Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1533002
MD5:	8e7b1277f59e4026ab6f51465fac3a86
SHA1:	f5b35e55ce77e8d3272a8643084927e5fbdf6d7f
SHA256:	2b827e1a195301d413885981ca553b38570d8d79488a2f57b573580dc7420496
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7324 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8E7B1277F59E4026AB6F51465FAC3A86)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D96373 CryptVerifySignatureA,

0_2_00D96373

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1829564623.0000000004950000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE0BD	0_2_00BEE0BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE0B4	0_2_00BFE0B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA0A8	0_2_00BCA0A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF20A3	0_2_00BF20A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E0ED	0_2_00C8E0ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C0FE	0_2_00C2C0FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087	0_2_00CD8087
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480A5	0_2_00C480A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD20BB	0_2_00CD20BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D	0_2_00C6E04D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD602C	0_2_00BD602C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDC05A	0_2_00CDC05A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA052	0_2_00CAA052
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA055	0_2_00CCA055
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4019	0_2_00BD4019
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E	0_2_00C7606E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10073	0_2_00C10073
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54006	0_2_00C54006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4012	0_2_00CB4012
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1C024	0_2_00D1C024
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A039	0_2_00C1A039
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2403D	0_2_00C2403D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C601C2	0_2_00C601C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF61B5	0_2_00BF61B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C421C8	0_2_00C421C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE1E5	0_2_00CDE1E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3A1E8	0_2_00C3A1E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2E1F0	0_2_00C2E1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D181E7	0_2_00D181E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C841F2	0_2_00C841F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEC1F4	0_2_00CEC1F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE41F1	0_2_00CE41F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE1F2	0_2_00BCE1F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9C187	0_2_00C9C187
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA194	0_2_00CCA194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C281AE	0_2_00C281AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF41BB	0_2_00CF41BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF61B1	0_2_00CF61B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5C141	0_2_00C5C141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2120	0_2_00BD2120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12173	0_2_00D12173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE10D	0_2_00BDE10D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0816F	0_2_00D0816F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D16117	0_2_00D16117
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4104	0_2_00CC4104
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3A111	0_2_00C3A111
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCE112	0_2_00CCE112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBC129	0_2_00CBC129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04128	0_2_00C04128
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46132	0_2_00C46132
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB0130	0_2_00CB0130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E2DB	0_2_00C3E2DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D222CC	0_2_00D222CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C302E1	0_2_00C302E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCC2E1	0_2_00CCC2E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8288	0_2_00BF8288
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E2F9	0_2_00C1E2F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF42F6	0_2_00CF42F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C862F5	0_2_00C862F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC281	0_2_00BFC281
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE02FA	0_2_00BE02FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A296	0_2_00D0A296
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDA2FA	0_2_00BDA2FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAE28D	0_2_00CAE28D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC2E7	0_2_00BDC2E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6A2A7	0_2_00C6A2A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0A25D	0_2_00C0A25D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E25A	0_2_00C5E25A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D36263	0_2_00D36263
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C274	0_2_00C4C274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0276	0_2_00CC0276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE621B	0_2_00CE621B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80217	0_2_00C80217
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A235	0_2_00C4A235
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD623F	0_2_00CD623F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C238	0_2_00C0C238
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0623D	0_2_00C0623D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE83B5	0_2_00BE83B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB43C4	0_2_00CB43C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C263E2	0_2_00C263E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE63EC	0_2_00CE63EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE639A	0_2_00BE639A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC390	0_2_00BCC390
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C623FC	0_2_00C623FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C3FB	0_2_00C6C3FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C3FC	0_2_00C2C3FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9638A	0_2_00C9638A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D18396	0_2_00D18396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC63F7	0_2_00BC63F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3438C	0_2_00C3438C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE239C	0_2_00CE239C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94396	0_2_00C94396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB83A8	0_2_00CB83A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D063BD	0_2_00D063BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E3BD	0_2_00C7E3BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C42345	0_2_00C42345
