9 second address: C01FF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237081h 0x00000007 push ecx 0x00000008 jmp 00007FD9B5237082h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01FF9 second address: C01FFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02329 second address: C02338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FD9B5237076h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0246A second address: C0246E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0246E second address: C0248B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD9B5237076h 0x00000008 jmp 00007FD9B5237083h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0248B second address: C02490 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02490 second address: C02496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C028A4 second address: C028D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jns 00007FD9B4D7BAD6h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edi 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0412B second address: C04131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06FE8 second address: C07008 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE0h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007FD9B4D7BAD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0A1DF second address: C0A21B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B523707Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007FD9B523707Eh 0x00000011 popad 0x00000012 pop ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD9B5237082h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0A21B second address: C0A21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0A21F second address: C0A234 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237081h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0A234 second address: C0A243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FD9B4D7BAD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0F309 second address: C0F357 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237081h 0x00000007 jmp 00007FD9B5237083h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007FD9B5237084h 0x00000016 je 00007FD9B5237076h 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0F357 second address: C0F379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007FD9B4D7BADDh 0x0000000d jmp 00007FD9B4D7BADCh 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C11BAD second address: C11BC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B5237081h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C11BC2 second address: C11BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13B88 second address: C13BA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237084h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13BA2 second address: C13BBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BADCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c jne 00007FD9B4D7BAD6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13BBE second address: C13BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C13BC6 second address: C13BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1575D second address: C15763 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15763 second address: C1577F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push edi 0x00000008 push eax 0x00000009 jmp 00007FD9B4D7BAE1h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1577F second address: C15795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B523707Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15795 second address: C15799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0B08D second address: C0B09A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007FD9B5237076h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07154 second address: C07159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07427 second address: C0742B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0742B second address: C07435 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD9B4D7BAD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07435 second address: C07447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07447 second address: C0744E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B2CF62 second address: B2CF81 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9B523707Ch 0x00000008 je 00007FD9B5237076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD9B523707Ch 0x00000018 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 98DCEC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B499B2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B22B57 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BBAF55 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4DF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 6DF0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0098E10B rdtsc

0_2_0098E10B

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

graph_0-12779

Source: C:\Users\user\Desktop\file.exe TID: 7472

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B5BF23 GetSystemInfo,VirtualAlloc,

0_2_00B5BF23

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0098E10B rdtsc

0_2_0098E10B

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0098B91D LdrInitializeThunk,

0_2_0098B91D

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: AProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B5881B GetSystemTime,GetFileTime,

0_2_00B5881B

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\Desktop\file.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\Desktop\file.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Bypass User Account Control	261 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	261 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	24 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532769
Start date and time:	2024-10-13 22:29:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtProtectVirtualMemory calls found.
VT rate limit hit for: file.exe

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.932961471228044
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'704'448 bytes
MD5:	3e3f0fde7c8332ff13596a7427d0489a
SHA1:	944b78c5b35ef8e062b38c3bab40967d7af3ddbe
SHA256:	519d0aa9c6202bd223d96dc7553bd372e1bd3243fdb48c91d1c1d7c55e4e627d
SHA512:	067e8b45005f2ec435889840b876f0dda81fc621ed14e1786b5f611fc6503c1f3f80955003bb3b54ae4040f1916e09171a4255baa19590c3a068b8d651f7caa7
SSDEEP:	24576:mr4witmt3V3E9SfjUNqkuAnVG9IN5j2CRdOCtd4S6ZFmIGS0hETIrWzwHkP/LvAZ:mr4witmt3GWjUN4hIrNUCF62IF/SWf
TLSH:	818533609F419535C91C2E343EB392D8E974FFD2AB6CD80E7B5932049B769808DBE849
File Content Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............C.. ...`....@.. ........................D......b....`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x83c000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:	0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FD9B472892Ah
pavgb mm3, qword ptr [ecx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], cl
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+0Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8055	0x69	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x59c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x81f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x2000	0x4000	0x1200	7a85609eb69d2b92d37343f64da84b4d	False	0.93359375	data	7.807345230582023	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6000	0x59c	0x600	aae15e30898a02f09cc86ed48aa06b09	False	0.4140625	data	4.036947054771808	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x8000	0x2000	0x200	ec9cb51e8cb4ea49a56ee3cf434fb69e	False	0.1484375	data	0.9342685949460681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0xa000	0x296000	0x200	97bce6fa7fd7e7543e5b93eed184aad2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
wnpxidru	0x2a0000	0x19a000	0x19a000	e92442307cea723868ffaa17492d252c	False	0.9950356088033536	data	7.953866841930244	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ugnddmqc	0x43a000	0x2000	0x400	ea48a1e0a57b2959c9408a18930052e0	False	0.759765625	data	5.979801173543557	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x43c000	0x4000	0x2200	7811b4858b5933159dbd48a6724b26f5	False	0.04630055147058824	DOS executable (COM)	0.5309409616411587	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x6090	0x30c	data			0.42948717948717946
RT_MANIFEST	0x63ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
kernel32.dll	lstrcpy

Target ID:	0
Start time:	16:30:01
Start date:	13/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x980000
File size:	1'704'448 bytes
MD5 hash:	3E3F0FDE7C8332FF13596A7427D0489A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	2.6%
Signature Coverage:	4%
Total number of Nodes:	424
Total number of Limit Nodes:	28

Executed Functions

Function 00B5BF23 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,-11945FEC), ref: 00B5BF2F
VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 00B5BF90

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: 0166700e763459fe4b80142af6442380c9e8e1d8a904ea1c756e39c5a24cd5de
Instruction ID: 87ec0f6c6f447d784f1abe3c30f4c570c70811e3745d49e13d3dcab79c598b7c
Opcode Fuzzy Hash: 0166700e763459fe4b80142af6442380c9e8e1d8a904ea1c756e39c5a24cd5de
Instruction Fuzzy Hash: 664124B1D04206AEE725DE508D45F96BBEDFF08781F0401E7B60BDE882EA7095D48BE4

Function 0098B91D Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

!!iH, xrefs: 0098B92E

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: !!iH
API String ID: 0-3430752988
Opcode ID: 65aceacfac6662d7cc63c77dd633ef4ee871032eb9b6d25e64280aaefc2f1036
Instruction ID: e5b66c20e8ca3bd8846244422e3fb46b9a1f7558f9d87eade545a873e1289c4a
Opcode Fuzzy Hash: 65aceacfac6662d7cc63c77dd633ef4ee871032eb9b6d25e64280aaefc2f1036
Instruction Fuzzy Hash: 76D05E721048CA9ADB279F208900799771AEB81704F550514EA019AE4ACB2E5E11C794

Function 00B55DA1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?), ref: 00B55EB2
LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 00B55EC6

Strings

.exe, xrefs: 00B55E0D
1002, xrefs: 00B55E7C
.dll, xrefs: 00B55DE9

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: .dll$.exe$1002
API String ID: 1029625771-847511843
Opcode ID: b8b1a7251439ea828d66dcfb53a669d7ac2eb6a3a49b1e994ba7eed0bef4597d
Instruction ID: 9194e37bc3f3649f0fc74f4cbfd99bc4b472d8eaa80c08e291c2704e175ecc01
Opcode Fuzzy Hash: b8b1a7251439ea828d66dcfb53a669d7ac2eb6a3a49b1e994ba7eed0bef4597d
Instruction Fuzzy Hash: 0031883540060AAFDF25AF10D926BAE7BB5FF08313F1041E9FC05561A1D7719EA8DB61

Function 00B562A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00B56239,?,00000000,00000000), ref: 00B56364
GetModuleHandleA.KERNEL32(00000000,?,?,?,00B56239,?,00000000,00000000), ref: 00B56372

Strings

.dll, xrefs: 00B562DA

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: HandleModule
String ID: .dll
API String ID: 4139908857-2738580789
Opcode ID: dba88c2728f2a74f69061dcdbed08ea39fc6d58de86ed352cd5eebbc187d28f2
Instruction ID: 11260e6e454071a5243a806e9b6735313670c113eb6afc69c73eeea459a89746
Opcode Fuzzy Hash: dba88c2728f2a74f69061dcdbed08ea39fc6d58de86ed352cd5eebbc187d28f2
Instruction Fuzzy Hash: 12115A34105A06EAEF359F18C9087587BF4FB14347F8842E5AC04464E4C7B599ECDA99

Function 00B58C01 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(00F8AD2C,-11945FEC), ref: 00B58C7A
GetFileAttributesA.KERNEL32(00000000,-11945FEC), ref: 00B58C88

Strings

@, xrefs: 00B58C2D

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2726393805
Opcode ID: f271a7b59cac025bc9073cf390d6ace1ff50f25f1cce2b4e462622ed00ff2a69
Instruction ID: 1635850c8b543547a33bfeb2d63e792d04f9241a83d188db0cd59fca113f6540
Opcode Fuzzy Hash: f271a7b59cac025bc9073cf390d6ace1ff50f25f1cce2b4e462622ed00ff2a69
Instruction Fuzzy Hash: 9B016D30106209FADF21AF54DA8979D7EF0EF4534AF1041E5ED0279090CBB0AAD9EB60

Function 00B54C81 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddExtensionA.KERNELBASE(?,00000000), ref: 00B54CE3

Strings

\\?\, xrefs: 00B54D3E

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: ExtensionPath
String ID: \\?\
API String ID: 158807944-4282027825
Opcode ID: f1119617b94c0682cee2daa2403125a611b9c0e87d747e29d99a939c4cc53a58
Instruction ID: 3305871112641e9d11c1d6cbca4cd006d8038c3f37f9e8d73d3f55c036dff833
Opcode Fuzzy Hash: f1119617b94c0682cee2daa2403125a611b9c0e87d747e29d99a939c4cc53a58
Instruction Fuzzy Hash: 9D31A93550024ABFEF21DF94C809B9EBBB5FF4870AF0001E5FE01A54A0D7769AA9DB50

Function 00B56390 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B546CE: GetCurrentThreadId.KERNEL32 ref: 00B546DD
Part of subcall function 00B546CE: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00B54720

GetModuleHandleExA.KERNELBASE(?,?,?), ref: 00B563F4

Strings

.dll, xrefs: 00B563B1

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CurrentHandleModuleSleepThread
String ID: .dll
API String ID: 683542999-2738580789
Opcode ID: 2e4bc318758cb02f9e5a79089b9d7ced871989614bcb24c36e6067841dd2a4dd
Instruction ID: d6d97385417449cee8d586c41fc98a9d21f45ad26599f1af9ab18fda8fed98ad
Opcode Fuzzy Hash: 2e4bc318758cb02f9e5a79089b9d7ced871989614bcb24c36e6067841dd2a4dd
Instruction Fuzzy Hash: 37F06776200205AFDF109F68D985BA93BF4FF0D346F9081E0FE048A152D771CCA89A61

Function 00B5C94F Relevance: 3.1, APIs: 2, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNELBASE(?), ref: 00B5C96B

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: df331123f9734c73d018045bb09c2d0be33437279b6d6d8c63485b1b519b6dca
Instruction ID: 6b5679151b7fc5227788354462bdcca4e72502179cdb3cea9412edcb02b8546c
Opcode Fuzzy Hash: df331123f9734c73d018045bb09c2d0be33437279b6d6d8c63485b1b519b6dca
Instruction Fuzzy Hash: DD41597290030AEFEB26CF14C944BAA7FF2FB04316F1440D5ED02AA596C375AD98DB95

Function 00B58E1D Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00F8AD2C,?,?,-11945FEC,?,?,?,-11945FEC,?), ref: 00B58ECF

Part of subcall function 00B58DCF: IsBadWritePtr.KERNEL32(?,00000004), ref: 00B58DDD

CreateFileA.KERNEL32(?,?,?,-11945FEC,?,?,?,-11945FEC,?), ref: 00B58EEF

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CreateFile$Write
String ID:
API String ID: 1125675974-0
Opcode ID: 69ba788e2463d3cdbd4dd3aa9ec420f0aa86e12bf46d0b657a0630a5ffb32a5f
Instruction ID: 6c0ee0b25b081401c8a87745c3d5d9de125daa4d4b0a9eb82b080d9ecde63bde
Opcode Fuzzy Hash: 69ba788e2463d3cdbd4dd3aa9ec420f0aa86e12bf46d0b657a0630a5ffb32a5f
Instruction Fuzzy Hash: AE11263110414AFFDF22AF90CD0ABAE3EB6BF48346F0441D5BD05344A1CB7689A9EB51

Function 00B58789 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B546CE: GetCurrentThreadId.KERNEL32 ref: 00B546DD
Part of subcall function 00B546CE: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00B54720

GetCurrentProcess.KERNEL32(-11945FEC), ref: 00B58796
DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B587FC

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: Current$DuplicateHandleProcessSleepThread
String ID:
API String ID: 2846201637-0
Opcode ID: 6e59072fef089a693ba925f851ea08e63846b4659b1e17efb032ce186e011977
Instruction ID: aaf0c1f20330378dcd95d4cf8e6393d892bff35afe1bb332f4fe313914564e52
Opcode Fuzzy Hash: 6e59072fef089a693ba925f851ea08e63846b4659b1e17efb032ce186e011977
Instruction Fuzzy Hash: 6301FF3210014AFB8F126FA4DC45E9E3BB5FF9C356B1041D5FD0464010DB36C8A9DB62

Function 00B546CE Relevance: 3.0, APIs: 2, Instructions: 33
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00B546DD
Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00B54720

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CurrentSleepThread
String ID:
API String ID: 1164918020-0
Opcode ID: 8e094723f19372ccb770bee10c74c597968b6453083ef7b97d22e13e9b879099
Instruction ID: 352bed24a37e63bc16a632aa73cd7f153c92a880be244cd88e331b11e1fbd920
Opcode Fuzzy Hash: 8e094723f19372ccb770bee10c74c597968b6453083ef7b97d22e13e9b879099
Instruction Fuzzy Hash: 65F09A7160124AEBDB219F94C888BAEB6F4EB4A71FF2011E9D90182580D7711EC9DA91

Function 00B56E08 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 00B56EBD

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 89bbcca758b591fb5212f065f79079c4167a481a84a9d0dbd17b56bad161200b
Instruction ID: 5989c22f64e225668365b56f556eefcf46e8456c3eac08e471e565c456825a37
Opcode Fuzzy Hash: 89bbcca758b591fb5212f065f79079c4167a481a84a9d0dbd17b56bad161200b
Instruction Fuzzy Hash: C2315D75A00205BEEB209FA5DC45F9EBBF8FB48315F2081E9F904AA191D7719999CB10

Function 00B56624 Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 00B566A6

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e3d09987059a08c5e0da5820e3041e3d1aef3b3de4878c0f24b37199abcbafca
Instruction ID: f8671d2d9132989a47cbf6f8ef78be14a51310c20f126a0cc7592a6c95e2f83d
Opcode Fuzzy Hash: e3d09987059a08c5e0da5820e3041e3d1aef3b3de4878c0f24b37199abcbafca
Instruction Fuzzy Hash: BC31C275640205BEEB209F64DC45F99B7F8EB08729F2042D9FA10AB1D1C7B1A946CB54

Function 00B5C69C Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,?), ref: 00B5C749

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 381542672d89b74579afce692cf3f140e6cab02468ce65bb517ec4f1fdbb7af1
Instruction ID: a39921d63ff3c2db7a72a4095857a37e9640bad8241b0e0a74d1efe03405c8b8
Opcode Fuzzy Hash: 381542672d89b74579afce692cf3f140e6cab02468ce65bb517ec4f1fdbb7af1
Instruction Fuzzy Hash: 481187719013299FEB304514CC48BAA7BFDEF1A752F2040D5ED05B2441DBB4AD888EA5

Function 04D50D43 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04D50DCD

Memory Dump Source

Source File: 00000000.00000002.1869026377.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d50000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 341ec3133bad9f855687282ea16d91d21ce8239c07138e58a599a54cf01e03e1
Instruction ID: 4271b8744541a57ebda5df88e1d180de73b672e9fd6c3e1d9b67bdc334ddc253
Opcode Fuzzy Hash: 341ec3133bad9f855687282ea16d91d21ce8239c07138e58a599a54cf01e03e1
Instruction Fuzzy Hash: 4B2147B6C012089FCB10CF99D885ADEFBF0FB88320F14821AD908AB344D734A545CBA4

Function 04D50D48 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04D50DCD

Memory Dump Source

Source File: 00000000.00000002.1869026377.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d50000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 8393945bb74072d69e17e6bb92ca9bc01aa0106a31c16a683522ec2fcc69dab4
Instruction ID: 5758d8231f8316b97cf997033f27757f528da40dd310f43b269430aa8a934250
Opcode Fuzzy Hash: 8393945bb74072d69e17e6bb92ca9bc01aa0106a31c16a683522ec2fcc69dab4
Instruction Fuzzy Hash: 2E2124B6C012189FCB50DF99D885ADEFBF4FB88320F14861AD908AB355DB34A544CBA5

Function 04D51509 Relevance: 1.6, APIs: 1, Instructions: 56serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04D51580

Memory Dump Source

Source File: 00000000.00000002.1869026377.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d50000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: a9e6325e81977534814ec55d5dd3dc1da289a0ec865addc61b075c372a6ae6d8
Instruction ID: d80e093c96cf0c53cc5f262fa6ad906c633e1e2ddc6a714ded682136d2076f83
Opcode Fuzzy Hash: a9e6325e81977534814ec55d5dd3dc1da289a0ec865addc61b075c372a6ae6d8
Instruction Fuzzy Hash: B92114B5D002499FDB10CF9AC584BDEFBF4FB48320F108029E959A7250D778A644CFA5

Function 04D51510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04D51580

Memory Dump Source

Source File: 00000000.00000002.1869026377.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d50000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 4f3c1e60588de5f5607b777e4196d838080b9485ee15ecf2ac6aa48ff8215026
Instruction ID: 6a341361147b1ba3ba485e215bf094ea9ad57475c7a27f87a4ad1d91e0076933
Opcode Fuzzy Hash: 4f3c1e60588de5f5607b777e4196d838080b9485ee15ecf2ac6aa48ff8215026
Instruction Fuzzy Hash: 5811D3B5D002499FDB10DF9AC984BDEFBF4EB48320F108029E959A3250D778A644CFA5

Function 00B59955 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B546CE: GetCurrentThreadId.KERNEL32 ref: 00B546DD
Part of subcall function 00B546CE: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00B54720

MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-11945FEC), ref: 00B599DC

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CurrentFileSleepThreadView
String ID:
API String ID: 2270672837-0
Opcode ID: 4dd3e2b79a8ec79459f88ecfbcb930a5f52a8534265dc05238fe7c9b55a8e198
Instruction ID: dc7431fbd90cc50096a56c229dfc4ac4c75bc504cba237c9f236f0fcd972ee77
Opcode Fuzzy Hash: 4dd3e2b79a8ec79459f88ecfbcb930a5f52a8534265dc05238fe7c9b55a8e198
Instruction Fuzzy Hash: DE11E57250014AFECF129FA4DC45E9A7BAAEF59386B0046D5FE0545021C736C8B9EBA1

Function 00B5973D Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CurrentSleepThread
String ID:
API String ID: 1164918020-0
Opcode ID: cbe8853f9c6804caa93b8875eced394da03593fb9936c6b0b5790ad060985503
Instruction ID: e4852f9271c5a271e198c9e3a44fd7da83cff36be500a5316e4bfb21ff34361b
Opcode Fuzzy Hash: cbe8853f9c6804caa93b8875eced394da03593fb9936c6b0b5790ad060985503
Instruction Fuzzy Hash: F411573611020AEBCF02AFA4D849B9E3BF5EF08306F0040D2BD0056160DB31CEA9EB61

Function 04D51301 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04D51367

Memory Dump Source

Source File: 00000000.00000002.1869026377.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d50000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: fbdba13973fa762313da048ee2d167eacfaa96ee9cb269f2989db24452af50f0
Instruction ID: 311810e75aa01803e7734d96cd9f7ac331547f467531c45d33d19c9a0953f037
Opcode Fuzzy Hash: fbdba13973fa762313da048ee2d167eacfaa96ee9cb269f2989db24452af50f0
Instruction Fuzzy Hash: 9A1125B1800249CFDB10DF9AC545BDEFBF4EB48324F14841AD558A3250D778A544CFA5