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02345	0_2_00C02345
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB234E	0_2_00CB234E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0235A	0_2_00D0235A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE835C	0_2_00CE835C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C35E	0_2_00C1C35E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0436D	0_2_00D0436D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A377	0_2_00C8A377
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12307	0_2_00C12307
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4376	0_2_00BD4376
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4031A	0_2_00C4031A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12332	0_2_00D12332
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24325	0_2_00C24325
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6633F	0_2_00C6633F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE340	0_2_00BFE340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE4AC	0_2_00BDE4AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C604D3	0_2_00C604D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD44A3	0_2_00BD44A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB04EE	0_2_00CB04EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAC4FE	0_2_00CAC4FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC84FA	0_2_00CC84FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D084EF	0_2_00D084EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDA492	0_2_00CDA492
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA64AA	0_2_00CA64AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C244AF	0_2_00C244AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC44B2	0_2_00CC44B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8844A	0_2_00C8844A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52441	0_2_00C52441
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50455	0_2_00C50455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C45D	0_2_00C8C45D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D00447	0_2_00D00447
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA41F	0_2_00BFA41F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1046A	0_2_00D1046A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC847C	0_2_00BC847C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C403	0_2_00C7C403
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA8406	0_2_00CA8406
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0400	0_2_00CC0400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC471	0_2_00BEC471
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2461	0_2_00BF2461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0841F	0_2_00C0841F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEA42B	0_2_00CEA42B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD645A	0_2_00BD645A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEE43F	0_2_00CEE43F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0E42B	0_2_00D0E42B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD45CD	0_2_00CD45CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9A5CD	0_2_00C9A5CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE45DD	0_2_00CE45DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1C5C7	0_2_00D1C5C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A5E7	0_2_00C4A5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D005F5	0_2_00D005F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8586	0_2_00BD8586
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C325FE	0_2_00C325FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA5F3	0_2_00CCA5F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E59A	0_2_00C3E59A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92597	0_2_00C92597
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2254A	0_2_00C2254A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0522	0_2_00BF0522
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEA514	0_2_00BEA514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8560	0_2_00CF8560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46574	0_2_00C46574
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C50F	0_2_00C0C50F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE56F	0_2_00BFE56F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10511	0_2_00C10511
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8252E	0_2_00C8252E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1453E	0_2_00D1453E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF06BD	0_2_00BF06BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF86B6	0_2_00BF86B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA46C5	0_2_00CA46C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C6D2	0_2_00C4C6D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E6D6	0_2_00C1E6D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDC6D2	0_2_00CDC6D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C566EE	0_2_00C566EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C386EE	0_2_00C386EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C6ED	0_2_00C3C6ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D146FE	0_2_00D146FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD06FF	0_2_00CD06FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6A6FF	0_2_00C6A6FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC686	0_2_00BDC686
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9C689	0_2_00C9C689
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12685	0_2_00C12685
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00689	0_2_00C00689
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A694	0_2_00C5A694
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C26690	0_2_00C26690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10698	0_2_00C10698
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A6BD	0_2_00D0A6BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE6BE	0_2_00CDE6BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C746B9	0_2_00C746B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C68645	0_2_00C68645
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C644	0_2_00C0C644
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0C655	0_2_00D0C655
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72650	0_2_00C72650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7065E	0_2_00C7065E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A659	0_2_00C2A659
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9867B	0_2_00C9867B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A608	0_2_00C8A608
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD662D	0_2_00CD662D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF665E	0_2_00BF665E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE644	0_2_00BDE644