Function 04D51308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04D51367

Memory Dump Source

Source File: 00000000.00000002.1869026377.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d50000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: c567ae1d5646bb30a718af58f567fce5b5a61693b65d255d6eac7cf5988d4be4
Instruction ID: 0bd37c2fd57f1a393bcd9b5043df7989e3021950f997f7ed53445b08d58afadb
Opcode Fuzzy Hash: c567ae1d5646bb30a718af58f567fce5b5a61693b65d255d6eac7cf5988d4be4
Instruction Fuzzy Hash: 171103B5800349CFDB10DF9AC945BDEFBF8EB48320F24846AD558A3650D778A944CFA5

Function 00B59021 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00B546CE: GetCurrentThreadId.KERNEL32 ref: 00B546DD
Part of subcall function 00B546CE: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00B54720

ReadFile.KERNELBASE(?,00000000,?,00000400,?,-11945FEC,?,?,00B56D50,?,?,00000400,?,00000000,?,00000000), ref: 00B5908D

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CurrentFileReadSleepThread
String ID:
API String ID: 1253362762-0
Opcode ID: 55bef8e1100e1e04b390ea42b55c8e22c41ec9560df67f7a26c3a7b725533f64
Instruction ID: 362ff708326f89c5b65a766dcb91344aea350d0a67e807178c2d2ff5fde3d2d9
Opcode Fuzzy Hash: 55bef8e1100e1e04b390ea42b55c8e22c41ec9560df67f7a26c3a7b725533f64
Instruction Fuzzy Hash: 55F0197610010AFBCF125FA8D845E8E3BA6EF49356F0445D1BE054A060CB72C8A9EBA1

Function 00B56004 Relevance: 1.5, APIs: 1, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00B557BA,00B557BA), ref: 00B5604F

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: a75dec8d32926387f301cc8c0ae0217c3ddc3c8d65f2e3c021b0683b92b62225
Instruction ID: 5316b6f73307deab059bda99bfa5e2611de0a0a348d372d802b866cbbecab989
Opcode Fuzzy Hash: a75dec8d32926387f301cc8c0ae0217c3ddc3c8d65f2e3c021b0683b92b62225
Instruction Fuzzy Hash: C1E09236140108BADF223F74DD99B4E3FE1AE45343B8481E1BC02450A1DF30C99DE650

Function 0098E5CC Relevance: 1.3, APIs: 1, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 0098EFD3

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 01f9cc74745d1bdac714db0f768f11e861306b604bcc64cc5b1df7c3648ce57a
Instruction ID: 2841a3607493e67c7e45df9546338fe886f45690e434644060ae27c84ea3c045
Opcode Fuzzy Hash: 01f9cc74745d1bdac714db0f768f11e861306b604bcc64cc5b1df7c3648ce57a
Instruction Fuzzy Hash: 69117F7261C6109FE748BE69C8566BEB7E4EF98300F11492EEAC687340E6756C50CB87

Function 00B5489F Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(?,?), ref: 00B54903

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: 5a9b1aadc8f14b1295e0ec558c4571b4e9be8e35d7828bb8a7cb40999030ab7d
Instruction ID: 8e41b7ae362a88cdaa73376d80889f61f341d1cc17af8a6935bd71170cc620d6
Opcode Fuzzy Hash: 5a9b1aadc8f14b1295e0ec558c4571b4e9be8e35d7828bb8a7cb40999030ab7d
Instruction Fuzzy Hash: 81014636A0014EFFCF229FA4CC05EDEBBB6EF49346F0011E5B800A4060D7329AA5DB60

Function 00B5C2C6 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,00B5C2C2,?,?,00B5BFC8,?,?,00B5BFC8,?,?,00B5BFC8), ref: 00B5C2E6

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4025c9555bdc0e0f1edebb3fdb92242d9aa7499877d6360956a9981f8e228e7e
Instruction ID: 115d1668006fba06181ba0f41c9bb399664ba2d3c31fdf9ece2937fbf7b7fee6
Opcode Fuzzy Hash: 4025c9555bdc0e0f1edebb3fdb92242d9aa7499877d6360956a9981f8e228e7e
Instruction Fuzzy Hash: 5BF06DB1900309EFE7218F04CD04B99BFE5FF45762F1480A9E88A9B551D37198C0DB54

Function 00B5B479 Relevance: 1.3, APIs: 1, Instructions: 37sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00000000,00B54794,00B55F8F,?,?), ref: 00B5B496

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: a25f14e7a683e0427d0ea4beb6ac323d61b60a5947cb5abb51c51e356855668d
Instruction ID: 70098b58ab27d550f3e94922432e6ce66e2dd9a2cb61422fa826b75d6d7edb8b
Opcode Fuzzy Hash: a25f14e7a683e0427d0ea4beb6ac323d61b60a5947cb5abb51c51e356855668d
Instruction Fuzzy Hash: AC014B31A00303CBDF39CE95D558B19B6E2FF59322F1144E8D8474AA46D77498D89A80

Function 00B5B553 Relevance: 1.3, APIs: 1, Instructions: 37sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00000000,00B54738), ref: 00B5B570

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 62a0f1a3c1156e97556edef57dcf1841fa95e9a26a2abd22f68ca3ce768b266d
Instruction ID: 1da23ff889f1cb2fb33dadfbf5adb284b75542b9a7a825ff35e0cb33ab34f17f
Opcode Fuzzy Hash: 62a0f1a3c1156e97556edef57dcf1841fa95e9a26a2abd22f68ca3ce768b266d
Instruction Fuzzy Hash: 33012C71A003038EEF3DDE64D158B15B6D2FB59312F1040D999474AA82EB7099D8CA80

Function 00B57422 Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 00B546CE: GetCurrentThreadId.KERNEL32 ref: 00B546DD
Part of subcall function 00B546CE: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00B54720

CloseHandle.KERNELBASE(00B56DE5,-11945FEC,?,?,00B56DE5,?), ref: 00B57460

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CloseCurrentHandleSleepThread
String ID:
API String ID: 4003616898-0
Opcode ID: d3a7113534025c17f0edb50f76743859df1d108919b40d28217539c99b74e35a
Instruction ID: 9cf436406e4b795ff69ae6824c8f99745986665a08c36656f41043510a5d1a46
Opcode Fuzzy Hash: d3a7113534025c17f0edb50f76743859df1d108919b40d28217539c99b74e35a
Instruction Fuzzy Hash: 35E04F76384006BADE117AB8E849F4E2FE89FD934BB4046F2FD0185215DF60D8DAC261

Function 0098E8CC Relevance: 1.3, APIs: 1, Instructions: 11memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 0098F00E

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 91ffb17f4eefdd18e1858068da3ec2b1ac8707d7d5766bca1b4656d997793bfa
Instruction ID: 95b0207ce4b60d66689331b3396023c7ef9416b9c5fe08b5a64eda4572cedb59
Opcode Fuzzy Hash: 91ffb17f4eefdd18e1858068da3ec2b1ac8707d7d5766bca1b4656d997793bfa
Instruction Fuzzy Hash: 79D0923590864EDFCB106F7480192DE3AA0FF04321F200A19EC7292B91D7765CA0EB1A

Function 00B564E7 Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,00B5456D,?,?), ref: 00B564ED

Memory Dump Source

Source File: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 228e4845ce4fc3e97a902eed11a2c0e434e09207a47070684568da00fea691b4
Instruction ID: 36258ddbf51c68f873349fa3729b28ad18f13cf8295de524f5ad25f00207db18
Opcode Fuzzy Hash: 228e4845ce4fc3e97a902eed11a2c0e434e09207a47070684568da00fea691b4
Instruction Fuzzy Hash: 05B09231000109BFCF01BF51EC0684DBFB9BF15399B408160B945452318BB6E969DBD0

Non-executed Functions

Function 00AF0379 Relevance: 9.2, Strings: 6, Instructions: 1712COMMON

Download Yara Rule

Strings

"x_|, xrefs: 00AF0488
2/wn, xrefs: 00AF1481
lI/, xrefs: 00AF0B4C, 00AF0B50
Mvn, xrefs: 00AF0CB8
[ _], xrefs: 00AF0BF6
Mvn, xrefs: 00AF0CBE

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: "x_|$2/wn$[ _]$Mvn$Mvn$lI/
API String ID: 0-1397884300
Opcode ID: 6ea2ea45f35690ad7bdfe542e3c0737c31cc46f1800526c09861d4366bcf61ce
Instruction ID: a6e591cbc67d9ff6706d2a2426bd2520fd500a0dbfce6ba19ec65ef39e929a95
Opcode Fuzzy Hash: 6ea2ea45f35690ad7bdfe542e3c0737c31cc46f1800526c09861d4366bcf61ce
Instruction Fuzzy Hash: 67B22BF360C2049FE304AE2DEC8567ABBE9EFD4720F1A493DE6C5C7744E93598058692

Function 00AE629E Relevance: 8.0, Strings: 5, Instructions: 1741COMMON

Download Yara Rule

Strings

!{q, xrefs: 00AE62D6
\Q, xrefs: 00AE6514
1&{-, xrefs: 00AE72F3
\]O~, xrefs: 00AE7371
q6Ou, xrefs: 00AE7008

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: !{q$1&{-$\]O~$q6Ou$\Q
API String ID: 0-1346010101
Opcode ID: bd4ac6acd4eda8187fbc3bdc29211fcd559e27085fb905781689755d5a23c857
Instruction ID: e529518dc4c5126d4916f9b0b334895f8dadd2a420f96259f6db5fef118d1602
Opcode Fuzzy Hash: bd4ac6acd4eda8187fbc3bdc29211fcd559e27085fb905781689755d5a23c857
Instruction Fuzzy Hash: 75B23AF360C2049FE3046E2DEC8567BFBE9EBD4620F1A863DEAC4C7744E97558058692

Function 00A2E38D Relevance: 5.6, Strings: 4, Instructions: 606COMMON

Download Yara Rule

Strings

>, xrefs: 00A2EA17
, xrefs: 00A2E5F0
z, xrefs: 00A2E6C1
#, xrefs: 00A2EA43

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: $#$>$z
API String ID: 0-135298401
Opcode ID: f9d791e6ebe7aaf6fa533c65ad6b7afb45e1c423d574096394712d547f1c7966
Instruction ID: 87a3122b94497196f92d0a56f4f09d892c7b7ee51ba0a57de0c4e81a1366df57
Opcode Fuzzy Hash: f9d791e6ebe7aaf6fa533c65ad6b7afb45e1c423d574096394712d547f1c7966
Instruction Fuzzy Hash: D41248B3F2253407F7688439DD183A6558387E1325F2F82788E5D6BBDAD8BE5D4A02C4

Function 00A2E46B Relevance: 5.5, Strings: 4, Instructions: 480COMMON

Download Yara Rule

Strings

>, xrefs: 00A2EA17
, xrefs: 00A2E5F0
z, xrefs: 00A2E6C1
#, xrefs: 00A2EA43

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: $#$>$z
API String ID: 0-135298401
Opcode ID: df8978e26daa6cc844f1fa6d8a1c20c5ae2504b5de65708ab49f0afb5e586aa2
Instruction ID: 1caa9b602cd303d4e694a1abb3c5f3b1f7c032e89f00ef0d7306b87badbdefaf
Opcode Fuzzy Hash: df8978e26daa6cc844f1fa6d8a1c20c5ae2504b5de65708ab49f0afb5e586aa2
Instruction Fuzzy Hash: 9EF13BB3F2143406F7658539DD183A6588387E1325F2FC2788E5C6BBDAD8BE4D8A12C4

Function 00AF41FE Relevance: 4.9, Strings: 3, Instructions: 1119COMMON

Download Yara Rule

Strings

t'w?, xrefs: 00AF4715
2EW?, xrefs: 00AF4F30
;.+, xrefs: 00AF4D6A

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: 2EW?$;.+$t'w?
API String ID: 0-3303316015
Opcode ID: 6bdb845dde219b87a9b695b51622d73bb07eafb0ea3238a64dc439ffa0fea8ee
Instruction ID: a31609c1b0e05682e975275b5a244310c996c4df0e79d2d1a9d122af04e2a2dc
Opcode Fuzzy Hash: 6bdb845dde219b87a9b695b51622d73bb07eafb0ea3238a64dc439ffa0fea8ee
Instruction Fuzzy Hash: 2E726CF3A086149FE304AE2DEC4567BB7E6EFD4720F2A863DE5C4C3744E93598018696

Function 009EC332 Relevance: 2.6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

Strings

M, xrefs: 009EC3B9
L, xrefs: 009EC38B

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: L$M
API String ID: 0-2135191869
Opcode ID: a4d71dfc819ee9555b7c4e9c801d6d07c135748b2e700c74362740464e6a350e
Instruction ID: a2b62a05f507aae2108901d64ac1d93d17356a2421d58521398ffda9b3f5b11f
Opcode Fuzzy Hash: a4d71dfc819ee9555b7c4e9c801d6d07c135748b2e700c74362740464e6a350e
Instruction Fuzzy Hash: A04178F3F2112647F3580838CC193A26683D7E4311F2F82388A99DB7C5E97E9C4A5284

Function 00A085A7 Relevance: 1.8, Strings: 1, Instructions: 521COMMON

Download Yara Rule

Strings

tw<, xrefs: 00A08C26

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: tw<
API String ID: 0-934695500
Opcode ID: f4cd35610b94d3cbfea8a63737128ce5c8894402ecc6622ce247c91ee884272f
Instruction ID: a24b96d8d23a67bcbccf1e0377b76600c9690938771535e829191a8279d0e924
Opcode Fuzzy Hash: f4cd35610b94d3cbfea8a63737128ce5c8894402ecc6622ce247c91ee884272f
Instruction Fuzzy Hash: 07F1CDB3F112204BF3544939DC983A27696DBD5324F2F823C9E98AB7C5E87E5D068384

Function 009FB0A0 Relevance: 1.7, Strings: 1, Instructions: 468COMMON

Download Yara Rule

Strings

TL?{, xrefs: 009FB49A

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: TL?{
API String ID: 0-2208477637
Opcode ID: 34fab95384dff5509c8ba014d561334dc9a9bd89cf17e1349e974e29affc3483
Instruction ID: e609db170a5df18e2cd4da3c635e9ed65f8ae610217fbd1e788a24e8023f75a2
Opcode Fuzzy Hash: 34fab95384dff5509c8ba014d561334dc9a9bd89cf17e1349e974e29affc3483
Instruction Fuzzy Hash: 3BF1D2F3E142244BF3449E39DC94366B796EB94320F1B863CDA88AB7C5D93E5C058785

Function 009E66AF Relevance: 1.7, Strings: 1, Instructions: 441COMMON

Download Yara Rule

Strings

b/un, xrefs: 009E6BF5

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: b/un
API String ID: 0-2067275941
Opcode ID: 9fab4d56cfe9c37dfb80fb183c0b986d6f76dd56a092116ef3c919ed580f03e7
Instruction ID: 42cbe19b5b0e588c3a165173a414b634ca09d80b9cababfb5ec3b61c01499cd8
Opcode Fuzzy Hash: 9fab4d56cfe9c37dfb80fb183c0b986d6f76dd56a092116ef3c919ed580f03e7
Instruction Fuzzy Hash: 6AE1D0F3F142244BF3185939DC593667692EB94320F2B463CDA88AB7C5ED3E9C068785

Function 00A8259A Relevance: 1.7, Strings: 1, Instructions: 427COMMON

Download Yara Rule

Strings

_>g, xrefs: 00A82A49

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: _>g
API String ID: 0-2426982699
Opcode ID: bbb9b361ee409f514be5781cdbef035d472748e1152ac67fb807ddadf613c2fb
Instruction ID: ecf961f5097c7496dcf2b1ee9f599ca4e85d33637b036e597446b9e354cb87f2
Opcode Fuzzy Hash: bbb9b361ee409f514be5781cdbef035d472748e1152ac67fb807ddadf613c2fb
Instruction Fuzzy Hash: 1FE1E2F3E142214BF3505E28DC9836676D2EF94320F2F863CDA889B7C5E93A5C458785

Function 00A4A0A6 Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

.{p!, xrefs: 00A4A4D2

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: .{p!
API String ID: 0-1515972872
Opcode ID: 3bd045fec5fe0c6fdcae4bc4801741a4e89eb980589b9ea9310fa1cb642a5e27
Instruction ID: 8f8cf47810f5d446548c5b643182da78657342d87838fcc943fe6234d0231b48
Opcode Fuzzy Hash: 3bd045fec5fe0c6fdcae4bc4801741a4e89eb980589b9ea9310fa1cb642a5e27
Instruction Fuzzy Hash: 79B15CB3F1163547F3544978CC583A2A6829B95320F2F82788E5CABBC9EC7E9D0952C4

Function 009BE41C Relevance: 1.6, Strings: 1, Instructions: 330COMMON

Download Yara Rule

Strings

1Nx, xrefs: 009BE421

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: 1Nx
API String ID: 0-3599520315
Opcode ID: f861bbc12f3d0c3f6d477c4a2625c20d2496afa184243e20639003aebdde1859
Instruction ID: 2622bb5bc3733c941535666278562a89847831c24848aa513321f2c5b2fabf10
Opcode Fuzzy Hash: f861bbc12f3d0c3f6d477c4a2625c20d2496afa184243e20639003aebdde1859
Instruction Fuzzy Hash: 48B1ADB3F5122547F3444978DD983A26683DBD5320F2F82788E58AB7C6DD7E9C0A5384

Function 009B24EC Relevance: 1.6, Strings: 1, Instructions: 320COMMON

Download Yara Rule

Strings

2, xrefs: 009B26F6

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: de1beb5d8a871c38833eaff0042c78bd016cf086e78fc52bd56430a5ba47c01f
Instruction ID: c476d5940e828609fd7112f89316e85c9fadbfc81b7044785d02d9eb61df0027
Opcode Fuzzy Hash: de1beb5d8a871c38833eaff0042c78bd016cf086e78fc52bd56430a5ba47c01f
Instruction Fuzzy Hash: B2B177F3F1152507F3584929CC683A662839BE1324F3F82788B4D6B7C6E87E9D0A5284

Function 009A02D9 Relevance: 1.5, Strings: 1, Instructions: 286COMMON

Download Yara Rule

Strings

O, xrefs: 009A041C

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: 46861405ce0ebb4002d06dc6ec551586af03175532fb1c69afb615d973dca219
Instruction ID: 13841e3abc17f12f60ab124315510b6c0b634d3c8a11819680fdfaa020f569c3
Opcode Fuzzy Hash: 46861405ce0ebb4002d06dc6ec551586af03175532fb1c69afb615d973dca219
Instruction Fuzzy Hash: 0DA14BB3F112244BF3944D29CC643A276939BD5320F3F82B88A4D6B7D5D93E9D4A9384

Function 00A1A1B0 Relevance: 1.5, Strings: 1, Instructions: 279COMMON

Download Yara Rule

Strings

*, xrefs: 00A1A234

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: f5ed90d430c526dfbd0b05ba04a842081cb70d628c3d73f3f01bf360efc3ff61
Instruction ID: 310c31987eb3abced24ced0c01e6f0ca16d03184c7786d5767cf2d5667a8dc1c
Opcode Fuzzy Hash: f5ed90d430c526dfbd0b05ba04a842081cb70d628c3d73f3f01bf360efc3ff61
Instruction Fuzzy Hash: 64A15AB3F1122547F3944939CCA83A27282DB95320F2F827C9E696B7C6DD7E5D0A5384

Function 00A3210E Relevance: 1.5, Strings: 1, Instructions: 279COMMON

Download Yara Rule

Strings

,, xrefs: 00A321B6

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: eea3ebbcb1bdfbc8000dec8f2b10070eea580f71f3e26257e211a2a95bcc3eed
Instruction ID: 94e725646a55001e1584a69d62352b1bb4c9cddf7dac3c8e5489220df0fcef50
Opcode Fuzzy Hash: eea3ebbcb1bdfbc8000dec8f2b10070eea580f71f3e26257e211a2a95bcc3eed
Instruction Fuzzy Hash: 11A179B3F116264BF3444979CC583A27683ABD5320F3F82788A4D6B7C6D97E8D4A5384