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E63D	0_2_00C0E63D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C267C2	0_2_00C267C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE87CE	0_2_00CE87CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C907D9	0_2_00C907D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC07ED	0_2_00CC07ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD679B	0_2_00BD679B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA87FB	0_2_00CA87FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFC788	0_2_00CFC788
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86784	0_2_00C86784
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF479A	0_2_00CF479A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66799	0_2_00C66799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4E7A0	0_2_00C4E7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C7A1	0_2_00C7C7A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C7AB	0_2_00C2C7AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A7B2	0_2_00C1A7B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D187AA	0_2_00D187AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3475B	0_2_00D3475B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E74B	0_2_00C5E74B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB2745	0_2_00CB2745
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24753	0_2_00C24753
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2755	0_2_00CC2755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6275D	0_2_00C6275D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2764	0_2_00CF2764
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8762	0_2_00CF8762
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCC772	0_2_00CCC772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D02719	0_2_00D02719
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE475B	0_2_00BE475B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE0752	0_2_00BE0752
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0473E	0_2_00D0473E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBE738	0_2_00CBE738
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF28BF	0_2_00BF28BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A8C1	0_2_00C4A8C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB68FB	0_2_00CB68FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C448FF	0_2_00C448FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEA88A	0_2_00CEA88A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2888B	0_2_00C2888B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C8A6	0_2_00C6C8A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD08A1	0_2_00CD08A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC88C9	0_2_00BC88C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD88B4	0_2_00CD88B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0E851	0_2_00D0E851
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6284F	0_2_00C6284F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE6822	0_2_00BE6822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEE868	0_2_00CEE868
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D20866	0_2_00D20866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE809	0_2_00BFE809
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF0876	0_2_00CF0876
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA080C	0_2_00CA080C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36811	0_2_00C36811
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8481E	0_2_00C8481E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A80D	0_2_00D2A80D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12822	0_2_00C12822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE8850	0_2_00BE8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAE825	0_2_00CAE825
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C189C1	0_2_00C189C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C409C6	0_2_00C409C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C569D5	0_2_00C569D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C989D3	0_2_00C989D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C469F4	0_2_00C469F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD29FE	0_2_00CD29FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C909FC	0_2_00C909FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA9F3	0_2_00CAA9F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD49F3	0_2_00CD49F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC898D	0_2_00CC898D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8098C	0_2_00C8098C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE498B	0_2_00CE498B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF299A	0_2_00CF299A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C991	0_2_00C8C991
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFA994	0_2_00CFA994
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC9DC	0_2_00BDC9DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD49DF	0_2_00BD49DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E9BC	0_2_00C0E9BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E94C	0_2_00C5E94C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C06953	0_2_00C06953
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50952	0_2_00C50952
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD091C	0_2_00BD091C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C14963	0_2_00C14963
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6915	0_2_00BC6915
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9490C	0_2_00C9490C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D06916	0_2_00D06916
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6970	0_2_00BD6970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA6910	0_2_00CA6910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C32918	0_2_00C32918
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E929	0_2_00C8E929
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52926	0_2_00C52926
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AAC8	0_2_00C8AAC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1CAD7	0_2_00D1CAD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7CACF	0_2_00C7CACF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CADD	0_2_00C0CADD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDEAE4	0_2_00CDEAE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92AE4	0_2_00C92AE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04AEE	0_2_00C04AEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2A8E	0_2_00BD2A8E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2A8D	0_2_00CC2A8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0AA88	0_2_00C0AA88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE0AF3	0_2_00BE0AF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3CA95	0_2_00C3CA95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEEA90	0_2_00CEEA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6AAAE	0_2_00C6AAAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10ABC	0_2_00C10ABC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24A42	0_2_00C24A42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9AA43	0_2_00C9AA43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6EA57	0_2_00C6EA57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4EA5B	