Function 00AA713B Relevance: 1.5, Strings: 1, Instructions: 273COMMON

Download Yara Rule

Strings

G, xrefs: 00AA7259

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 21989cb41b6df3a98503dbcff37cd91a403321d8d581bc80c0f50b3dac53adca
Instruction ID: f5c75cddc412de916ff160addbfc1e1d1c58f80d053d721574a72d0d960eebcd
Opcode Fuzzy Hash: 21989cb41b6df3a98503dbcff37cd91a403321d8d581bc80c0f50b3dac53adca
Instruction Fuzzy Hash: BD919AF3F2162147F3544928CC583627692DBA5324F2F827C8E58AB7C6D97E9D0A53C4

Function 00A6622B Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

3e%#, xrefs: 00A6622B

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: 3e%#
API String ID: 0-3344048141
Opcode ID: 3a06e1b35f0c005e9fe41d43549382ed56ab5f0fb5ee0306f5f4c0f18620aeaf
Instruction ID: 186d4db8a5e7bf53bd46f6079ca97139b29e4ae0de2b33a4398040e775f6ffe1
Opcode Fuzzy Hash: 3a06e1b35f0c005e9fe41d43549382ed56ab5f0fb5ee0306f5f4c0f18620aeaf
Instruction Fuzzy Hash: 0B914AB3F1122147F3440928DDA83626683DBD5325F2F82789E19AB7C6ED7E9D0A5384

Function 00A6D14A Relevance: 1.5, Strings: 1, Instructions: 258COMMON

Download Yara Rule

Strings

A, xrefs: 00A6D339

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: 68292c8a3caf58ccda0e5d491a266391b6c08fa315badb0c87aab7d96a334cdc
Instruction ID: 8254a1880d2b66bf0baee126f9b8a29bf1c2a5229d1b87692c7b820a4aad2a5f
Opcode Fuzzy Hash: 68292c8a3caf58ccda0e5d491a266391b6c08fa315badb0c87aab7d96a334cdc
Instruction Fuzzy Hash: BF91AEB3F5122547F3444939CC993A26683DBD1324F2F42788E58AB7C9DD7E9D0A5384

Function 0099B10F Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

^, xrefs: 0099B1D5

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: ^
API String ID: 0-1590793086
Opcode ID: 3b7c5ed361d5bc1c68bdb3823f2fc87e98de775dae2b4c4d1b7711bc2caf9644
Instruction ID: ee66610d09cb1a39253ed3975e69cf74cc8aa90475437fd3196fa38e4f99c3dc
Opcode Fuzzy Hash: 3b7c5ed361d5bc1c68bdb3823f2fc87e98de775dae2b4c4d1b7711bc2caf9644
Instruction Fuzzy Hash: DA818EB3F1122547F3844939DD983626683DBD4325F2F82788E486B7CAED7E9D0A5384

Function 009ED289 Relevance: 1.5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

Strings

Q, xrefs: 009ED3FD

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: Q
API String ID: 0-3463352047
Opcode ID: 517a09136515bbc964a24c02043444877062aaae9c70148024822607d46d71fe
Instruction ID: 747e720e889beea195ab89f896c94168266b02d1e5a045d7ee1eb8808a07f652
Opcode Fuzzy Hash: 517a09136515bbc964a24c02043444877062aaae9c70148024822607d46d71fe
Instruction Fuzzy Hash: 95714CF3F1122447F3544929CD583A26683DBE5314F2F81788E8CAB7C5E97E9D0A5388

Function 00A4B011 Relevance: 1.4, Strings: 1, Instructions: 179COMMON

Download Yara Rule

Strings

M, xrefs: 00A4B104

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 14d437d5a7e4d324955b68084fa80e133916aabf42bf0375f27522d8d3e4f233
Instruction ID: 0d5f7a3f7a4df488a045d5227fecbd2ef6a3ed010f3238d74ecc36b2ddf456c6
Opcode Fuzzy Hash: 14d437d5a7e4d324955b68084fa80e133916aabf42bf0375f27522d8d3e4f233
Instruction Fuzzy Hash: 61517EB3F2122547F3444929CC583A27393DB95320F2F817C9E886B7C5E97E9D4A5384

Function 009A0118 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

T\58, xrefs: 009A0184

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: T\58
API String ID: 0-2327767573
Opcode ID: 90d5cac129b591a73d7012c94077b683cb216ee49ea13eb1c261ed21dbb631e3
Instruction ID: 4ce1d08aad280baabc8cdb5385ecf7b62fc6d306b7201eac084101861f4d930f
Opcode Fuzzy Hash: 90d5cac129b591a73d7012c94077b683cb216ee49ea13eb1c261ed21dbb631e3
Instruction Fuzzy Hash: 30418EB3F1122447F3544E29CCA4362B293EBD5314F2F42798A596B7D1DD7EAC0A9388

Function 00A4A470 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

.{p!, xrefs: 00A4A4D2

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID: .{p!
API String ID: 0-1515972872
Opcode ID: 4b433bd5a11a02fe354d1b75cf550439c1a806f0cb16e2025da0312480cd7747
Instruction ID: d6a13290312ee33f4a3a42f9cc454444bd6047fa8e81f59f9c963c1b43a04091
Opcode Fuzzy Hash: 4b433bd5a11a02fe354d1b75cf550439c1a806f0cb16e2025da0312480cd7747
Instruction Fuzzy Hash: 38317FB3F1123447F3588879CC58362B2829BD9320F2F83788E696B7D6DD3E5D094284

Function 00AA31C9 Relevance: .6, Instructions: 593COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88ee298626592f3c218f632b3c3948ac28fa5166e75e2fba3b84da27f491292c
Instruction ID: 8ef4575f84b4fe523624508b7e4f8e19d4ebf172517dc70eb38e61e3e7122178
Opcode Fuzzy Hash: 88ee298626592f3c218f632b3c3948ac28fa5166e75e2fba3b84da27f491292c
Instruction Fuzzy Hash: 831258E3F5161507FB580439CD693B6198397E2320E2F427D8B9E2B7C6DDBE0E461288

Function 009D425F Relevance: .5, Instructions: 541COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35c35cf4d25915aeb69c448808ff22c938c06535cf1bfb8f8035c192f2024e9a
Instruction ID: 3714721592ffbad24b7698d74a5944dc9ddb53f12f73e0647bec0d62c9020e3a
Opcode Fuzzy Hash: 35c35cf4d25915aeb69c448808ff22c938c06535cf1bfb8f8035c192f2024e9a
Instruction Fuzzy Hash: 2602E4F3F142104BF3488A39DC9936676D2EB94320F2E853D9A89D77C5E97E9C068381

Function 00A7A110 Relevance: .5, Instructions: 521COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 285437efc4f371590f70879adc01b2b796629610c10956354176d1cdd058eb0a
Instruction ID: e9e3a9b13e33dd8196ccec7934fd4b6337ed0a238f9a4461ffb60f5e9838d0ae
Opcode Fuzzy Hash: 285437efc4f371590f70879adc01b2b796629610c10956354176d1cdd058eb0a
Instruction Fuzzy Hash: DF02D0F3F106214BF3449978DC58366B692DB94320F2B823CDA89A77C5E97D9C0583C5

Function 00A404E1 Relevance: .5, Instructions: 520COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a96a7efa0c09578fe37caec45c496bc488c1296075ef9854b027efc26cccabd4
Instruction ID: 79fd2cba6fbdd0c874259eafff3a489a7735c662277839238c65d02e1ab70e82
Opcode Fuzzy Hash: a96a7efa0c09578fe37caec45c496bc488c1296075ef9854b027efc26cccabd4
Instruction Fuzzy Hash: C502BFB3F112244BF3449A29DC983A67693EBD4720F2F823C9A88577C5ED7E5D068385

Function 00A6C0E9 Relevance: .5, Instructions: 500COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d464f80b7b5567e112981928e5ed35375d1a7b5f80c9d2b22d886b53f96ab4c
Instruction ID: 2ad6696d56c6efea044873125e47f73afa94e9c1ef4f59328e411142dc83c202
Opcode Fuzzy Hash: 3d464f80b7b5567e112981928e5ed35375d1a7b5f80c9d2b22d886b53f96ab4c
Instruction Fuzzy Hash: EFF1CEF3E156204BF3045938DD98366B692EBD4320F2F863DDA989BBC9D93D8D058385

Function 00A2C5F0 Relevance: .5, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0754b77e7ca1190c395e8eea07afdf257dbb564d71ccd7ed3939eb08e7590a42
Instruction ID: 42853fa16fc052725beb3eaa55f518723bb924523462f8d23a0ffd4b0375c1a9
Opcode Fuzzy Hash: 0754b77e7ca1190c395e8eea07afdf257dbb564d71ccd7ed3939eb08e7590a42
Instruction Fuzzy Hash: F7E1ACF3F102154BF3485D79DD98366B692DB90324F2B823C8F98A77C9E97E5C0A4285

Function 009DE681 Relevance: .4, Instructions: 398COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cfff779522b14f08b5595b4503a2191846b7d453b3a6e4db2dc0880dcb1b11d
Instruction ID: ba8a690379e79ed95c6768f393740ae918667940c48c96e110744e79ec217197
Opcode Fuzzy Hash: 2cfff779522b14f08b5595b4503a2191846b7d453b3a6e4db2dc0880dcb1b11d
Instruction Fuzzy Hash: B9D169F3F116250BF3544978CD983626582DBA5324F2F82788F4CAB7C9E87E8D0A5384

Function 00A12143 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ddb2a8ea00265773583c1dce21fb9c5ea4e18c0b73be5b3ef844f2c0afa70e9
Instruction ID: 2d56e2264a638d7c8fedd89c1dbff07f82edd3b6954c1356af9a135933cb17b0
Opcode Fuzzy Hash: 0ddb2a8ea00265773583c1dce21fb9c5ea4e18c0b73be5b3ef844f2c0afa70e9
Instruction Fuzzy Hash: A3D17BB7F516210BF3944878DD983A26582DB94324F2F82788F5CAB7C6E87E5D4A43C4

Function 00A852A6 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6356ef58f74ebc94307720bfe3ae54ca6a5a52595bcfeb7dbc87594d22074e7b
Instruction ID: dcf29cb9ec41eba483205d5071b37515d5abfa155847944207e9a2aff8cb51d4
Opcode Fuzzy Hash: 6356ef58f74ebc94307720bfe3ae54ca6a5a52595bcfeb7dbc87594d22074e7b
Instruction Fuzzy Hash: 22D187B3E1122547F3544929CC983A2A683DBA5324F2F82788F4C6BBC6D97E5D4A53C4

Function 00AC9180 Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f469cfc8f3cec4e94f55fab660e422d91213ac14b36ab9689c5aaa69d0772542
Instruction ID: 47e98bc721c7ea2bd9863942293460e5725061bc7732b0d605ba48f935898b36
Opcode Fuzzy Hash: f469cfc8f3cec4e94f55fab660e422d91213ac14b36ab9689c5aaa69d0772542
Instruction Fuzzy Hash: A5C1BEF3F2162547F3544968CD943A26683DBD9314F2F82788F19AB7CAD87E9C0A5384

Function 00A160C7 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29ca260d8a691383b6e0f364f984b54ffad3fbf1946330ad556af8617a5743fe
Instruction ID: 9e87d78bbea18f8a6884004ee0da50d32d461bc12fbeb42cf648083840c6d03e
Opcode Fuzzy Hash: 29ca260d8a691383b6e0f364f984b54ffad3fbf1946330ad556af8617a5743fe
Instruction Fuzzy Hash: C6C17CB3F1122547F3484939CD683A266839BD1325F3F827C8A59AB7C6DC7E9D0A5384

Function 00A98271 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff81cae7f37e7c07fd82febb498505683ba63595a380ff433f38e310cda7c5e2
Instruction ID: 9cf0c849b3285288e2967042cef0599ec83f236126d1a3dfb8d181f6a5df26e3
Opcode Fuzzy Hash: ff81cae7f37e7c07fd82febb498505683ba63595a380ff433f38e310cda7c5e2
Instruction Fuzzy Hash: B1C18BF3F112254BF3444939CD583A225839BD5324F2F82798A4DAB7C6EC7E9D0A5384

Function 009C20E6 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3827238a45224781cf5988b621ada30d678b16445080322dc1d40a179f37c400
Instruction ID: 4acd21b8dda63744253682fde52c5e1dc1d2f326737d1911a8e0ec1cc3f3986c
Opcode Fuzzy Hash: 3827238a45224781cf5988b621ada30d678b16445080322dc1d40a179f37c400
Instruction Fuzzy Hash: 38C16EF3F1162507F3844929DD983A2658397E5315F3F82788B4C6B7CAD87E9C4A5384

Function 009DD1C9 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df11adb9a16da06c5098e8c021fda3ff25f5f42d25b36de8dd57cd78b2f44888
Instruction ID: 40d9fca81326208539804a118a95686778787d623e45ff90b58a79fe7ec85b54
Opcode Fuzzy Hash: df11adb9a16da06c5098e8c021fda3ff25f5f42d25b36de8dd57cd78b2f44888
Instruction Fuzzy Hash: 1DC19CB3F1062147F3444D38CDA83626683DB95311F2F81798E49AB7CAED7E9D0A9384

Function 00A924E4 Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5218e0eca1cd3acda50208cd884d563e3317d771cb1079a40cad6938019cc085
Instruction ID: 3a6b84adb9e2367a4c9a285b6d3fd3a12c2e2f07bad614123aa2731b33fd6d0d
Opcode Fuzzy Hash: 5218e0eca1cd3acda50208cd884d563e3317d771cb1079a40cad6938019cc085
Instruction Fuzzy Hash: F0C18BB3F1122147F3544879DD983A266839BD5324F2F82788F5CABBCAD87E5D0A5384

Function 009BD28A Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5f702eddc48f77e8d8c952998e432ccba063a23483dee13685e6183c8a6fece
Instruction ID: f740dd39f3a4f21c1b5e83afb2de862d64866700d8e89b6d2068f79b348726ab
Opcode Fuzzy Hash: e5f702eddc48f77e8d8c952998e432ccba063a23483dee13685e6183c8a6fece
Instruction Fuzzy Hash: ADC17BF3F5122547F3584938CD583A266839B91324F2F82788E5D6B7C6EC7E9D0A5384

Function 00AA0321 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d385ca9215b29aa09bf8c0c114c31998842318a8bcaed33c176984fe9d3063
Instruction ID: 43d06256b6d97fec1256262f76ce6874032e3b4d13238cc03959d47dc37efe53
Opcode Fuzzy Hash: b6d385ca9215b29aa09bf8c0c114c31998842318a8bcaed33c176984fe9d3063
Instruction Fuzzy Hash: B7C177F3F516250BF3984875CD983A2658397D1324F2F82788F5DAB7C6E8BE4D0A5284

Function 00AC4412 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a21d2418f8eed489d3899394bd22d828c17c4757fea7bf584683ba4e316aac
Instruction ID: 77fb37af0c135b8ed0cc4f8d9104072e0d5374e4701c4b4819600fff8e3a3489
Opcode Fuzzy Hash: e7a21d2418f8eed489d3899394bd22d828c17c4757fea7bf584683ba4e316aac
Instruction Fuzzy Hash: B6C1DFB7F5122147F3984979CCA83A2B682DB95310F2F82788F596B7C6DCBE5D094384

Function 00998515 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1e925e2e465d58f4aeb52e79c52ab824220da21ff837b3f03cee95cd6ba4b7
Instruction ID: eefb1aba0b304b638705a70e5df7612444d72f939c7c3f0564a015d02daaca89
Opcode Fuzzy Hash: 1f1e925e2e465d58f4aeb52e79c52ab824220da21ff837b3f03cee95cd6ba4b7
Instruction Fuzzy Hash: 57C17AB3F1122547F3548839CDA83A266839BD1320F2F82788E5C6BBC9D87E5D4A53C4

Function 00AD8167 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b748d4d77be603581417e13ca26e74a340be2a9c49139f3d7a4c115586fc294
Instruction ID: b9f9360f42ccb7585f5fa7c766b64c92dc615a3a4901f205b9e47b9c14ec2a96
Opcode Fuzzy Hash: 0b748d4d77be603581417e13ca26e74a340be2a9c49139f3d7a4c115586fc294
Instruction Fuzzy Hash: ECC199B7F5122507F3544939CD983A26683DBD0324F2F81788F49ABBCADD7E9D0A4284

Function 00ADC14E Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0140290c821bc717c192c2235ee3801a373fda53d27c043e915a50fda7c9d04d
Instruction ID: bca928bbeb1b5cf25943bc1d940af574733cd35142e9bafd8d11e8c768c24274
Opcode Fuzzy Hash: 0140290c821bc717c192c2235ee3801a373fda53d27c043e915a50fda7c9d04d
Instruction Fuzzy Hash: CFB157B3F5222547F3544939CC983A266839BD5324F3F82788A5C9B7C9DC7E9D0A5384

Function 00A9033D Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f153fb3427b860c2b492e111c7191f702e72403051bf7b6ed06b61f5e0f8996b
Instruction ID: 64fe389ec28ce2fb4caccc7d4e56549213fb9fd112196e925144d60f85c50900
Opcode Fuzzy Hash: f153fb3427b860c2b492e111c7191f702e72403051bf7b6ed06b61f5e0f8996b
Instruction Fuzzy Hash: ADB18DB3F512254BF3544879DD983A225839BD1324F2F82788E5CABBC9DCBE5D0A5384

Function 00A9D0AD Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a7ff4def57bc3a32f6e4a57cf8653fd7eec553d0c08286090bf508e01e7606e
Instruction ID: a2b649ee45335fc49f83297084092d98f8fb939ec5477ef4071d5a87b0e6b6be
Opcode Fuzzy Hash: 5a7ff4def57bc3a32f6e4a57cf8653fd7eec553d0c08286090bf508e01e7606e
Instruction Fuzzy Hash: F2C18BF3F5122547F3540979CD983A266839BD5324F2F82788E4CAB7C6D8BE9C4A5384

Function 00A0804F Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e960070f77894ac76e64b7cee5de07009c0deddd2ca4dcc381eab6d3b6c1269
Instruction ID: 5b199c2fa947fc79f18bc4e3776d3b06ea4af9dfc4a0c61d3acfadbcbb92fefb
Opcode Fuzzy Hash: 7e960070f77894ac76e64b7cee5de07009c0deddd2ca4dcc381eab6d3b6c1269
Instruction Fuzzy Hash: 57C18DF3F2162547F3504928CC483A26683D7D5324F3F86789A68AB7C5ED7E9D0A5384

Function 00A3A314 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2474a59aeea698061218629bef87aaa3cbb860dc268b7541a974b0f2dc6d108
Instruction ID: 0ff95dcdc253cf1be11bf3a3a014c80ccc542179df829c623c6a4352b87fef65
Opcode Fuzzy Hash: a2474a59aeea698061218629bef87aaa3cbb860dc268b7541a974b0f2dc6d108
Instruction Fuzzy Hash: F6C1ABB7F2162147F3844838DD983626683DB95324F2F82388F58AB7C6D97E9D0A4384

Function 00A0F195 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9857613f77abbf7fc06fc21e0a01a7b074b601935aaebe526ce6c99e991cce2d
Instruction ID: 986efad73d1474667ae74679a2c930e462d6d9d168a286307a0d64f40ecb0223
Opcode Fuzzy Hash: 9857613f77abbf7fc06fc21e0a01a7b074b601935aaebe526ce6c99e991cce2d
Instruction Fuzzy Hash: 87B16AB3F112200BF3544969DC983626683DB95321F2F827C8F59ABBCADC7E5D0A5384

Function 00A364D4 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd2a840916b79906da95641a44143c598d02ce9d461dc5197712bf89bca93e6c
Instruction ID: 3eeb62c6c0a7ef4433f330b5a8436d589815b39aa3661e3e0450f1461f9326c8
Opcode Fuzzy Hash: fd2a840916b79906da95641a44143c598d02ce9d461dc5197712bf89bca93e6c
Instruction Fuzzy Hash: 1AC1ABB7F202254BF3944979CC983A27682DB95314F2F42788F4CAB7C6E87E5D0A4384