0_2_00C4EA5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCEA1A	0_2_00BCEA1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEAA79	0_2_00CEAA79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE2A71	0_2_00CE2A71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48A07	0_2_00C48A07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C08A07	0_2_00C08A07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C82A02	0_2_00C82A02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD6A01	0_2_00CD6A01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CECA00	0_2_00CECA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C14A10	0_2_00C14A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCAA2E	0_2_00CCAA2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEAA4E	0_2_00BEAA4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4A4E	0_2_00BF4A4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C42A36	0_2_00C42A36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C38A37	0_2_00C38A37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00A3D	0_2_00C00A3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD2BC6	0_2_00CD2BC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D10BC2	0_2_00D10BC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0CBC4	0_2_00D0CBC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70BDF	0_2_00C70BDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD6BD0	0_2_00CD6BD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28BDC	0_2_00C28BDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12BCF	0_2_00D12BCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7EBEB	0_2_00C7EBEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C30BF5	0_2_00C30BF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2BF6	0_2_00CF2BF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D14B93	0_2_00D14B93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CECB84	0_2_00CECB84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5EB97	0_2_00C5EB97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CBAE	0_2_00C1CBAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86BB9	0_2_00C86BB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCABBA	0_2_00CCABBA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA4BB1	0_2_00CA4BB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6ABBA	0_2_00C6ABBA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74B45	0_2_00C74B45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFEB5D	0_2_00CFEB5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4B29	0_2_00BE4B29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFCB58	0_2_00CFCB58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1AB48	0_2_00D1AB48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C96B77	0_2_00C96B77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D02B18	0_2_00D02B18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0B72	0_2_00BF0B72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE0B2E	0_2_00CE0B2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4CB34	0_2_00C4CB34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDACBF	0_2_00BDACBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1ACCA	0_2_00C1ACCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40CDF	0_2_00C40CDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9CCD4	0_2_00C9CCD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD0C98	0_2_00BD0C98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6C91	0_2_00BD6C91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C16CF1	0_2_00C16CF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4CF5	0_2_00CD4CF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D06CEE	0_2_00D06CEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CACC8B	0_2_00CACC8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94C8A	0_2_00C94C8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA8C9D	0_2_00CA8C9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C90C91	0_2_00C90C91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2CDF	0_2_00BF2CDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CCAD	0_2_00C0CCAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D16C58	0_2_00D16C58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFEC2C	0_2_00BFEC2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C26C51	0_2_00C26C51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4C7C	0_2_00CC4C7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C58C7B	0_2_00C58C7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6C03	0_2_00BC6C03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA6C05	0_2_00CA6C05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CC1B	0_2_00C8CC1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1EC0F	0_2_00D1EC0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB2C2B	0_2_00CB2C2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2CC33	0_2_00C2CC33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C88C3B	0_2_00C88C3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D32C25	0_2_00D32C25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C82DCB	0_2_00C82DCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4DBC	0_2_00BF4DBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7EDCC	0_2_00C7EDCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C56DCA	0_2_00C56DCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8DDF	0_2_00CF8DDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0EDC2	0_2_00D0EDC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFCDA9	0_2_00BFCDA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB0DE2	0_2_00DB0DE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D28DE8	0_2_00D28DE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C34DF9	0_2_00C34DF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0ED84	0_2_00C0ED84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF6DF2	0_2_00BF6DF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6ED95	0_2_00C6ED95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCADDE	0_2_00BCADDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD0DAA	0_2_00CD0DAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28DAE	0_2_00C28DAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2DBC	0_2_00CF2DBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFEDC4	0_2_00BFEDC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3ADBE	0_2_00C3ADBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDED3A	0_2_00BDED3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54D4D	0_2_00C54D4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C44D5A	0_2_00C44D5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCED19	0_2_00BCED19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0AD66	0_2_00C0AD66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C78D7F	0_2_00C78D7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36D79	0_2_00C36D79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBED1B	0_2_00CBED1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72D15	0_2_00C72D15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5AD1C	0_2_00C5AD1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C06D1D	0_2_00C06D1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24D1D	