Function 009FD0A1 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0c1982f713b06039c7809ac55097776c0108174e8440d56d6f34547524c182
Instruction ID: fee5ff83bea801558b5d9a8c8caf412d6e5377393070a25dbc53bb6b462249f2
Opcode Fuzzy Hash: ed0c1982f713b06039c7809ac55097776c0108174e8440d56d6f34547524c182
Instruction Fuzzy Hash: 34B158B7F6062447F7584839CD983A225839BD5324F2F82788F8D6B7C6D8BE5D0A5384

Function 009C7145 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90ab3830e23e5145422994c63b137dd19cf87de0f533b6151081c07612050a72
Instruction ID: ea7a4ff6218fa596199618ab7c64a0dc790eb138c5566441f02f706bd445098c
Opcode Fuzzy Hash: 90ab3830e23e5145422994c63b137dd19cf87de0f533b6151081c07612050a72
Instruction Fuzzy Hash: FFB16CB3F1122447F3548929CC983A26683DBD4315F2F81798E49AB7CAE97E9D0A5384

Function 0099C552 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e66417d48cfa9f324f0075a44576ac8ce623ad914d8752713a4c22a45ae37ff
Instruction ID: 337165a4c8c5d721dd2b6499ac585615ebd663aba2820732a7a24074f062bebd
Opcode Fuzzy Hash: 7e66417d48cfa9f324f0075a44576ac8ce623ad914d8752713a4c22a45ae37ff
Instruction Fuzzy Hash: 39B188F7F5122507F7844878DD983A265829BD5324F2F82788E5C6BBCAD87E5D0A4384

Function 00A5F161 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31d33e768c8d2c1372318896bd2ff91f41bd16ed355cdf73d8cbd64b51172106
Instruction ID: 41d76a6a5cb03734fa353c80e35781e0baacd01e43322a82af6859910ed596c3
Opcode Fuzzy Hash: 31d33e768c8d2c1372318896bd2ff91f41bd16ed355cdf73d8cbd64b51172106
Instruction Fuzzy Hash: 70B18BB3F1122547F3544979CDA83A26683DBD5320F2F82788E596BBC6DC7E5C0A5380

Function 00ABA4CF Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a714c8e6666cbe6981d0b441527ed6c68296990a68f6cb2c6f8ff6a6f1555271
Instruction ID: 9f9b10eb0e525da87bf47f86950aff7caed9c7082380125e3d39c7ea93a46759
Opcode Fuzzy Hash: a714c8e6666cbe6981d0b441527ed6c68296990a68f6cb2c6f8ff6a6f1555271
Instruction Fuzzy Hash: F4B19DB3F5062107F3584978CCA83A2A682DBD4324F2F82388F59AB7C5DD7E5D0A4284

Function 009D814E Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dfd87b94121383a0d02e955c2db3235cfd69afa7e99f02e220f858a6664af3b
Instruction ID: 69fe8c0579d42143b2f12b38ca9fabc3d1534829d3f6c33e1d3e981fa5c33205
Opcode Fuzzy Hash: 2dfd87b94121383a0d02e955c2db3235cfd69afa7e99f02e220f858a6664af3b
Instruction Fuzzy Hash: 0AB1AFB3F112254BF3844939CD583626683EBD5314F2F81788E49ABBCADD7E9D0A5384

Function 00A9C337 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0420329fbbf681a89681dcb6d82063e8c4864bd9d441775d36ed2be3f3f68a51
Instruction ID: 778d99dbeedc5b6b60750001cc2d78de5676114f6dff63bc7a1d749ff0195ca0
Opcode Fuzzy Hash: 0420329fbbf681a89681dcb6d82063e8c4864bd9d441775d36ed2be3f3f68a51
Instruction Fuzzy Hash: 69B17EF3F61A214BF3544878DC983A266839B95324F2F82788E5CAB7C6DC7E5D095380

Function 00A88402 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 877ec6b4d035bb215de8830a8af3b1b08173597e0b8c2332e322708fc813dfc4
Instruction ID: df2b4294a3fdd1f58f85e9f670f7f0d513eb50e7d32c337cce132397deca1965
Opcode Fuzzy Hash: 877ec6b4d035bb215de8830a8af3b1b08173597e0b8c2332e322708fc813dfc4
Instruction Fuzzy Hash: 95B159F7F5062507F3580978DD983A265829BA5324F2F82788F4C6BBC6E87E4D0A53C4

Function 00A3C37B Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6162016ba5a8b0f1157cfa40a5673051a53ee426b266ffe3d6b18185b12fd46c
Instruction ID: fca1f070f3d9dee620303c975e611146d4813de1fe7b6c20a02062d64f82f052
Opcode Fuzzy Hash: 6162016ba5a8b0f1157cfa40a5673051a53ee426b266ffe3d6b18185b12fd46c
Instruction Fuzzy Hash: 09B19DB3F212254BF3544938CD683A26693DBD1320F2F827C8E496BBCAD97E5D095384

Function 009FE151 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c0271587591c5a65ce37110596494f12492f84ea9dd84fcd380f42436a80846
Instruction ID: 451789349f8ff5bcd82c70f32ae7a065b2182c5b68c7a963b4b9fbaaa6471e6b
Opcode Fuzzy Hash: 4c0271587591c5a65ce37110596494f12492f84ea9dd84fcd380f42436a80846
Instruction Fuzzy Hash: 67B18EB3E211254BF3944D38CD683623692DB95320F2F827C8E89AB7C5D97F5D096384

Function 00A1E31A Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a6131739d6561e49f172d374e493c9ba70db6a9a7ca8b7df6b8790b5a598087
Instruction ID: a9ba223bb50889818677cb7a79a28e88053ba0951c01da6d5f953ea936e2d18b
Opcode Fuzzy Hash: 3a6131739d6561e49f172d374e493c9ba70db6a9a7ca8b7df6b8790b5a598087
Instruction Fuzzy Hash: AFB15EB3F6132547F3444879CD983626A83D795320F2F82388F69AB7C5DDBE9D0A5284

Function 00ADF1D9 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21d977d89e5ebf38dc093fb6acba6cece88e566c8db17278bb27ee8cc04cb42a
Instruction ID: 33796e70e99d2cc86baaa4efcfdf3d007cd0c40389f1262e49d4592c0cd9643d
Opcode Fuzzy Hash: 21d977d89e5ebf38dc093fb6acba6cece88e566c8db17278bb27ee8cc04cb42a
Instruction Fuzzy Hash: 05B17FB3F116244BF3544939CD583A26683D7E5321F2F82788E586B7CAEC7E5D0A5384

Function 00AE049E Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f0f7819545bb7101c97e8fca4f7a1a062851248cee0ea9f1e76510fcdc9398d
Instruction ID: eff5b06783d0c3f8fe1d8763cf721f4cb74de794538966a316c7b6b8207a8be9
Opcode Fuzzy Hash: 7f0f7819545bb7101c97e8fca4f7a1a062851248cee0ea9f1e76510fcdc9398d
Instruction Fuzzy Hash: 45B19EB3F112244BF3848979CC983A27293DBD5310F2F81788E49AB7C5D97E5D0A9384

Function 009FA41A Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9715575f038c964197a35140caffed840382401dd4da7258cb5676baca0edc91
Instruction ID: 76a12331872afe8bdd1c5cd5799ee155674d77cb2d3028b64d0bcb9977aac82a
Opcode Fuzzy Hash: 9715575f038c964197a35140caffed840382401dd4da7258cb5676baca0edc91
Instruction Fuzzy Hash: D5B1AAB3E5123547F3944878CD993A2668297A4320F2F82788E5CBB7CADC7E9D0953C4

Function 009C020B Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d496266841ad8b2de3cfbdc2e95d5b79fdf03046f669d89a7bab0468305e8123
Instruction ID: 51c7d9a6c760919211dc9aae52eb2bffae5fc8e343f46eca475562eda0b9967d
Opcode Fuzzy Hash: d496266841ad8b2de3cfbdc2e95d5b79fdf03046f669d89a7bab0468305e8123
Instruction Fuzzy Hash: 68B18AB3F2022547F7584839CD683A2698397D4324F2F427C8F5DAB7C6D87E9D4A5284

Function 00A42016 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c990d744f534e05cecda2dbad10001be3e9aa08612b47ca261e1b5a896e02515
Instruction ID: 743174592c4b1ad6e44b4beafc8f4569c2519ed66186191867fc2f535d1589aa
Opcode Fuzzy Hash: c990d744f534e05cecda2dbad10001be3e9aa08612b47ca261e1b5a896e02515
Instruction Fuzzy Hash: 90B16AF7F1062507F3544939DD9836266839BD5324F2F82788F88ABBCAD87E5D0A4384

Function 00ADB068 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc9657f4c267c52dddd9b4b7cdcac36783373c5ac8e8430f1c1913997457e13a
Instruction ID: 6cfc2de6480b199aa22a4d15a0b1b16fa929765ce0e9f5567c65511ea1477382
Opcode Fuzzy Hash: cc9657f4c267c52dddd9b4b7cdcac36783373c5ac8e8430f1c1913997457e13a
Instruction Fuzzy Hash: CCB18CB3F1022547F3644D38CD9836276829B95320F2F82788E8DAB7C9D97E5D4A93C4

Function 009E912F Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b819ab7198124d3da27612c76c250a386b99dfedb2d176f08f226ea8689d3c5
Instruction ID: ff9303b4d18a5b8ac0aa07f087de598fbfb8e366bc23a301845c45625c9c09f1
Opcode Fuzzy Hash: 3b819ab7198124d3da27612c76c250a386b99dfedb2d176f08f226ea8689d3c5
Instruction Fuzzy Hash: 5DB186B3F102254BF3944939CC6836266839BA5320F2F82788F5DAB7C6DD7E5D0A5384

Function 009EA167 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b61a5456154804eee22a6d22066904f52c50037c49fe4b76bcf3e6c488559f
Instruction ID: 77aa04b1a0db38dd9971dc1a97d27a98b5b8eacdb42adfdfff1cf573ff84b215
Opcode Fuzzy Hash: 58b61a5456154804eee22a6d22066904f52c50037c49fe4b76bcf3e6c488559f
Instruction Fuzzy Hash: 7CB1AEB3F1122547F3984D28DC983A27292DB95320F2F427C8F19AB7C5E97E5D4A9384

Function 00A523DB Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4217e6683e76877bc1706657e3bfaeb937244e05fcac8d1ab1289b7c5f9b66
Instruction ID: 851c73e08424619dacac5bc4525f535e04ec7f7b6eaa2daa2a668f7092322ee9
Opcode Fuzzy Hash: 2c4217e6683e76877bc1706657e3bfaeb937244e05fcac8d1ab1289b7c5f9b66
Instruction Fuzzy Hash: 05B17AB3F1122547F3844928DDA83A27693DB95320F2F82788E1C6B7C5DD7E9D0A9384

Function 00A6024A Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50b14addea39ed1d70899b38479c6b371c9605fde698217dd6a3dce0fc4ad09f
Instruction ID: ba4b208acdec2f2cfa60b86bfd96ca81f47b32e490c2503c7922c65526cc14f1
Opcode Fuzzy Hash: 50b14addea39ed1d70899b38479c6b371c9605fde698217dd6a3dce0fc4ad09f
Instruction Fuzzy Hash: 2CB199B3F102254BF3944A28CCA83B27692DB95310F2F417C8E496B7C6D9BF5D4A9384

Function 009FC07D Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da39af590904295e7d0da6ca78f2114c9d5e245cdddf1c6b1bd8e0d9d44c753e
Instruction ID: d5a79ad8e117d1ea75bf52e7ae6f95f69caf5bb4fe7e640b86521f77913ee6b3
Opcode Fuzzy Hash: da39af590904295e7d0da6ca78f2114c9d5e245cdddf1c6b1bd8e0d9d44c753e
Instruction Fuzzy Hash: 43B19DB3F513254BF3584878CC983626683DBD5320F3F82388E599B7C6E97E9D0A5284

Function 009D01BE Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 265af1f06c06d7554ba99a7c7f29e6d5ed5d0bb75d2d794a59ace387f36cffd6
Instruction ID: 00e50b506981d5c04791c2baaa7ed3ed179750b1b25a738febdf97934467ad56
Opcode Fuzzy Hash: 265af1f06c06d7554ba99a7c7f29e6d5ed5d0bb75d2d794a59ace387f36cffd6
Instruction Fuzzy Hash: 01A14BB3F512204BF3988979CC583A66283DBD5315F2F82788E486BBC9DD7E5D0A5384

Function 00A3F1FD Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f376ef48115ab97df1b9c26ca0cadfd697ebdb0b793ef63bb94406954c2e0a31
Instruction ID: 59bb22a07f6df899b45245e4f33432efb0c6fe8b66db81dd098ee002b5072322
Opcode Fuzzy Hash: f376ef48115ab97df1b9c26ca0cadfd697ebdb0b793ef63bb94406954c2e0a31
Instruction Fuzzy Hash: B5B18CB3F2162247F3544D39CC983A26682DB95320F2F827C8F99AB7C5D87E5D4A5384

Function 00A541AE Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 079fde7953d5a99fe0e83ab84bc97131b629b12832433700d235a6436e7fcefa
Instruction ID: 648296c1277fec58d1ed854dbbb0436b321d8453bccb58c524bfd2b852075803
Opcode Fuzzy Hash: 079fde7953d5a99fe0e83ab84bc97131b629b12832433700d235a6436e7fcefa
Instruction Fuzzy Hash: 2FA15DB3F1122547F3884969CCA83A26683D7D5324F3F82788B599B7C6ED7E5C0A5384

Function 00A7F0A6 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57f1bfecf65347ef94572c61a35f278e351423f0e4f168d255ce558deea5580
Instruction ID: 81104b11df8bb5c22543e4cd889f3bcf55c01c0400d45ca92a6f3f39de5478c5
Opcode Fuzzy Hash: c57f1bfecf65347ef94572c61a35f278e351423f0e4f168d255ce558deea5580
Instruction Fuzzy Hash: 37B19DB3F102254BF7484D78CDA83A66683D795320F2F827C8E19AB7C6D97E5D0A5284

Function 00A70020 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9388a5d16d2cd764772eaec85ec8ec11624fc2c83f1e6e69c3dc3e894b8a9573
Instruction ID: b850e303fddffa81c71b85b35c1cd05be59d63b1d6f20ac57a74d21685a95f57
Opcode Fuzzy Hash: 9388a5d16d2cd764772eaec85ec8ec11624fc2c83f1e6e69c3dc3e894b8a9573
Instruction Fuzzy Hash: 46B190B3F112254BF3544938CC983A26683DBD5324F2F82788E19AB7C6DDBE5D4A5384

Function 00AC71ED Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f959742f6bd172488da029f8c5d68280d83f7403936782e152358bb1159929
Instruction ID: e20f7e371068b5e2e03545fe93ecaeafc8fda99c1513de9893508dbca5d55be8
Opcode Fuzzy Hash: 47f959742f6bd172488da029f8c5d68280d83f7403936782e152358bb1159929
Instruction Fuzzy Hash: F1A168F3F512204BF3944979DD983A2668397D5324F2F82788F486B7C6D8BE5D0A9384

Function 009AA1D2 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 122749cffff82f2df1a4e0f1761f36ea574d79a8a6dc1ab56ef8ae5c8cf82908
Instruction ID: f1cd9308831c8bd6ada7efaddf0fcfad2a9bce4f8925c9cf0e4b562a4c3c386b
Opcode Fuzzy Hash: 122749cffff82f2df1a4e0f1761f36ea574d79a8a6dc1ab56ef8ae5c8cf82908
Instruction Fuzzy Hash: 7CA19DB3F503254BF3484DB8DD983627682DB95314F1E82788F49AB7D6E8BE5D094284

Function 00ADD17B Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3451be8049ba85f343e8f8965516e72e81ac6dbf10b04e14ea747d92828b87f6
Instruction ID: 935a22e72d46b8f6111c546becb9eecbfffe65600b961b5b1407068372214562
Opcode Fuzzy Hash: 3451be8049ba85f343e8f8965516e72e81ac6dbf10b04e14ea747d92828b87f6
Instruction Fuzzy Hash: E4A189F3F1122507F3544969CC583626682DBA4325F2F82798F49BB7CAE8BE5D0A42C4

Function 009C50F0 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a67afa9dae2e5a6f0d0c7feef35fb47a8ae1cf3681c4ea715f6f2a24dfb0d062
Instruction ID: 3f64873ed1697cdafbe2c44e12def5bf6320f4c22d9bc8e750f94556d8304b29
Opcode Fuzzy Hash: a67afa9dae2e5a6f0d0c7feef35fb47a8ae1cf3681c4ea715f6f2a24dfb0d062
Instruction Fuzzy Hash: 94A18BB3F1122547F3544D38CD583A26682DBA5320F2F827C8F896B7C9D97E9D4A5384

Function 00A021D4 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6fdbcc8cac664e45590ecc973d32e85f83b4355a3824e1a7d449367d9dae06d
Instruction ID: da61a7a52cf84734fb259d21b63a0c385e79f54137279d280335dea05aaccbb1
Opcode Fuzzy Hash: c6fdbcc8cac664e45590ecc973d32e85f83b4355a3824e1a7d449367d9dae06d
Instruction Fuzzy Hash: 97A17AB3F112254BF3544979DC9836276839BD5320F2F82788E8C6B7C6D97E5D0A9384

Function 00ABA00B Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbfee1f4a0b94cf8fbe6bcc4c7a8f71349cfb552883f8a1a6d8de59000d9b14a
Instruction ID: 8f049945981c76686bfd43b05ccc832fef425487426a9b22a9017cb6bca01e85
Opcode Fuzzy Hash: dbfee1f4a0b94cf8fbe6bcc4c7a8f71349cfb552883f8a1a6d8de59000d9b14a
Instruction Fuzzy Hash: ECA19BB7F112254BF3584D28CCA83A23683DBD5310F2F827C8A495B7C6D97E5D0A9384

Function 00ABC209 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610b331abc18508a12453f59c09fc99a81eb2daa959a1d5bdcef179c66a41572
Instruction ID: 3611c13242061dbe4a7f0e4aa4768c2a3e95c3bb5f7dc0882b1554bc668dd28b
Opcode Fuzzy Hash: 610b331abc18508a12453f59c09fc99a81eb2daa959a1d5bdcef179c66a41572
Instruction Fuzzy Hash: E7A18BF7F1162547F3544838DC583A166839BA4324F2F82788E9CAB7C6E87E9D4A5384

Function 00AD033E Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd8dd470ecfbc7a88fd7ce213324b704941bbbed159fb779f738c8286c72a9a4
Instruction ID: 80723039c3455cb89451c224c1b7a184e842d8709cc2a2a39b3f32fb306c4dc6
Opcode Fuzzy Hash: dd8dd470ecfbc7a88fd7ce213324b704941bbbed159fb779f738c8286c72a9a4
Instruction Fuzzy Hash: 48A1AFF3F1062547F3584D78CDA8362A682DB95324F2F42798F4D6B7C6D8BE5C0A9284

Function 00A1C29B Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c8c24b560687fa5779dd605c9d8ded26374896517474e180401ce16ebf91bca
Instruction ID: c9bd5eec6d881025b0d7f03406fd85f981e0d6497efa005d20c13e7a84d92c1e
Opcode Fuzzy Hash: 2c8c24b560687fa5779dd605c9d8ded26374896517474e180401ce16ebf91bca
Instruction Fuzzy Hash: 60A18CB3F6162447F3984878CDA83626583D7D5320F2F827C8E69AB7C9DC7E5D0A4284

Function 00A8C4C8 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23bceca7520702d54621730de7fc6f6f0f6b59cdae6d73c517eaea4a16fb04d0
Instruction ID: 515fd64aae1c0ffc86818160eb1e3b5ad48efb1bcea6c3aca34f7d4423d56a5c
Opcode Fuzzy Hash: 23bceca7520702d54621730de7fc6f6f0f6b59cdae6d73c517eaea4a16fb04d0
Instruction Fuzzy Hash: 7DA18EF7F112244BF3544978DC983626683DB95324F2F82788F58AB7C6EC7E9D0A5284