0_2_00C24D1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0AD24	0_2_00D0AD24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08EC8	0_2_00D08EC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80EE3	0_2_00C80EE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6E8C	0_2_00BC6E8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB6EF8	0_2_00CB6EF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12EFA	0_2_00C12EFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEAEF5	0_2_00CEAEF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4E8D	0_2_00CD4E8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFAE88	0_2_00CFAE88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9EE83	0_2_00C9EE83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE4E9C	0_2_00CE4E9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2AE9E	0_2_00C2AE9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7AEA0	0_2_00C7AEA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9AEBB	0_2_00C9AEBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D02E52	0_2_00D02E52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BECE39	0_2_00BECE39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7CE54	0_2_00C7CE54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74E67	0_2_00C74E67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB0E0B	0_2_00CB0E0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C18E00	0_2_00C18E00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00E0C	0_2_00C00E0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46E11	0_2_00C46E11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AE13	0_2_00C8AE13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2E59	0_2_00BD2E59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52E37	0_2_00C52E37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEEE32	0_2_00CEEE32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2E31	0_2_00CC2E31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CFC0	0_2_00C8CFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40FCF	0_2_00C40FCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4FA5	0_2_00BD4FA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAAFD2	0_2_00CAAFD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEEFA7	0_2_00BEEFA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5EFDC	0_2_00C5EFDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9CFEB	0_2_00C9CFEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64FE1	0_2_00C64FE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCEFF8	0_2_00CCEFF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D14F96	0_2_00D14F96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CACF81	0_2_00CACF81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86F87	0_2_00C86F87
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8FEA	0_2_00BC8FEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8F97	0_2_00CE8F97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C34FA4	0_2_00C34FA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCCFA3	0_2_00CCCFA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84FBE	0_2_00C84FBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92FB2	0_2_00C92FB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4F46	0_2_00CB4F46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66F50	0_2_00C66F50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8F1E	0_2_00BF8F1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CF6D	0_2_00C1CF6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBAF65	0_2_00CBAF65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C96F1D	0_2_00C96F1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE6F19	0_2_00CE6F19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6F62	0_2_00BD6F62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8F57	0_2_00BD8F57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C98F3B	0_2_00C98F3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4F46	0_2_00BE4F46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C88F33	0_2_00C88F33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEAF43	0_2_00BEAF43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC70C9	0_2_00CC70C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C650D2	0_2_00C650D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C370DC	0_2_00C370DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCD09D	0_2_00BCD09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C510FC	0_2_00C510FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3B08B	0_2_00C3B08B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC909F	0_2_00CC909F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3D0A8	0_2_00C3D0A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE5041	0_2_00CE5041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDD059	0_2_00CDD059
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD01D	0_2_00BDD01D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF506E	0_2_00CF506E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C09065	0_2_00C09065
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC1065	0_2_00CC1065
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA7065	0_2_00CA7065
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2507B	0_2_00C2507B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA9009	0_2_00CA9009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7700A	0_2_00C7700A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C95006	0_2_00C95006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0D00F	0_2_00D0D00F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4D02D	0_2_00C4D02D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBF1CC	0_2_00CBF1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C191CA	0_2_00C191CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD1A6	0_2_00BFD1A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD51D4	0_2_00CD51D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE51A4	0_2_00BE51A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D131CB	0_2_00D131CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDF19E	0_2_00BDF19E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDD1E4	0_2_00CDD1E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C751F7	0_2_00C751F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA51F3	0_2_00CA51F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEB1FF	0_2_00BEB1FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0B197	0_2_00D0B197
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C07188	0_2_00C07188
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0518A	0_2_00C0518A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F19D	0_2_00D0F19D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C23191	0_2_00C23191
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6F195	0_2_00C6F195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4519D	0_2_00C4519D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1118C	0_2_00D1118C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71AA	0_2_00CF71AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C571BB	0_2_00C571BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6D141	0_2_00C6D141