Function 00A1300A Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a4d9def674516aac0e106b749f38ee99fa85bc7d8a118f07542338ac79aa54f
Instruction ID: 5e7dd6f7d99111c95d262034f351f3122e7c2e0f5466a833b9979b4f3cccbcbf
Opcode Fuzzy Hash: 2a4d9def674516aac0e106b749f38ee99fa85bc7d8a118f07542338ac79aa54f
Instruction Fuzzy Hash: 69A18AB3F1122547F3544D39CD983A26683DB91324F2F82788E58AB7C9DD7E9D0A5388

Function 00A46076 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d6e8c73da959a76988b8610db88e28711819e99c55b38f7cf8a03af8099164d
Instruction ID: 961611b3fbdefc551bf6554239326fb76e8c13a9f1e56d388c1bb28c75e7c11d
Opcode Fuzzy Hash: 0d6e8c73da959a76988b8610db88e28711819e99c55b38f7cf8a03af8099164d
Instruction Fuzzy Hash: EFA169B7F1122547F3584938CC6836266839BD5325F2F82788F4AAB7C6DD3E6C0A5384

Function 00A7B043 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b061b9790275e68e682b795601c74471da6f68778188b32a852b0fdefc595b4
Instruction ID: be6b7238cf2f31f82f9870f31b752f1c0f19a06af24c8152f2d8ef8bfdad5605
Opcode Fuzzy Hash: 4b061b9790275e68e682b795601c74471da6f68778188b32a852b0fdefc595b4
Instruction Fuzzy Hash: 9AA1A0B3F5062547F3540D38CCA83A16683DB95320F2F42788E5DABBCAD97E9D4A5384

Function 00A5C330 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d686db4551e66202b8258c44051123ec6240ff6a0359dc679c458483f7ea5a5f
Instruction ID: 469e87c6f0594eadef86fa65c25caa2e251ef9f78c03ab58dfc28d889e93bae7
Opcode Fuzzy Hash: d686db4551e66202b8258c44051123ec6240ff6a0359dc679c458483f7ea5a5f
Instruction Fuzzy Hash: FBA19FF7F1122547F3444839DD5836266939BE1325F2F82388E4CABBC9ED7E9D0A4284

Function 00A090D1 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5a28b828681092f055628264dffaeadbad12346c10cf2d17b4d271f501e5086
Instruction ID: 196f54628cd55c5bf9566a3813e78161701421f2ae3fd0ebc4ffe0269fa6cccf
Opcode Fuzzy Hash: b5a28b828681092f055628264dffaeadbad12346c10cf2d17b4d271f501e5086
Instruction Fuzzy Hash: 9AA17DB3F1122547F3844A29CC983A27653EBD9324F3F81798A486B7C6DD7E5D0A9384

Function 00A071BD Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd4b206a1b0a4fce6fad61a2f6938ccd40a04caff9f606e9aeb281a62afa0d68
Instruction ID: f3af3077a37d60b46724f266e0d2d98e81beadcddc154471ac1d714894822d52
Opcode Fuzzy Hash: bd4b206a1b0a4fce6fad61a2f6938ccd40a04caff9f606e9aeb281a62afa0d68
Instruction Fuzzy Hash: 51A19BB3F1022587F3544929DC983A67653DBD5320F2F82788F582BBCAD97E5D0A9384

Function 00A72490 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb24423e928302ccda3007fb43b249ed79989544fc7240c4f828ca880df03126
Instruction ID: d150dedb344cff642d2724342950066ace7769c8e9fca9d8c3555be6632d6e1c
Opcode Fuzzy Hash: bb24423e928302ccda3007fb43b249ed79989544fc7240c4f828ca880df03126
Instruction Fuzzy Hash: 0AA17CB7F1122547F3444939DD983A22583DBD5324F2F82788E5CABBCAD87E9D0A4384

Function 0099E541 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f0776c861f3d9be57ab72cdd0685dbe118ff8daf59940fe53c95216c6209f5
Instruction ID: c4c93376d91077f9a3905610d3e27ce02f6157811a5809813e5dd68a889451c7
Opcode Fuzzy Hash: 47f0776c861f3d9be57ab72cdd0685dbe118ff8daf59940fe53c95216c6209f5
Instruction Fuzzy Hash: 96A178B3E1123147F3A44968CC58362A6929B95324F2F82788E9CBB7C5DD7E5D0A53C4

Function 00A3908F Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4db9444b2f411571868687bacc3af9a106d7ff670c424c4f3b59d0d91b605150
Instruction ID: 373a803c679779f329b1ea2320daba886e2ebc6d6fc93c01c031e6cb369b595e
Opcode Fuzzy Hash: 4db9444b2f411571868687bacc3af9a106d7ff670c424c4f3b59d0d91b605150
Instruction Fuzzy Hash: E4A18CA3F106214BF3584979CD683A66683DBD5310F2F827C8F4AABBC5D87E9D095284

Function 00A2F186 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f2fb31fe7c2401e96d7a6847a82d9b4a14ddc5f4a9048df94b34371c018011c
Instruction ID: cb99961a45bceff9c4fd2930ac315bba89820380700cfba0ef892c2842fe7570
Opcode Fuzzy Hash: 8f2fb31fe7c2401e96d7a6847a82d9b4a14ddc5f4a9048df94b34371c018011c
Instruction Fuzzy Hash: 92A1A9B3F1122547F3944978CC583A2B6939BD1314F2F82788E4C6B7C9D97EAD4A9384

Function 009E7137 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc16b6fc39b3dd16edf01c77decae19a819fc46c7385376239b9c4b2a9c6a52b
Instruction ID: f45938927b8d1bd4ce347046ffe214584ee1e9b55c7c528ca2725c805cf6b178
Opcode Fuzzy Hash: dc16b6fc39b3dd16edf01c77decae19a819fc46c7385376239b9c4b2a9c6a52b
Instruction Fuzzy Hash: A9A1ADB3F1062547F3984878CC993A26282D795324F2F82788E5DAB7C6DCBE9D0553C4

Function 00A2C173 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1ff4f3a96a95324933a16a251d57d801d6d2a5153315d601e18a6880dbd0c3
Instruction ID: 1f5e25e97cf29bfe39cfc6851d5382f42ab7f19d4e9d8e5ef49b40ce982c42e1
Opcode Fuzzy Hash: 6a1ff4f3a96a95324933a16a251d57d801d6d2a5153315d601e18a6880dbd0c3
Instruction Fuzzy Hash: BEA19DB3E1162547F3504938DC583A27692DBA5324F2F82788E4CAB7C6E97E5D0A83C4

Function 00AC2318 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a4984640bc7733ac4069a6e3ff8f688ce68b436711c5a21b272e3ba1916918d
Instruction ID: 89d6c5e913769070255ac5f5af1ecf314505ab53faba003c306f81ac6f21725e
Opcode Fuzzy Hash: 4a4984640bc7733ac4069a6e3ff8f688ce68b436711c5a21b272e3ba1916918d
Instruction Fuzzy Hash: 12A18BB3F102254BF3640E69CC98362B693DB99320F2F42788E596B7C5D97E5D0A93C4

Function 00A6E5BA Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 312f16c640969c2f4faf661089ab770823337b70435d4f446d17ed64e206d1c0
Instruction ID: db0051b8456872c7e7be7ab80820a7129c45148946bc2dc88d5985b650548eb7
Opcode Fuzzy Hash: 312f16c640969c2f4faf661089ab770823337b70435d4f446d17ed64e206d1c0
Instruction Fuzzy Hash: C1A19AF7F106254BF3944838DD983616583DBA4314F2F82788F8DAB7CAE87E5D094284

Function 00ACB12E Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e8eaf16d5b3bccb269d59461f452f03a1b49968d91ae21e8c398aa2be594572
Instruction ID: b285d007d4eefb87aebf38faea8e0f4c8c4638b7cfbc83a3f6a88e8e18e1def0
Opcode Fuzzy Hash: 1e8eaf16d5b3bccb269d59461f452f03a1b49968d91ae21e8c398aa2be594572
Instruction Fuzzy Hash: EEA190F3F6022547F3944978CD983A26692DBA5310F2F82788F58AB7C6D87E5D0953C4

Function 00A4E240 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 632264fe76195424b4555ccbd271afe4fd919708698f419abfc3f949e3eb5268
Instruction ID: 31ab35171623a4977ac38147ba7f6639c919396a497af09183a25cc20706f233
Opcode Fuzzy Hash: 632264fe76195424b4555ccbd271afe4fd919708698f419abfc3f949e3eb5268
Instruction Fuzzy Hash: 33A18EB3F102254BF3944D79DC983A27682DB95324F2F42B88E48AB7C6D97F9D095384

Function 00AB8333 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01d43e33beddd91066c0ed0c71ca29b959405921b11406695dd40b408de58690
Instruction ID: 28a9512ab80ca7da3a156a3a19cb77b96dea2832ea53e728f727bb61680489fe
Opcode Fuzzy Hash: 01d43e33beddd91066c0ed0c71ca29b959405921b11406695dd40b408de58690
Instruction Fuzzy Hash: 46916AB3F102254BF3544879CD983A265839BD5320F2F82788F9CAB7C5D87E9C0A5384

Function 0099D013 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88a0d58b00a8c641a9ac057fd1e779ee579f9b6d7c1999bb2634e0b758c88e7b
Instruction ID: 3ac1ad8525d518aeabfec66d59e7145986709b32b007fd10cb13714029f843a4
Opcode Fuzzy Hash: 88a0d58b00a8c641a9ac057fd1e779ee579f9b6d7c1999bb2634e0b758c88e7b
Instruction Fuzzy Hash: 92917BB3F1122547F3544879CC583A266839BD1325F2F82788E186BBCAEDBE5D4A5384

Function 00A611D9 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb93e006f5f8822d0b29467e8a9173474079b97ffb59724cf7218ca03d41105b
Instruction ID: 5d6e452b408d4a20ba3506074ee8edb806117ef447739893044c0f7077130506
Opcode Fuzzy Hash: cb93e006f5f8822d0b29467e8a9173474079b97ffb59724cf7218ca03d41105b
Instruction Fuzzy Hash: 74A188B3F1112507F3984939CD5836266939BD5321F2F827C8E496BBC9DD3E5D0A9388

Function 00A5E24B Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea47d6fef7f21a3f8112bc31d7f0d53b618d50ea3f44194655055726a90e787
Instruction ID: c0d885f6c59e48386875d8e26f68cdc4029fc228d52a22e694a90815043612a0
Opcode Fuzzy Hash: 2ea47d6fef7f21a3f8112bc31d7f0d53b618d50ea3f44194655055726a90e787
Instruction Fuzzy Hash: C991ADB3F1122547F3544D39CCA83A26683DB95320F2F82788E49AB7CADD7E5D4A5384

Function 00A7C0C0 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61fff89c85ca76f8626157a961eb13e3d50730438661325667199280290d835e
Instruction ID: e9630e2cf78c41592d3e59d643e51e71ed4e95d659b9fe9c790a90d5f6977d65
Opcode Fuzzy Hash: 61fff89c85ca76f8626157a961eb13e3d50730438661325667199280290d835e
Instruction Fuzzy Hash: AF918EB3F616214BF3544938CD483A26683DBD5325F2F82788E5CAB7C5D8BE9C0A5384

Function 00AD2354 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be83c2b8607c3d7077e204590e5aef490222d92ae2756059989e5fd1d3867c34
Instruction ID: 47c2ab71d4b8e7ccc7c8aadc960aac738c2e3d7029bedc2c7d9b798969c6a576
Opcode Fuzzy Hash: be83c2b8607c3d7077e204590e5aef490222d92ae2756059989e5fd1d3867c34
Instruction Fuzzy Hash: E1918CB3F1123547F3548928CC98362B6829B95324F2F82788E5CBB7C5D97E9D0A53C4

Function 00A2442C Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 334004c95c7ade0bb33c734aa674cac90324d6789b52a549ca20c9554c78f2bf
Instruction ID: fb08825574362c462f13acc9c4e00c856da6e84721abb2ac025682562a40fdd3
Opcode Fuzzy Hash: 334004c95c7ade0bb33c734aa674cac90324d6789b52a549ca20c9554c78f2bf
Instruction Fuzzy Hash: 7491ADB3F4122447F3944939DC583A26283DBE5310F2F82788A4D6BBC6ED7E5D4A9384

Function 00ACE236 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2f9b3b8a9040fd3930ff78136149db5cea1e4b46e7e0cb044770679bab607bd
Instruction ID: c6fcade9cd0c56f0a4423f2f85c1fa3917dc1c1b4a0da737b7bc53b9031fd510
Opcode Fuzzy Hash: a2f9b3b8a9040fd3930ff78136149db5cea1e4b46e7e0cb044770679bab607bd
Instruction Fuzzy Hash: E4919CB3F1162547F3944939CD593A22683D7D5320F2F82788F48AB7CAD87E9D0A5388

Function 00A42524 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f45db87be0cfff84f1d55ec03ff2d5833b05f7c51f81b152f2f05c199b97b30
Instruction ID: 129b00449568a0137a5085b915fd2ef6e5a8ac032dc64fbae8516e57536ad940
Opcode Fuzzy Hash: 9f45db87be0cfff84f1d55ec03ff2d5833b05f7c51f81b152f2f05c199b97b30
Instruction Fuzzy Hash: 43917BF3F1212547F3444928DC58362B6939BD5325F2F82788A4CAB7C9D97E9D0A9388

Function 009E62A9 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c94fc5514402871961434975f27b32b2ab6fb1abc3659399f5c7ddca21c1e4f4
Instruction ID: 181ad8cd6a28bdd08dbcfc2956ccfd555ee9fa83d258e81d8708bf5b677f7655
Opcode Fuzzy Hash: c94fc5514402871961434975f27b32b2ab6fb1abc3659399f5c7ddca21c1e4f4
Instruction Fuzzy Hash: B191ABB3F5022547F3584D78CC983A27682DB91320F2F427C8E99AB7C5D97E9D0A82C4

Function 00A26050 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23b0770c45c4c81295a2bef7de20ddbdd751ad4b660ad416464a1c6399fe5aa8
Instruction ID: 643fd423dbffefe6887a144351512f1c1afb0dca6dfe8c1e54c8f15f318c3d5d
Opcode Fuzzy Hash: 23b0770c45c4c81295a2bef7de20ddbdd751ad4b660ad416464a1c6399fe5aa8
Instruction Fuzzy Hash: 5C917CF3F512150BF3884839CD993A22683DBD5311F2F82788B499BBCADC7E590A5384

Function 009CA58A Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57a677bc8e6c40adeeb6715b080695f4d9d959836533751ec9795b6250002c7d
Instruction ID: b349e23e90b3c1369bd01654faf268baeb9b5e16ccb3056a651d4d228da57e88
Opcode Fuzzy Hash: 57a677bc8e6c40adeeb6715b080695f4d9d959836533751ec9795b6250002c7d
Instruction Fuzzy Hash: 2C91ACB3F2122547F3584939CC693626683DBD5310F2F82798E49AB7CADD7E9D0A4384

Function 009FC57D Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 306e637306163558614391a3cb4ca25f0c0751a55f807a9dbccbc1558331994d
Instruction ID: 250918ab42459fd18f0b95e692254cd102703d485850570a5e6efa4cf1468321
Opcode Fuzzy Hash: 306e637306163558614391a3cb4ca25f0c0751a55f807a9dbccbc1558331994d
Instruction Fuzzy Hash: F4918BF3F1122547F3544928DCA83A27682DB95324F2F82788F59AB7C6D97E5D0A83C4

Function 00ABE3B2 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33afd6bc8cbdba6913d445288302bb064c5c357224917618f8296248195e2b64
Instruction ID: 9023a270b7eed86f5ce263486c545ca482ec930ccd5db9fa5bb7777c526c2006
Opcode Fuzzy Hash: 33afd6bc8cbdba6913d445288302bb064c5c357224917618f8296248195e2b64
Instruction Fuzzy Hash: BB918DB3F1122547F3544D38CDA83627683DB95310F2F82788E49AB7C9D97EAD4A9384

Function 00A443CB Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a5cea42147b514b809ad844542d217298270c63a4f5f62794e07ed4aafcb83
Instruction ID: 6f42dd458fbc77e621cb75600268816efaee40c3d0cad492ba3483a7554ed983
Opcode Fuzzy Hash: e7a5cea42147b514b809ad844542d217298270c63a4f5f62794e07ed4aafcb83
Instruction Fuzzy Hash: 45914BB3F2162107F3544939CC983626683DBD5325F2F867C8E88AB7CAD97E5D0A5384

Function 00A8A436 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84999b8bf77645a452f3ae2e9cd9d111cb55213f2173ef34855fafc9e9b2e5f7
Instruction ID: 2336e847e742cc4998453190c460d63c7fd9f9b4819523270ed1f9e835534e16
Opcode Fuzzy Hash: 84999b8bf77645a452f3ae2e9cd9d111cb55213f2173ef34855fafc9e9b2e5f7
Instruction Fuzzy Hash: 2D916DB3F1122147F394887ADD5835265839BE5321F2F82798E1CABBC9DCBE5D0A5284

Function 00A4D00F Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4cef164183ef9b8e7236d0ec5e1e7599bf330c6b8a11b81b6588c503a9c8841
Instruction ID: 20b55a780b047c6bdf70f1faca9749dc91e76ca1551807a7095d1a52cdf1cb68
Opcode Fuzzy Hash: a4cef164183ef9b8e7236d0ec5e1e7599bf330c6b8a11b81b6588c503a9c8841
Instruction Fuzzy Hash: E4916CB3F512254BF3544E28CC983A1B692DB95320F2F827C8E486B7C5E97F6D499380

Function 009B646E Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c503b1b201c13fdeac2fc3b675daa93d6b99fadd598b5b94967cf237f89d09
Instruction ID: 670b242eeeec37413c87859bcffd82ad50edb13e1634c69f8a9cc5825e943ca4
Opcode Fuzzy Hash: 42c503b1b201c13fdeac2fc3b675daa93d6b99fadd598b5b94967cf237f89d09
Instruction Fuzzy Hash: 12917AB3E1053547F3544928CC983A2A252DB95325F2F82788E4C7BBCAD97F6D4A93C4

Function 00AB61BC Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e066ffe6ca97dc377993313d6a4ed56c59f2fa71134a4e4786195533ab633ed
Instruction ID: f7a4f6451171f5695a1fe84edd33ff9138be49626472adf415ea5ac4fa1f3116
Opcode Fuzzy Hash: 5e066ffe6ca97dc377993313d6a4ed56c59f2fa71134a4e4786195533ab633ed
Instruction Fuzzy Hash: 3591A1B7F5122507F3484874CC993A266839BD5324F2F82788F59AB7C6DCBE9C0A5284

Function 00AD51ED Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ffeea1ef27ec72d9465172af08ff9473080ef52c4a111e534107b5aeee209c5
Instruction ID: 731cef09a233913da712cc95ed87b9b7d5c921bd16811d7cdc066d2e4bc8a869
Opcode Fuzzy Hash: 5ffeea1ef27ec72d9465172af08ff9473080ef52c4a111e534107b5aeee209c5
Instruction Fuzzy Hash: 0E919EB3F112254BF3544E29CC583A27293DBD6310F2F82789E486B7C5E97E5D0AA384

Function 00AB0571 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57b5002ca485279461efa0d37259a6b520fde65d76005a782d04e807c5d36a28
Instruction ID: ffa5681b8b8ecce5f3622a0e410d923d50ac959927e6ab73f1aef67a32d5b1dc
Opcode Fuzzy Hash: 57b5002ca485279461efa0d37259a6b520fde65d76005a782d04e807c5d36a28
Instruction Fuzzy Hash: 949158B3F1022447F7984D39CC983A27692DB95310F2F41BD8A49AB3D6DD7E9D0A9384

Function 009B422A Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97053faa5d12032faaf7d964079b1dd87d3ce164a90ac30d99516eb203dcf342
Instruction ID: 4cfa466cdb405f6b54e997a224ec28df60260fc349d91c4f838c2ab08a564d89
Opcode Fuzzy Hash: 97053faa5d12032faaf7d964079b1dd87d3ce164a90ac30d99516eb203dcf342
Instruction Fuzzy Hash: AA916AF3F6162547F7544838CD983A26683D7E4320F2F82788E5D6B7CAD87E9D0A5284

Function 00A20560 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae35d46e09950a1fc691a8f3465ef08138560649ea4430ddd929b78ba795f7c
Instruction ID: 977bcf65c453ed303efe3e763c782deeea89ec8a82fd05d8e10b715f15d0b744
Opcode Fuzzy Hash: fae35d46e09950a1fc691a8f3465ef08138560649ea4430ddd929b78ba795f7c
Instruction Fuzzy Hash: 05919CB3F1122647F3544D78CD983626683DB95324F2F82788F48AB7C6E97E5D0A5384

Function 00A360EF Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9b4c2f69d271f2cf9987dd1856b852bee52d79d6b0c6a3903e3160bf62394ec
Instruction ID: 95c69c92eaf3d761fc3fc4ba90352ae3fbb298a4d629df5b1d2cbb2671fdf0b7
Opcode Fuzzy Hash: e9b4c2f69d271f2cf9987dd1856b852bee52d79d6b0c6a3903e3160bf62394ec
Instruction Fuzzy Hash: 8A916DB7F112254BF3944D68CC583A27293DB95320F2F82798E886B7C5D97E5D0A93C4

Function 00AD4124 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e0e889f8d9b57744449ca80d7abd60ef042134e36772d61e053c85c46b6735d
Instruction ID: 101e8ad216a6b83e66ca4dccc50dd3bcd5de66a4bacedf355d02ea70b67cd52d
Opcode Fuzzy Hash: 9e0e889f8d9b57744449ca80d7abd60ef042134e36772d61e053c85c46b6735d
Instruction Fuzzy Hash: 299139B3E112254BF3548D28DC983A27653DBD5321F2F81788E486B7C9D97E5D0A9384

Function 00AE23A8 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b0db9293049a9b297d58b140002baacebb119ba02c1bc37930a79f72eb1dabf
Instruction ID: 38eec1fb198f2e77b3790375bf335ec9000d8c354fc32dd39fb64c7972d236d6
Opcode Fuzzy Hash: 2b0db9293049a9b297d58b140002baacebb119ba02c1bc37930a79f72eb1dabf
Instruction Fuzzy Hash: 859189F3F6163547F3944975CC983A261839B95324F2F82B88E5CAB7C6E87E5C0A52C4

Function 009AE528 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8144b1ce3dd09bc17f2384f10084966358753f2aaebb956357e7c0b844aa9e1f
Instruction ID: 041d10bc629787ee1faacf15f33745b07a676a2f2caeaee80b99d9a990636511
Opcode Fuzzy Hash: 8144b1ce3dd09bc17f2384f10084966358753f2aaebb956357e7c0b844aa9e1f
Instruction Fuzzy Hash: 6691B2B3F1162547F7444E28DC983A27653DBD9310F2F40788E496B7C6DA7E6E0AA384

Function 00A80500 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c99548140a60f1bc58c6256f8183b5de5a0732aeeb4c524bd4728e6b1090502e
Instruction ID: 1b26d966a6863b9d2687c18c0275c1a473ba0dd6e499196ac7923860099bcc76
Opcode Fuzzy Hash: c99548140a60f1bc58c6256f8183b5de5a0732aeeb4c524bd4728e6b1090502e
Instruction Fuzzy Hash: E391AF73F102218BF7444E68CC983A27693EB85314F2E827CDE496B7C9D97E5D0A9380

Function 00AD11D7 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95da86a5199a95a76408214f66ea2c739ac7b404e6ab6e51b7069440930b867f
Instruction ID: 496f17babc4cf3fbe628a7c10bfa8073b3d869d763809e3dc723001a2b746165
Opcode Fuzzy Hash: 95da86a5199a95a76408214f66ea2c739ac7b404e6ab6e51b7069440930b867f
Instruction Fuzzy Hash: A1819FF3F1162647F3448939CC583626683DBD5321F2F82788E585BBCAD97E5D0A5384

Function 00A1B1B4 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46fef982d115f998381650dc628d6ff6d253e6a0ba816e0841f90ef5e29024cf
Instruction ID: 5cde5ea86183eb8a4c7dd653344798303ad6fdf4792194ae68ea7cb8a29ca7aa
Opcode Fuzzy Hash: 46fef982d115f998381650dc628d6ff6d253e6a0ba816e0841f90ef5e29024cf
Instruction Fuzzy Hash: 978189B3F112254BF3544D78CC983A2B6939B95320F2F82B88E486B7C5D97E5D4A93C4

Function 00A691EC Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e337052cdb89fc8ff735f6497c6fac9fb3d032da18cde0801229cd067cd98e22
Instruction ID: 4a613a5227259b257905b9d056e142d40ef0e6dd2faa68fef1b01c4672016578
Opcode Fuzzy Hash: e337052cdb89fc8ff735f6497c6fac9fb3d032da18cde0801229cd067cd98e22
Instruction Fuzzy Hash: EC9190F3E1122587F3444E78CC983617692DB96320F2F82789E686B7C5ED3E5D0A9384

Function 009AA693 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3705544ebc9f2f2e010f01d2ae98d9fd2d5372da069c3dae3949e80ba73508b6
Instruction ID: c0f9d0890650c05ecc3541e13cda53ba8ca6e83771b0a9defb679d7b0d437cca
Opcode Fuzzy Hash: 3705544ebc9f2f2e010f01d2ae98d9fd2d5372da069c3dae3949e80ba73508b6
Instruction Fuzzy Hash: EE9189F7F506214BF3488C78CD983626682D794324F2F427C8F496B7C6E97E5E0A5288

Function 00AC00DA Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94702fc141d247220199e44c626b5fe80eabacc809ba3cf55811904c875223ca
Instruction ID: dcc7c31d8cfcd39b24b1a39254c9fb72db9572fa95d7f496fbe2eb3a34c3c56a
Opcode Fuzzy Hash: 94702fc141d247220199e44c626b5fe80eabacc809ba3cf55811904c875223ca
Instruction Fuzzy Hash: 52817AB7F6161547F3444938CC983A23693DBD6311F2F82788A085B7CAD97EAD4A9384

Function 00AB24E5 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8b91f25232ff50ffa519d1a297f942d12e32c90a32ba2761f52a8bbf5cb6859
Instruction ID: 37ec99d93fcec03beed7d436ce7e527c99d714658d93c87c7032bf697649b981
Opcode Fuzzy Hash: a8b91f25232ff50ffa519d1a297f942d12e32c90a32ba2761f52a8bbf5cb6859
Instruction Fuzzy Hash: 278156B3F1122547F3544929CC983627693ABE1320F2F82788E5C6B7C5D97E5E0A9388

Function 00A2012B Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5822de71eadc18053251d02a74023416d7d9286da7c067954c42a160b9ad9a4
Instruction ID: 8b833ec2cf72c2a7119961d76686680a02917574034b8d18154a9aa39504f730
Opcode Fuzzy Hash: f5822de71eadc18053251d02a74023416d7d9286da7c067954c42a160b9ad9a4
Instruction Fuzzy Hash: 418157F3F1162147F3584929CD58362668397E4325F2F82788F5C6B7CAE97E9C0A4288

Function 00A342A9 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b588230f6705746fdec6b86e8c45863d20d48082809fa1fece0acbc5e7196367
Instruction ID: af92e0877bbddd0150c3ebba6c89b16239131ac5adc4f6e649bc2596a04ee3ce
Opcode Fuzzy Hash: b588230f6705746fdec6b86e8c45863d20d48082809fa1fece0acbc5e7196367
Instruction Fuzzy Hash: 6F8159B3F1022547F3584D69CC98362B693DB95320F2F427C8E49AB7C5D97E9D0A9384

Function 00A1F0B8 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5f73c64e75295581a955635cdcb1f421af232f08c279922e6472bd3a758a87
Instruction ID: c373a0ce5ff54a7fb0d29ebe30b089efb46901746d01fc85b3bbea1a93aa2eb0
Opcode Fuzzy Hash: 6f5f73c64e75295581a955635cdcb1f421af232f08c279922e6472bd3a758a87
Instruction Fuzzy Hash: DC817AB3F1062507F3584978CD583A26643DB96314F2F82788F496BBCAD8BE5D4A5384

Function 00A3B0B0 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681c15caea87603b329696185e2493e74e6d1ea01908d98766bd53adba511d60
Instruction ID: b1ae525b8260a55c237ade015343cb7f052022ab9185bf089a5da85bff146598
Opcode Fuzzy Hash: 681c15caea87603b329696185e2493e74e6d1ea01908d98766bd53adba511d60
Instruction Fuzzy Hash: AE818AB3F1122547F3544978CC683A266939BD1324F2F82788E5C6BBCAE97E5D0A53C4

Function 00A451F2 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd621398953e44749e56793b576b3d0ad99be62da5542ee265a77898564f9e66
Instruction ID: 5dc481927d93d90f9d3c491bf73c1a15eb1794fe0d018d317c72cdd34c27f321
Opcode Fuzzy Hash: dd621398953e44749e56793b576b3d0ad99be62da5542ee265a77898564f9e66
Instruction Fuzzy Hash: 68815CB3E1162547F3904D39CC883A266939BE5320F2F82788E8C2B7C6D97E1D4957C4

Function 009E8275 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 373d33da0a21a7b194a54021e8a283c1404476017e48b41ec220a0904baeddc6
Instruction ID: 199269e29bbac7c1278311c81d5fba858f802706f424c6b7b7abb50b0f191345
Opcode Fuzzy Hash: 373d33da0a21a7b194a54021e8a283c1404476017e48b41ec220a0904baeddc6
Instruction Fuzzy Hash: 5D818BB3F112214BF3504D69CC48352B6939B95324F2F82788E5C6BBC9D93E9D4A93C4

Function 00A22228 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7270b82fa11ef18402d22cfa4deb95e0fb58712a320f282c1e0ec5802c6c84f
Instruction ID: 7f75d6ca9aea6fe2f7a10630c6f8f0bf1be3941dffa2974b366ec4969292a454
Opcode Fuzzy Hash: c7270b82fa11ef18402d22cfa4deb95e0fb58712a320f282c1e0ec5802c6c84f
Instruction Fuzzy Hash: 37817DF3F1161547F3444938CCA83A22653DBD5328F2F82788B595BBCAD97E5D0A5384

Function 00A166B5 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0eb16b66222784dd9b0f51a8dd466a8f5edca75bce45f984bba8dffe9b4f167
Instruction ID: c39abf71a11bface73d791002e8500ee94baaf7a23c04ab323c0349e2cb464ff
Opcode Fuzzy Hash: b0eb16b66222784dd9b0f51a8dd466a8f5edca75bce45f984bba8dffe9b4f167
Instruction Fuzzy Hash: 89817FB3F5122547F3548D39CC983A27293DB95320F2F82788E58ABBC9D97E5D0A5384

Function 00A9F122 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d23b4f4f333e5bbb47b4692e671246452d1833f5055575f599d6dcbdc2228c0a
Instruction ID: 416382ec659faf04171591b61be16c84d3b3ee64834b23c12ebaf016ca2d1ac1
Opcode Fuzzy Hash: d23b4f4f333e5bbb47b4692e671246452d1833f5055575f599d6dcbdc2228c0a
Instruction Fuzzy Hash: 10819BB7F112254BF3440A29CC543A27653DBDA324F2F82788E086B3C6DD3E6D0A9384

Function 009F4275 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0048d24a6e0379ab3a8c518544c82081c8240bb4fb9dd96dde3763ee77fe496f
Instruction ID: 7b58d2ea7ae599da31fdcbec8ddb6aa8ec6896e29d0885217d2a8c2c4f32100e
Opcode Fuzzy Hash: 0048d24a6e0379ab3a8c518544c82081c8240bb4fb9dd96dde3763ee77fe496f
Instruction Fuzzy Hash: 728191B3F103258BF3444EB8CC983A27652DB95314F2F41788E586B7D5D9BE5D099384

Function 00A70516 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e78cf842178a4453156a0f2663c95564b0d745f3bb33158efe00b1d4e7020532
Instruction ID: 8543ce219e21ba164ce8a00a7344d32f96a7353cb0180f7f4c544382d6a2bfd2
Opcode Fuzzy Hash: e78cf842178a4453156a0f2663c95564b0d745f3bb33158efe00b1d4e7020532
Instruction Fuzzy Hash: 0E813BB3F512254BF3944D39CD9836266839BD4310F2F81788E88AB7CAED7E5D4A5384

Function 00AB20FF Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ced9de0cf69abeead16a15856474e0229d056a00310e8bb6fb1ddc270cb45f2
Instruction ID: b4eb93f173dd37b66f4b4f7267f51fe38ad9a6dae9dd5e47ff400cd22a3bb25a
Opcode Fuzzy Hash: 9ced9de0cf69abeead16a15856474e0229d056a00310e8bb6fb1ddc270cb45f2
Instruction Fuzzy Hash: 2E8148B3F1122547F3544D38CC683A266839BD5321F2F82789E98AB7C6E87F5D4A5384

Function 009D869E Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fdf624a6acf61b259357faf7a0034796a4961b45dff05a9f4dd58109893b4ef
Instruction ID: c1e98211deb91e67756f9d0d36c660638a352f69d046f15a5513da1b727e685c
Opcode Fuzzy Hash: 8fdf624a6acf61b259357faf7a0034796a4961b45dff05a9f4dd58109893b4ef
Instruction Fuzzy Hash: 4F818BB3F102254BF3548D79CC983A27683DB95324F2F81788E48AB7CAD97E5D4A5384

Function 00A264D8 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56d407d88b71abc7b25de8230d0b9d763881e17bb8762ee3dbc217c6c0472cb9
Instruction ID: 9ab677689de0ce043fe8ac62827da7cff992cce5ddd611b8b68c2c7cf5f287e1
Opcode Fuzzy Hash: 56d407d88b71abc7b25de8230d0b9d763881e17bb8762ee3dbc217c6c0472cb9
Instruction Fuzzy Hash: E3819DB3F512254BF3584939CC583A27583DBD5324F2F827C8E59AB7CAE87E5D0A4284

Function 00A8641F Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acb538cafc27b94e3b36727c08a6fe069607c27bbafa72e86a2b1f9e38a73d90
Instruction ID: 63aeaea20c852ed891ef98989eeb62eb8ccb0ca9219c309bb04cd1c98e0802ea
Opcode Fuzzy Hash: acb538cafc27b94e3b36727c08a6fe069607c27bbafa72e86a2b1f9e38a73d90
Instruction Fuzzy Hash: F48179F3F5162507F3444969CC583A2669397E4324F2F82788F4DA7BCAE97E8D4A42C4

Function 00A54688 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f85deee70c285a44e2e28dd32af9fb558fad72562490c7517a08780af0844f57
Instruction ID: eccc1c1239e6f1361b95516830814555e0bbd54af669a56a8f9741099b5f7e7f
Opcode Fuzzy Hash: f85deee70c285a44e2e28dd32af9fb558fad72562490c7517a08780af0844f57
Instruction Fuzzy Hash: 3481ADB3E5122547F3504D39DC983526683DB90324F2F82788E9C6BBC6D87F5D0A5384

Function 00AAA2DF Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c6b5d12485886c6374c1fef85771f4548c6da742b72847a4625edc27eda783
Instruction ID: b53ad895e19e1fc82063fbe2aad0725175a2ee16f485aabe1417c7f80a0dfb90
Opcode Fuzzy Hash: d2c6b5d12485886c6374c1fef85771f4548c6da742b72847a4625edc27eda783
Instruction Fuzzy Hash: FC816BB7F1122547F3444928CC58362B2939BE5324F2F42788E486B7C6DE7EAD1A93C4

Function 00A56350 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef9242f07ab60af9c82cb5a5d6ebcef607b97af71e320ef51d3f64974a6aaa27
Instruction ID: 65d71d38e8be77714cbf1d3479ec574114fbaec7fb298c3bb1f65ab58db8a406
Opcode Fuzzy Hash: ef9242f07ab60af9c82cb5a5d6ebcef607b97af71e320ef51d3f64974a6aaa27
Instruction Fuzzy Hash: 5F81AEB3F1022547F3584828CDA93A26683DBD5324F2F42788E5DAB7C6C97E9D0A43C4

Function 009F24DF Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eaa00a903678675911d54565bb9bbbd519b3f1cb500f299e6dbb369dcf974dc
Instruction ID: 0fd90ffefc12195d77af88f58569f6c2236bf915b9feaad19d496a5cba858093
Opcode Fuzzy Hash: 0eaa00a903678675911d54565bb9bbbd519b3f1cb500f299e6dbb369dcf974dc
Instruction Fuzzy Hash: D2817CB3F1122547F3548D29CC983A27693DBD5314F2F82B88E486B7C9D97E5D0A5384

Function 00A9A4C5 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c49c5c91fb59a94af8905aa53fb168ed46cee64c6523ab759ae35b8b117a320d
Instruction ID: 41ecf61490834b8bf9ba55e78a86285f5cdfb790b2a1ad6cb7d322b45322d7ca
Opcode Fuzzy Hash: c49c5c91fb59a94af8905aa53fb168ed46cee64c6523ab759ae35b8b117a320d
Instruction Fuzzy Hash: DB819EB3F1122547F3844938CC683626693DB91325F2F823D8E48AB7C5ED7E9D0A8384

Function 009BE04A Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb13015ce69aa71eaa8a8a41cae9c8e2ea90b53aa9bc4bd53f9219b420a774a6
Instruction ID: 57ec3bc6f4f3b7568fa39ff9bb27a8bff2e413dd127172aa42084391275e3a86
Opcode Fuzzy Hash: cb13015ce69aa71eaa8a8a41cae9c8e2ea90b53aa9bc4bd53f9219b420a774a6
Instruction Fuzzy Hash: DC816AF7F1122547F3444939CD983622683DBE5325F2F82788E586B7C9EC7E5C0A9284

Function 00A2408A Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c173a15d8c52ba1cb1bc17139f1e6724af008027dcc0de539646bb47d6ff3b1
Instruction ID: aa9298b98220703f33374205da08af10aed7ebbb64986d33e7d7a1290fe9f102
Opcode Fuzzy Hash: 8c173a15d8c52ba1cb1bc17139f1e6724af008027dcc0de539646bb47d6ff3b1
Instruction Fuzzy Hash: 02817DB3F102244BF3844D39CC983627692EB95314F2F82798E496B7DAD97E5D0A9384

Function 009DC12C Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 456b03440f1e84a39a0d563151b2049e7ad19f5bb3e214ca1db5e5b9dbea9e07
Instruction ID: 767cf128e313676a29f8433b4a0ced1bfbbae3afa90e360ddc62b4de9e9524a1
Opcode Fuzzy Hash: 456b03440f1e84a39a0d563151b2049e7ad19f5bb3e214ca1db5e5b9dbea9e07
Instruction Fuzzy Hash: 83718CB3F112254BF3544929CD583A2B683DBD5310F2F82798E48AB7CAED7E5D0A5384

Function 00A06428 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4368369cf9c112e98981ba177be434a01d87cc8436c02304abb45ee1fff649b
Instruction ID: 96052ebcf3768bb13092a7bba26d291db8a1602dd5d62e6e947bd8eabe155449
Opcode Fuzzy Hash: a4368369cf9c112e98981ba177be434a01d87cc8436c02304abb45ee1fff649b
Instruction Fuzzy Hash: 918194B3F1122547F3544E29CC983627393DB95310F2F82788E486B7C9D97EAD4A9384

Function 00AC6157 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e2880f9ce9e96a88f56c43c32c1d77c999732d9902a6adf73e0d61ffbf931c7
Instruction ID: bcc79cbe81c07f0d4602dfd90a744815ab42eb8b2508218a68f9cf2d62a83cd0
Opcode Fuzzy Hash: 2e2880f9ce9e96a88f56c43c32c1d77c999732d9902a6adf73e0d61ffbf931c7
Instruction Fuzzy Hash: 9981CCB3F112250BF3544939CD583A26683DBE5315F2F82788E58AB7CADD7E9D0A4384

Function 00A841BD Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c261b0aa162baad498b5322790c2f32de317f3043e3b9d7273fd8c4dc191d29
Instruction ID: e1afa17d2ce07eeb09c1694d8bc94e3774c4930cda134b278cf514288fa2b0e4
Opcode Fuzzy Hash: 8c261b0aa162baad498b5322790c2f32de317f3043e3b9d7273fd8c4dc191d29
Instruction Fuzzy Hash: 628198B7F513254BF3804E29DC983527683DBE9314F2F82788A486B7C9D97E5D0A9384

Function 009E010A Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2f91b6b61591da90eff2b869df63dfc64b531ade2a6ba910dcaab4b1efed20
Instruction ID: 3ad60fd6cea06bae72c6e48de4d837c4277715fae8e7b39c5ac30a979dbaf3c0
Opcode Fuzzy Hash: 3b2f91b6b61591da90eff2b869df63dfc64b531ade2a6ba910dcaab4b1efed20
Instruction Fuzzy Hash: 01818CB3F1122547F3944969CC58362B283DBE1324F2F82788F5D6B3C6E97E9C095288

Function 009B9299 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7f5a8922bb610c0bea73e74d4ac22e00da1d3c5429b64a1ebb472c9d899e34
Instruction ID: 6986c79c76fa51b003740dec9c5a7724f150993357c65189ec7420ad1bb97a26
Opcode Fuzzy Hash: 3d7f5a8922bb610c0bea73e74d4ac22e00da1d3c5429b64a1ebb472c9d899e34
Instruction Fuzzy Hash: 0D71BDB3F512244BF3904839CD583A22683DBD5320F2F82788E596BBC9DDBE5D0A5384

Function 009A2102 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8a72a6589206a88671f37abb81f3eeaf2a1acc1ff3f441f55c30da53a0d3411
Instruction ID: e2c3d7b178c9cf4062fd0f946bac0ee65008b738dfb0a03987e5d6670d06e14d
Opcode Fuzzy Hash: f8a72a6589206a88671f37abb81f3eeaf2a1acc1ff3f441f55c30da53a0d3411
Instruction Fuzzy Hash: 55714AB3F1122647F3544E29CC983627283DB95311F2F82789E189BBC9D97EAD499384

Function 00AC04BB Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6bd2dbf782f8d5f6d9dbe32558097580762f59a2f48c6602ae03c2e9d564a87
Instruction ID: 098634a224c9f493a334e82092df31ba1a42531cd4eb99bae99d61b355c795f5
Opcode Fuzzy Hash: a6bd2dbf782f8d5f6d9dbe32558097580762f59a2f48c6602ae03c2e9d564a87
Instruction Fuzzy Hash: 67818DF3F1022447F3544D25DC88352B292EBA5310F2F81788E8CAB7C6E97E9D0A9784

Function 009D3188 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4fb83d84bc56e0e08948443bf7763d07f60fee779a8177ec15700f3071a5e1f
Instruction ID: 4196706feadc91d64bc9ebe3c8ef23857962927eb9e9e604f5fccd29dc70a63f
Opcode Fuzzy Hash: c4fb83d84bc56e0e08948443bf7763d07f60fee779a8177ec15700f3071a5e1f
Instruction Fuzzy Hash: DF716BB3F1123547F3508979CD58362A6839795320F3F82788E58AB7CADD7E9D0A52C4

Function 00A1A5FE Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c06b9461bbaec8be4f719f0ac651fb69b6ffdeb6427652c5ddaddf225ee48ac
Instruction ID: 8e7bd79b15484b24329298909bf68c3a920a4cb1c0391b39dc24584190f0d1d9
Opcode Fuzzy Hash: 4c06b9461bbaec8be4f719f0ac651fb69b6ffdeb6427652c5ddaddf225ee48ac
Instruction Fuzzy Hash: 4C7168F3F1162547F3544928CC583A2A6839BE5324F3F82788E5C6B7C6E97E5D0A5384

Function 009C43BC Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0aa29d2e94afbc60fb5fc0debd395afffefc1659ddbd23b798f99c3da7305fc
Instruction ID: 2a395d96772ef4f25acffa55d9027bba36f5793927eb3ccc1df95f8d9d6c8ab5
Opcode Fuzzy Hash: d0aa29d2e94afbc60fb5fc0debd395afffefc1659ddbd23b798f99c3da7305fc
Instruction Fuzzy Hash: E4716AB3F1122547F3544D3ACD583A662939BE5324F3F82788A586B7C9E97E5D0A8380

Function 009D069A Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecdf27a0b88c1c3889adbd92fe5647068dcc73654d1aca1e176d9645725f7c98
Instruction ID: 9c5687b1e1b81a3e6c4d448ea350f5d4202e1b9712bf0b87d6763995100fc630
Opcode Fuzzy Hash: ecdf27a0b88c1c3889adbd92fe5647068dcc73654d1aca1e176d9645725f7c98
Instruction Fuzzy Hash: 6E719FF3E216254BF3544878CD58362B693DBA5321F2F82788E18A7BC9E93E5D0952C4

Function 00A04269 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad204504c9a2708449b97d7fa28fa1b00ef8596d4526edee1c6cf0bf213a258d
Instruction ID: 1295b392902c936d2796e9df5e0b3a2dab75734c4f1cf74218710a3a62902a94
Opcode Fuzzy Hash: ad204504c9a2708449b97d7fa28fa1b00ef8596d4526edee1c6cf0bf213a258d
Instruction Fuzzy Hash: 22718DB3F1122547F3504939CD583A26683DBD5325F2F82788E4CABBC9D97E9D0A5384

Function 00A91194 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b14e326841108d5ac516a2b8575f7d7e00abbd58fbc54f70909bc40a93fadc70
Instruction ID: ff7e79caa694d37a2bccfc4adf58993644ed29e9cb2fe145e3a9c026f3ed54c9
Opcode Fuzzy Hash: b14e326841108d5ac516a2b8575f7d7e00abbd58fbc54f70909bc40a93fadc70
Instruction Fuzzy Hash: 047169B3E1122547F3A44D29CC583A2A292EBA5320F2F827D8E9C6B7C5D97E5D0953C4

Function 00A942EA Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c22c1a455bcd024ff037581a433b783e8893ba78aab0fe52f533191d1fbc888a
Instruction ID: a6945b0d4845c882aeaad2d9e4da1cb11ac02a28c93d8a105db72f2769916583
Opcode Fuzzy Hash: c22c1a455bcd024ff037581a433b783e8893ba78aab0fe52f533191d1fbc888a
Instruction Fuzzy Hash: 79715BB7F1122547F3544D29CC983626283DBD5324F2F82788E986B7CADD7E5D0A5384

Function 00AA827B Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a6802459a7b023e2b7a8016a0b1c71cf01795dbdc81ebeb85e7e0fdd84c4d5e
Instruction ID: defaa2bf2d105c8bf7834d5a1faec3b00afef1f74a32545d8b211a412dd91367
Opcode Fuzzy Hash: 7a6802459a7b023e2b7a8016a0b1c71cf01795dbdc81ebeb85e7e0fdd84c4d5e
Instruction Fuzzy Hash: 3C715DB3F1122587F3544A29CC983627693DBD5320F2F427C8E496B7C5D97E5D0A9384

Function 00A8224F Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20ec382c2494bbcca56d411e81b08b8900c813ab034061b07ce02fa13d523a42
Instruction ID: 448a6231c03056e564b71c83b21b9a6f163b735b63569edd2bc132b8ca571c25
Opcode Fuzzy Hash: 20ec382c2494bbcca56d411e81b08b8900c813ab034061b07ce02fa13d523a42
Instruction Fuzzy Hash: 1F717BB3F2162547F3504D29CC983A27693DB95320F3F42788E98AB7C1D97E6D0A5384

Function 00A4C310 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a37c961773dd696fc0467e69ecfc5c3916b8c9a1e655bcaf390bb3d8c780564
Instruction ID: 708d29c1dc1c648917bf4eeb3fa27868a11079b4b0e4f553282f96bfdcd9ca35
Opcode Fuzzy Hash: 5a37c961773dd696fc0467e69ecfc5c3916b8c9a1e655bcaf390bb3d8c780564
Instruction Fuzzy Hash: 7F718FB3F102154BF3844D78CCA83627692EB85314F2E817C8E499F7C5DABE9D099388

Function 009DA453 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3829a3224bebfe730fbcd3d425758462767a30a9efdf280650e77434e0e8f99
Instruction ID: e500d9f92a31a510fbdbcfef2ba52301d4ec6dc4406c99377b65d30f24887e84
Opcode Fuzzy Hash: e3829a3224bebfe730fbcd3d425758462767a30a9efdf280650e77434e0e8f99
Instruction Fuzzy Hash: 997169B7F1122647F3544939DC483A2B6839BE4324F2F82788E486B7C6ED7E5D0A5384

Function 00A96348 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87a94e9a9538ca4553c4797c3ae20db254d9cab9778b03e52e6aaf10e13efc9a
Instruction ID: f5b5ee03b4b246c19a5f1e233ec77fa87f50475b186a4efba951309fd04152e6
Opcode Fuzzy Hash: 87a94e9a9538ca4553c4797c3ae20db254d9cab9778b03e52e6aaf10e13efc9a
Instruction Fuzzy Hash: CE7190B3F5122547F3844E29CC983627293DBD9320F2F81788E485B7C9E97E6D0A9784

Function 00A9A161 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b79afdea09ecbd066b7d5218eec37731a1235269db71bbf968e10ff55a49cc2
Instruction ID: 4f309549242c87a294ebc8d6f87dd2c6b004ba733ead8c2798121e8257a141d0
Opcode Fuzzy Hash: 0b79afdea09ecbd066b7d5218eec37731a1235269db71bbf968e10ff55a49cc2
Instruction Fuzzy Hash: F571BEB3F1162547F3944D25CC883A27293DBD5314F2F81788E48AB7C6D93E5E0A9784

Function 00AB65FC Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4651cd1888531e8a8fa5d72c63e886315c7304f44fde4d35571f214aefb114ba
Instruction ID: dd31cd9967f8033e950b2f3075ed16c54687cb434412897f234c8179847f86a0
Opcode Fuzzy Hash: 4651cd1888531e8a8fa5d72c63e886315c7304f44fde4d35571f214aefb114ba
Instruction Fuzzy Hash: C9619BF3F516214BF3544978DC983A16683EBD4314F2F42788A88AB7C6EDBE5D0A5384

Function 009A246B Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edcc8eeeaca006fd725f00ecfee4586644ba874bf01e6637d46fabe84785fbad
Instruction ID: 7dc18a91b7c733e233f7d61135cca752e12c8b87e07c988a6022b237f2f845cf
Opcode Fuzzy Hash: edcc8eeeaca006fd725f00ecfee4586644ba874bf01e6637d46fabe84785fbad
Instruction Fuzzy Hash: 2361A1F3F1062547F3584878CD593666582DBA0324F2F82398F5AA77C6D8BE9D4A1384

Function 00A0E037 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404262bb4822ceb596e24f3893a17d2a16a1df0c525445ab12b35982b8a25984
Instruction ID: 461c4b59861ddb4fbf0c12b930b8299240e544c73dfaca76d8dd477a385ce8fe
Opcode Fuzzy Hash: 404262bb4822ceb596e24f3893a17d2a16a1df0c525445ab12b35982b8a25984
Instruction Fuzzy Hash: CD615BF7F516244BF3444939CC683A2769397E5324F2F82B88E4C6B7CAD97E5C0A5284

Function 00A76105 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f4d85a191e758094ee033e880072e848d5446ee8890666d5d08ec57bf1e6c6
Instruction ID: ef45d8cc541eb6d3b369bf8561f84e79523a0ed484d590c4b3d2c1c1b95281f0
Opcode Fuzzy Hash: d3f4d85a191e758094ee033e880072e848d5446ee8890666d5d08ec57bf1e6c6
Instruction Fuzzy Hash: 4561AEB3F512254BF3404D69DC983927793EBD4320F2F81788A486B7C6EA7E5C4A9384

Function 009BB195 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c059d3f9d6bf0084c31b04634728e5e145e1e06d19c108f58f9829f320ce738a
Instruction ID: c204cedcf0d351a1dba5142abc5073ba16f5e7e44a0162d2b36531091bcf3aa9
Opcode Fuzzy Hash: c059d3f9d6bf0084c31b04634728e5e145e1e06d19c108f58f9829f320ce738a
Instruction Fuzzy Hash: A5615AB3F1122547F3944939CD583626683ABD5320F2F82798E9CAB7C5DD3E9D0A9384

Function 00A8E388 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4301667850cf11d67a9390c5e315f7a43927ce30ee9339f29d3ee2fdad80b2b
Instruction ID: d47ff824f706bd7ccfe54ab6f452782bf4a28ed6151815247d0afb21252bf99c
Opcode Fuzzy Hash: c4301667850cf11d67a9390c5e315f7a43927ce30ee9339f29d3ee2fdad80b2b
Instruction Fuzzy Hash: BF6138B3E1213547F3A44E65C858362A652AB94320F3F42798E5C7B7C5EA7F6D0993C0

Function 00A5A364 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d61eaddbdd83671833d056d76b0e315d11ba24b6c5f32269a91ba1bdf9be2a00
Instruction ID: c949190966d9bde127b1804d40144f1c2452e0cdbf88c8c1b9947704fc08991a
Opcode Fuzzy Hash: d61eaddbdd83671833d056d76b0e315d11ba24b6c5f32269a91ba1bdf9be2a00
Instruction Fuzzy Hash: 6F6168B7F102204BF7548D28CC983567693DB99311F2F82788F58AB7CAD97E5C0A9384

Function 009EF016 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8808bf63aa1e78c6f26e89e495b233d2d83047800943bd5927398bb63cbf02c6
Instruction ID: 7ccdacf295aaf9723b1be4bfadc6711f1f834b24eb4173b9d207ebeded9732b7
Opcode Fuzzy Hash: 8808bf63aa1e78c6f26e89e495b233d2d83047800943bd5927398bb63cbf02c6
Instruction Fuzzy Hash: 26618FB3F1122547F3544979CD983A2B2839BD5321F2F82788B586BBC5D97E9C065284

Function 00AD92B8 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab01719145d2826fa691d9f62cde2f725d24c63b2d86575a291c78ca6ffb0212
Instruction ID: 94e511f73c066673118649413e18b24a0cb8862ebdc362be4858af1b550e258b
Opcode Fuzzy Hash: ab01719145d2826fa691d9f62cde2f725d24c63b2d86575a291c78ca6ffb0212
Instruction Fuzzy Hash: F76189F3F1162547F3944938CC983A6A283DBE1325F2F82B88E586B7C6D97E5D095384

Function 00A503F3 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b274d64c4fa57397863099dd93fe1806dab41da69508e38ff21e22f3d92fbca4
Instruction ID: 09facb03036b7ca59e9c6beddeda3056e637502861c13cdc5cf613158bcd3a53
Opcode Fuzzy Hash: b274d64c4fa57397863099dd93fe1806dab41da69508e38ff21e22f3d92fbca4
Instruction Fuzzy Hash: 80618AB3F202214BF3584938CD593A665839BD5324F2F42788F5CAB7CAD97E9D0A4384

Function 009CC3C8 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19ac8652589e67ff775017ceedcd3c90f56e37ef974d4b6293bb82f7d3209de
Instruction ID: 4d1f2d825c1c99227811d51b397de29938c4f8f54b43e1903a0f8f41c7520a88
Opcode Fuzzy Hash: b19ac8652589e67ff775017ceedcd3c90f56e37ef974d4b6293bb82f7d3209de
Instruction Fuzzy Hash: 89617CB3E1122547F3588D39CC5836276839BD5320F2F827C8EA86B7D9ED7E5D0A5284

Function 009A916F Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 137e27f2d8594dd448ef614196dc170c69e318507f2c704986d30ceaa69bbdb4
Instruction ID: 443da50c12511e7978260c36226999ec9217c4f14a74f4248f15a4881183d2c8
Opcode Fuzzy Hash: 137e27f2d8594dd448ef614196dc170c69e318507f2c704986d30ceaa69bbdb4
Instruction Fuzzy Hash: 6261B0B3F502244BF3944D69DC983A27292DB95320F2F817C8E596B3C5D9BF5D09A384

Function 00A750AF Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c589f8c8c9be68280e275464b7f228375c1addfef8db5ad9d1c6653ea277e865
Instruction ID: 3da1f07e43bc8010d594616e75a3cf19fcb51bc57770b80e0aec43d418d4ee42
Opcode Fuzzy Hash: c589f8c8c9be68280e275464b7f228375c1addfef8db5ad9d1c6653ea277e865
Instruction Fuzzy Hash: 5C6157B7F116244BF3544E29CC883A276539BD5325F2F82B88E4C2B7C6D97E5D0A9384

Function 00ADC6B1 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6cc28b3d7bf3cc60dc678a1222f1a6ee5457727ad66965e5e2f530b408c2090
Instruction ID: b9043f52f7e3476f3ac8313eb744aa9a81cc318ec3ee168ecad543f1de5322f3
Opcode Fuzzy Hash: a6cc28b3d7bf3cc60dc678a1222f1a6ee5457727ad66965e5e2f530b408c2090
Instruction Fuzzy Hash: EB619FF7E1122547F3944924DC983667293EBA0320F2F82788F496B7C6E97E5D0A93C4

Function 009DA008 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 299fd8353be799c51b042de8611884d30bd51cbe979ea86af92ede35e025a94f
Instruction ID: 3da97db3e367573ebbd770dcd1077d38a85dea5de214b18aa1a4b34d985224a1
Opcode Fuzzy Hash: 299fd8353be799c51b042de8611884d30bd51cbe979ea86af92ede35e025a94f
Instruction Fuzzy Hash: 30518BF3F122254BF3444E29CC583A27293DBD5311F2F81788A485B7C5E93EAE0A9384

Function 00A3C0A7 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b773c31705a50ef768aa6d333091aa11649e5a6a54eafcf5f318c970ac1d3bb4
Instruction ID: fcaf28c7898ce10d8cb5b1bc66df78db04351edf34ed98193cc45c40f0e1a49e
Opcode Fuzzy Hash: b773c31705a50ef768aa6d333091aa11649e5a6a54eafcf5f318c970ac1d3bb4
Instruction Fuzzy Hash: 1351A0F3F112254BF3444D28DC943627392DB95321F2F82788E596B7C9E97E6C4A9384

Function 00AD0062 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11bdd41ca687bdd27b59cedc1d6286f6ee8793bc58c069b3935ea71664a44981
Instruction ID: d82e279b6177755e31d6ebe7f9aad6ee535c42e4df5d7eaeebdd0a1df6bf0114
Opcode Fuzzy Hash: 11bdd41ca687bdd27b59cedc1d6286f6ee8793bc58c069b3935ea71664a44981
Instruction Fuzzy Hash: FD519DB3F1122147F3544D28CC683A27683DBA5324F2F42BC8E59AB7D6D87E5D099384

Function 009AF191 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c84fd0d5fe15ff78868d388422e3ddccabf6da10b7c22a338e54b01d36af8e13
Instruction ID: d21eed56e549577f6d0f72b60c31ca46672deb6cc8341c52a9617d4c9bcf11e8
Opcode Fuzzy Hash: c84fd0d5fe15ff78868d388422e3ddccabf6da10b7c22a338e54b01d36af8e13
Instruction Fuzzy Hash: FA51BFB3F116254BF3448979CC543A27283DBD5310F2F82789E48AB3D6E97E9D0A9384

Function 009BF0A6 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 272acae2585c19f24702f433d709200ffe6acc6a36b8fe9edbe920c2f664d0a3
Instruction ID: 2cd7a6d5f738bd23f82c1a2ff77313c5535698ba06d7b481688afeca6c5a6eee
Opcode Fuzzy Hash: 272acae2585c19f24702f433d709200ffe6acc6a36b8fe9edbe920c2f664d0a3
Instruction Fuzzy Hash: D85180B7E102214BF3648D34CC983627292AB95320F2F427C8E9C6B7C5E97F1D4A9384

Function 00AD6311 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d33debaf1ada186bc35985c2e7915ca856a09ca0378b6d8625e5b4aee34d1cb
Instruction ID: 2911e20cf8699acf770745d09fe973d63d951a341043f630e4a4fea75a57be4a
Opcode Fuzzy Hash: 1d33debaf1ada186bc35985c2e7915ca856a09ca0378b6d8625e5b4aee34d1cb
Instruction Fuzzy Hash: 2D5148B3F112250BF3944939CD983667683D7D5320F2F82788E586BBCAD97E5E0A5384

Function 00AD6069 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b55bfa2692415d7366e0331f7a9f82a7ecc55a33a65d03dc4bb10a3beafc8172
Instruction ID: 74d67f3f7ffb3c62e15c2702c9ed7a7c7228d2159a6dc77f15913862081de05c
Opcode Fuzzy Hash: b55bfa2692415d7366e0331f7a9f82a7ecc55a33a65d03dc4bb10a3beafc8172
Instruction Fuzzy Hash: 255160B3F1022547F7544D39CD983627652DB95310F2F82B88E892BBC9DD3E5D4A9384

Function 00A9E37E Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bd8a81989890463b2391726cfb9f8fdeab482b02cb75c485305616b7e2ad9d2
Instruction ID: 0fbc963bcef10be72f5e782882ed32271c3bfed4927a5dd5fc56fd7122f75e64
Opcode Fuzzy Hash: 4bd8a81989890463b2391726cfb9f8fdeab482b02cb75c485305616b7e2ad9d2
Instruction Fuzzy Hash: 15517CF3E102254BF3548939CD583A27683DBD5304F2F82788E896BBCAD97E5D095384

Function 009C65A9 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fefc78611373b45eeb639d941810285fd5503a08a7c0751acb15ee0570d5c07
Instruction ID: 7c41778753d16f67d8a5b249f018ec3c83d2cf41bbd67b63dd44faa28e8d2c3d
Opcode Fuzzy Hash: 3fefc78611373b45eeb639d941810285fd5503a08a7c0751acb15ee0570d5c07
Instruction Fuzzy Hash: E35183B3F1012987F3544D29DC583A27292DB95320F2F427D9E89AB3C5E93FAD099385

Function 00A8453E Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf0b9c149163bb0ccb109d3f36e73225883fab603f252c95ea161e1e39f63f7
Instruction ID: ca0e4f71b0b577d7e0555e08b88b8985e7b758d126debde32a8c799a53335fa0
Opcode Fuzzy Hash: 4bf0b9c149163bb0ccb109d3f36e73225883fab603f252c95ea161e1e39f63f7
Instruction Fuzzy Hash: A0516AB3F1122587F3444E29CC98366B643DBD5320F2F82789E186B7C5DA7E5D199384

Function 00A76426 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638249a5959a5e7a38adc1ab15f77442b818eef6d38f266b09c43ebc87109096
Instruction ID: de2bfe45cc0f430a9538f440555782730343693324da28c629257d73cff4c020
Opcode Fuzzy Hash: 638249a5959a5e7a38adc1ab15f77442b818eef6d38f266b09c43ebc87109096
Instruction Fuzzy Hash: D95146B3F1122547F3884979CC583626283EBD5314F2B82788B586BBC9DD7E5C4A5384

Function 009E42AA Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867309a5cbe66a3e1477a5dc7cc926686e01683b890a788685c0ee19f88b66b5
Instruction ID: 5121a54d5a4c35692f2d29a1e09afdbb2a7f468e144c2d4b17269f32ee4dcd60
Opcode Fuzzy Hash: 867309a5cbe66a3e1477a5dc7cc926686e01683b890a788685c0ee19f88b66b5
Instruction Fuzzy Hash: 2D519AB3F2122547F3404D28DD983A27293D795315F2F41788E88AB7C6E97F6D0A9384

Function 00A5C0DE Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2ee83d536a4e80596d91d997a2fcded4f3641b363886c926d19f516e659a81
Instruction ID: 9919e639195d362c5c9209fbe180980ac7fd806fd1e494968b5b6bd60d14f188
Opcode Fuzzy Hash: 4a2ee83d536a4e80596d91d997a2fcded4f3641b363886c926d19f516e659a81
Instruction Fuzzy Hash: 31419BF7E1022107F3584938CD593627682EB90320F2F82398F996B7D5ED3E9D0A5284

Function 00A14051 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b16a262f2fe1d7d1d538461db2de7b2be08bf2c2a052cc86455d905f29f17e0d
Instruction ID: 71ffb03e7d92fe61948ff907aba77d4a45d31e084b9a39ebcc99d4b4fb94cef9
Opcode Fuzzy Hash: b16a262f2fe1d7d1d538461db2de7b2be08bf2c2a052cc86455d905f29f17e0d
Instruction Fuzzy Hash: 134170B3F1152547F3544D29DC983A17682DB95320F2F82BC9E48AB7C9CD7E6D099384

Function 00AD2135 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bff8d6ddbfe23e564a2302d33fc13a99898d62ca21c56d2c2dc09a675b88b1c
Instruction ID: 7a76a9b1fa3c3b9870cf414b07cc84287c906e3f8b2e9ed2ab4a94d565263ceb
Opcode Fuzzy Hash: 3bff8d6ddbfe23e564a2302d33fc13a99898d62ca21c56d2c2dc09a675b88b1c
Instruction Fuzzy Hash: F641AEF3F6152547F3544978CC593A16282EB91314F1F82BC8E49AB7C5D97EAD09A3C0

Function 00A164C1 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a7a355156e7eac4b3663ed3a54b092356a934838472a9fb991fdedd590b6f3b
Instruction ID: a7c7168fd177795b35e63a703553f54daa6fed0da48044b7ee5c22f93bab44ce
Opcode Fuzzy Hash: 5a7a355156e7eac4b3663ed3a54b092356a934838472a9fb991fdedd590b6f3b
Instruction Fuzzy Hash: 7C4148B3F5022147F7884979CD693726682DBD5314F2F817D8A0A9B3C5DC7E9D0A5384

Function 00A2C3EF Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9675116817ec631e5b2a2ba01e64970f347687740537e857ca298db4e1c9ea0d
Instruction ID: b5678d816dbdfadafc31cc58a36043e85be0ef90de2a97aea298ab2ddc2b83f5
Opcode Fuzzy Hash: 9675116817ec631e5b2a2ba01e64970f347687740537e857ca298db4e1c9ea0d
Instruction Fuzzy Hash: DA414AF3F0163047F3554939DC98362669297A5325F2F82748F1CAB7C9E87E5D4A42C4

Function 00A3239C Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02e7e6b29eb1d090fd39021535fa40eefc2645fd032b1f4a212c359801bdb96
Instruction ID: d27ea112a72645b5ae1fb5f6b6ad574a33502fba3fd4c4dc93a572743f449995
Opcode Fuzzy Hash: f02e7e6b29eb1d090fd39021535fa40eefc2645fd032b1f4a212c359801bdb96
Instruction Fuzzy Hash: C3417CF3F516264BF3404975CC943A6628397D6324F2F82788A5C6B7C6E87E9D0A5384

Function 00AC7014 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567e1359d4305bd2cf645c2760aecd2483436b88b2ee53bbe20e4fc8e03020a9
Instruction ID: ee992d3871fd31f7fe7b2533fc2a1d59185410cbb90789dc5c1c4e5de6ee53ef
Opcode Fuzzy Hash: 567e1359d4305bd2cf645c2760aecd2483436b88b2ee53bbe20e4fc8e03020a9
Instruction Fuzzy Hash: 21415DB3F525224BF3904978CC483A266539BD5325F3F82B8CA586B7C5D97E5D0A5380

Function 0098C47B Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ccd00a1e0fc94bc1ac2fbb02831231a086435440ef52f7674f4dc88246d7590
Instruction ID: 6802916eb947dab2af98af7dc03ae4e292ebe3e245047df98b1203c6bb0c452a
Opcode Fuzzy Hash: 2ccd00a1e0fc94bc1ac2fbb02831231a086435440ef52f7674f4dc88246d7590
Instruction Fuzzy Hash: 0E414AB3F116114BF3488D39CC5836276439BD9321F2F827C8A586B7CADD7E5D0A9688

Function 009C2546 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e71233d8a7e8b217236190a4b388995ff7386313f4e269ce45d45e5fa0defd
Instruction ID: 15eedf40ff67955c25ff5547efdea5b814f8e6182807677b554af8f484f85fa8
Opcode Fuzzy Hash: d2e71233d8a7e8b217236190a4b388995ff7386313f4e269ce45d45e5fa0defd
Instruction Fuzzy Hash: 633112F3F1152547F3844829CD593A2618397E4324F2F81799B4DAB7CAECBE9C0A5284

Function 009E300F Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14706ce7a5ce8906cfc6dd7f211c15f30c8c985cc65f306a7b737bd92748f07c
Instruction ID: 5e3fb140f6292c6da6054faf4e2a4b2e8ae1d9540626cbd3ec1fedec8b0ce3e8
Opcode Fuzzy Hash: 14706ce7a5ce8906cfc6dd7f211c15f30c8c985cc65f306a7b737bd92748f07c
Instruction Fuzzy Hash: A7314CB3F6153047F3588839CD483526693A7D5321F2F82798E58ABBC9DC7E9D0A42C0

Function 00AA22F7 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6199f52d56919acc5d7a4c2164f0372ad29f0de87ea877d9419e975c9cf374b
Instruction ID: 13434a24458ab0a85d0861deac1bbf01230754bac0603a63a6bc0f133391371a
Opcode Fuzzy Hash: d6199f52d56919acc5d7a4c2164f0372ad29f0de87ea877d9419e975c9cf374b
Instruction Fuzzy Hash: D9315CB7F1162007F7A84839DDA93A2508397D0324F2F82399F6A5B7C6DC7E4D0A5384

Function 009F62E3 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d19561ba0c056c01dc2854dcd681d9efa23e1ec464ad7ebd6c1a4182e1eecfe
Instruction ID: 225e094ae155085f64f96ce231d53a2f972d373e85e0911a55cecf07cc5475f1
Opcode Fuzzy Hash: 9d19561ba0c056c01dc2854dcd681d9efa23e1ec464ad7ebd6c1a4182e1eecfe
Instruction Fuzzy Hash: DA3130B3F106244BF3588879DD983526683D7D5320F3F82788E696BBCADC7E5C0A4284

Function 00AB03DC Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae24068a9aeeedda4111b0b1a0396df8cab98465fadf5fa8f3b6b8048cd696d
Instruction ID: a3b072a1dc52fa0600ed4d0a20210ccb2e648f64df771557a0d480a024668bdc
Opcode Fuzzy Hash: 9ae24068a9aeeedda4111b0b1a0396df8cab98465fadf5fa8f3b6b8048cd696d
Instruction Fuzzy Hash: F33128F3F2212547F7544839CD58392258397E1324F2F86789A58AB7CAEC7E9D0A5384

Function 009C8586 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2736e79083ad1375088ac2205fb2bcc73b03c53fd7bb108e03630141240afbed
Instruction ID: 1f6f13e5bd40ed1c9547b37ba4a95270cd035658018fb68bde0699c10bd26112
Opcode Fuzzy Hash: 2736e79083ad1375088ac2205fb2bcc73b03c53fd7bb108e03630141240afbed
Instruction Fuzzy Hash: DA3169F7F116214BF39448B8DD9835265838B95324F2F82789F0CABBC5D87E5D0A5388

Function 00A9B123 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a216bfcffa6d462791cc8a93e67ee6cd203c439c59345afcec95551d943b9a75
Instruction ID: f74c24635b6b170cf9d3c4f1bc7aa702f8c5312a2d61ddc7f13accbdb2896f0b
Opcode Fuzzy Hash: a216bfcffa6d462791cc8a93e67ee6cd203c439c59345afcec95551d943b9a75
Instruction Fuzzy Hash: 673128F7E1163107F3A449A8D99836695859BA5320F2F83B98E6D3B7C6DC6E0D0943C0

Function 009C05BD Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f9d2816a202447ed47441b7e949a3c8b2e0fee124e36b94c97a507ba99ec2ea
Instruction ID: 3bdc60d9869efea39ec6576ec522d05be55461632c3e19a98aba2c08f25cdc05
Opcode Fuzzy Hash: 1f9d2816a202447ed47441b7e949a3c8b2e0fee124e36b94c97a507ba99ec2ea
Instruction Fuzzy Hash: 63311DB3F602254BF7544839DD8C39265829795320F2F43788E2CABBCADD7F9D0A5285

Function 00A18591 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d0a87490f12f918afff205824b7105e789a4a24ce4a6bf11120f9c8467e1dd
Instruction ID: 015f8df5ff9527b9a3b58fe83845d78a93137129709779c5d12a61c8b8e1b0b7
Opcode Fuzzy Hash: 51d0a87490f12f918afff205824b7105e789a4a24ce4a6bf11120f9c8467e1dd
Instruction Fuzzy Hash: 36318EB3F1022147F3548969CC94362B282DB95311F1F8278CE086B7C5E97E5D4993C4

Function 00AD3042 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a66e4b3837c9c0b2d928f61556a04a0670f2d1507b1057fc4aacc9a62874a35
Instruction ID: bd76d98f057e76ba3824c0f583a6813608a30c52f9eff77f78dff32f657a9741
Opcode Fuzzy Hash: 2a66e4b3837c9c0b2d928f61556a04a0670f2d1507b1057fc4aacc9a62874a35
Instruction Fuzzy Hash: 822168E3F1212047F7884838CE69366254387E5311F2F82398B1E6BAC9DC7E4D0A5384

Function 00ADC55D Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bacc3144fdecdb496507c87116e9587b9c00db51b92433b40ebbcc3c9f2a7bad
Instruction ID: 104167f8dcf3af42ef83b0f4c9cf5995ef5dd1151bf6be32b94fc4dc546dec53
Opcode Fuzzy Hash: bacc3144fdecdb496507c87116e9587b9c00db51b92433b40ebbcc3c9f2a7bad
Instruction Fuzzy Hash: 852118B7F4212547F3544839CD5936269839BD5320F2BC7389A6C9BBC9DCBE894A4280

Function 00A830E2 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf4300b8654438d017ef3949f5f891867127d0352c714d0af7f3088563309122
Instruction ID: 007fe858972ed535d6118db7609defe7cb72bbee78ac20c1f9cd12be03d9a3fb
Opcode Fuzzy Hash: cf4300b8654438d017ef3949f5f891867127d0352c714d0af7f3088563309122
Instruction Fuzzy Hash: 4721BFB7F126214BF3945826CC5835262439BE1721F2F82748A2C2BBD9DC7E4D4A8384

Function 00A37106 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b7a772c4e9caf99bafb9d77980d4bd853faa5aa54d26ab023b9b7b05f36dda
Instruction ID: cb37a3074781d42a02ad609c6caae36ca251d1b28bf58dc0853ceb6ab02d170d
Opcode Fuzzy Hash: 30b7a772c4e9caf99bafb9d77980d4bd853faa5aa54d26ab023b9b7b05f36dda
Instruction Fuzzy Hash: 50215BF7F506264BF7888878DDA83726542DBD5300F2B823D8B0A5B7CADC7E5D095284

Function 009EA4F6 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bd10bbf0b67cb405ddc38ce4488b3f880973f4b16b3567e531d746cb108385a
Instruction ID: 3eaf44c5b454219e058defc34c8d18e67c8076f2668115c6e1a308e554e5a9fe
Opcode Fuzzy Hash: 4bd10bbf0b67cb405ddc38ce4488b3f880973f4b16b3567e531d746cb108385a
Instruction Fuzzy Hash: EE2160F7F9162247F35808B4DD953A26682DBA4310F2F82798F09AB7C5ECBE5C4942C4

Function 00AD1085 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ab60bbf74bc8b05316549ef52b3115a5e0190ef3702f1b7d9e277a37c9ee834
Instruction ID: b7fb223d3fd06e149aa5b5007068d258c345e199e965e1ebb85a85d9249ba08b
Opcode Fuzzy Hash: 2ab60bbf74bc8b05316549ef52b3115a5e0190ef3702f1b7d9e277a37c9ee834
Instruction Fuzzy Hash: 30213BF7F1162107F388487ADC54352518797D5324F2F82748F686B7C6D87E5D4A0288

Function 00A6B0F2 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d370d791c1c37c6f6ee9257d573e4d63f894f0759a811cbecdc15b97061b3b
Instruction ID: a72576095957a04be2598a8a1caa569714eb0d859d6379e8eed70f63e083136a
Opcode Fuzzy Hash: c6d370d791c1c37c6f6ee9257d573e4d63f894f0759a811cbecdc15b97061b3b
Instruction Fuzzy Hash: 2F2124F3F156254BF3544839CD58362668397D6324F2F83748B6CABBCADC7E880A5284

Function 00ADF083 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e40a6f5273c5362ced17763e91e602b2db012b34c12c3181c530aac82e2450
Instruction ID: b6804751c634d90ae7a3c0d5510cb58f9ffb2fe89db4fff73b5e4efcd0680998
Opcode Fuzzy Hash: 29e40a6f5273c5362ced17763e91e602b2db012b34c12c3181c530aac82e2450
Instruction Fuzzy Hash: 92216AB7F1262447F3984839DD1936266439BE0321F2F82B98B8D2B7C9DC7E5C0A5384

Function 009D71A2 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b712f4d9353a282a214d8fd2ced6d499df5bb2d97e2848a966ac2195826b14c7
Instruction ID: 1af80a2d750f88a6aef0d66cbed992db2e509cf486d8d8572b08cc5420c36dbe
Opcode Fuzzy Hash: b712f4d9353a282a214d8fd2ced6d499df5bb2d97e2848a966ac2195826b14c7
Instruction Fuzzy Hash: 302167F7F516220BF7984839CD593626583DBA1311F2FC2798B199BBCADC7D88095284

Function 00A33140 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8573a5bf3ca46a2bee5e6ca9501c01d0632d2c85bec88b75cf56d00a8e3f1698
Instruction ID: 79a6562c6d676fb313929995eb7cb9a157f543b12af0e9a19ab8347280f208ca
Opcode Fuzzy Hash: 8573a5bf3ca46a2bee5e6ca9501c01d0632d2c85bec88b75cf56d00a8e3f1698
Instruction Fuzzy Hash: 44216DB3F512250BF36888A5CC953726183CBD5320F2F82799F599BBC5DC7D8D0A6284

Function 00AC5153 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c147ce598aae840777a440eea365d8db0b85445d2a4716aba95df6a1a9b44112
Instruction ID: 547d81c31dfbf0e574a77a4781de89ee0f5520cf89e996ff98d4408722d0aedb
Opcode Fuzzy Hash: c147ce598aae840777a440eea365d8db0b85445d2a4716aba95df6a1a9b44112
Instruction Fuzzy Hash: 3C2151B3F6152043F394883ACD4935265838BD4324F3FC3359AB8A7BD9EC7D59064284

Function 0098E10B Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1867267355.000000000098A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true

Associated: 00000000.00000002.1867233304.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C11000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867267355.0000000000C20000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867452511.0000000000C21000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867603881.0000000000DBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1867616093.0000000000DBC000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_980000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c6c872c317774f77778f4c3fc5fe22c59f6503c0524d4b40273a16423a9bbd
Instruction ID: ade216f68800b532014c1dead7b8e042b5bb514e602571f12ffe835cdf28d165
Opcode Fuzzy Hash: d6c6c872c317774f77778f4c3fc5fe22c59f6503c0524d4b40273a16423a9bbd
Instruction Fuzzy Hash: 8801B1B644C31E9FAB06DF55C6100EF7BA5EE9B330B300017EC0187B02E2B21D25AB58

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: file.exePID: 7348, Parent PID: 2580

General

Chronological Activities

Disassembly

Analysis Process: file.exePID: 7348, Parent PID: 2580COMMON

Execution Graph

Graph

Windows Analysis Report
file.exe

Function 00B5BF23 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Function 00B55DA1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Function 00B562A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Function 00B58C01 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Function 00B54C81 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Function 00B56390 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Function 00B5C94F Relevance: 3.1, APIs: 2, Instructions: 112
COMMON

Function 00B58E1D Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Function 00B58789 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Function 00B546CE Relevance: 3.0, APIs: 2, Instructions: 33
sleepthreadCOMMON

Function 00B56E08 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Function 00B56624 Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Function 00B5C69C Relevance: 1.6, APIs: 1, Instructions: 65
COMMON