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00D91368 appears 35 times

Source: file.exe, 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: olubeyjy ZLIB complexity 0.9949934627283441

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 1762816 > 1048576

Source: file.exe

Static PE information: Raw size of olubeyjy is bigger than: 0x100000 < 0x1a8400

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.bb0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;olubeyjy:EW;nxtyhpgw:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1af23e should be: 0x1bb868

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: olubeyjy
Source: file.exe	Static PE information: section name: nxtyhpgw
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBED3D push 60C0C090h; mov dword ptr [esp], edx	0_2_00BBED4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBED3D push esi; mov dword ptr [esp], 5237913Ah	0_2_00BBF421
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC158D push 06A8CD5Ah; mov dword ptr [esp], ecx	0_2_00BC15C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC40AE push edi; mov dword ptr [esp], ecx	0_2_00BC40B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC40AE push ebp; mov dword ptr [esp], 7BFF8E2Eh	0_2_00BC40BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D200C6 push edi; iretd	0_2_00D200C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push 1BE76B0Fh; mov dword ptr [esp], ecx	0_2_00CD858F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push edi; mov dword ptr [esp], ebx	0_2_00CD85A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push eax; mov dword ptr [esp], ecx	0_2_00CD85B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push edi; mov dword ptr [esp], 44DC3E97h	0_2_00CD86D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push 3F58E264h; mov dword ptr [esp], edx	0_2_00CD86F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push 57D6008Ch; mov dword ptr [esp], edx	0_2_00CD87C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push 5E16D1E5h; mov dword ptr [esp], ebp	0_2_00CD880E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push edi; mov dword ptr [esp], eax	0_2_00CD8829
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D200BB push ecx; iretd	0_2_00D200C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push 6851DE28h; mov dword ptr [esp], ecx	0_2_00C6E099
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push eax; mov dword ptr [esp], 7AAD3C3Eh	0_2_00C6E0CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push ebx; mov dword ptr [esp], 4A16EEB2h	0_2_00C6E122
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push 3BC8E091h; mov dword ptr [esp], edi	0_2_00C6E17C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push edx; mov dword ptr [esp], eax	0_2_00C6E1E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push ebx; mov dword ptr [esp], eax	0_2_00C6E1F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push ebp; mov dword ptr [esp], 5C2DA580h	0_2_00C6E21A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push esi; mov dword ptr [esp], ebp	0_2_00C764D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push 38C03B0Fh; mov dword ptr [esp], eax	0_2_00C76561
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push 1946E575h; mov dword ptr [esp], ebx	0_2_00C76570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push edi; mov dword ptr [esp], 4EADBF71h	0_2_00C76574
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push 59EEF749h; mov dword ptr [esp], ebx	0_2_00C76601
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push ebx; mov dword ptr [esp], 3FFBA212h	0_2_00C76606
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push 2E984BC2h; mov dword ptr [esp], ebp	0_2_00C76641
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push ebp; mov dword ptr [esp], eax	0_2_00C76661
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1A04C push 4E11870Fh; mov dword ptr [esp], ebx	0_2_00E1A347

Source: file.exe	Static PE information: section name: entropy: 7.794995507460187
Source: file.exe	Static PE information: section name: olubeyjy entropy: 7.953111192474588

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D861 second address: D3D865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D865 second address: D3D869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D869 second address: D3D877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FEAD881CEF6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D877 second address: D3D8A2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD9B2A9F6h 0x00000008 jmp 00007FEAD9B2AA04h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007FEAD9B2A9F8h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8A2 second address: D3D8A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8A8 second address: D3D8C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FEAD9B2AA01h 0x0000000b jns 00007FEAD9B2A9F6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CAD9 second address: D3CAE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jl 00007FEAD881CEFCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CAE8 second address: D3CAFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FEAD9B2AA04h 0x0000000b pushad 0x0000000c ja 00007FEAD9B2A9F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CD85 second address: D3CD93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FEAD881CEF6h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CD93 second address: D3CDB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FEAD9B2AA09h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CDB5 second address: D3CDFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jp 00007FEAD881CEF6h 0x00000010 jp 00007FEAD881CEF6h 0x00000016 pop esi 0x00000017 jmp 00007FEAD881CF06h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CF7C second address: D3CF92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EC3C second address: D3EC88 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FEAD881CF09h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FEAD881CEFCh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FEAD881CF05h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EC88 second address: D3ECB0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ebx 0x0000000a jmp 00007FEAD9B2A9FFh 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jg 00007FEAD9B2AA0Fh 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3ECB0 second address: D3ED11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a add dword ptr [ebp+122D244Dh], esi 0x00000010 push 00000003h 0x00000012 sub dword ptr [ebp+122D25B3h], edx 0x00000018 xor ecx, 789F98E4h 0x0000001e push 00000000h 0x00000020 push 00000003h 0x00000022 push 00000000h 0x00000024 push ebp 0x00000025 call 00007FEAD881CEF8h 0x0000002a pop ebp 0x0000002b mov dword ptr [esp+04h], ebp 0x0000002f add dword ptr [esp+04h], 00000019h 0x00000037 inc ebp 0x00000038 push ebp 0x00000039 ret 0x0000003a pop ebp 0x0000003b ret 0x0000003c mov di, bx 0x0000003f push BFB48249h 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jng 00007FEAD881CEF6h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3ED11 second address: D3ED17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EDED second address: D3EE69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a add dword ptr [esp], 1B5EF0DBh 0x00000011 movzx ecx, cx 0x00000014 push 00000003h 0x00000016 push 00000000h 0x00000018 mov cx, ax 0x0000001b jmp 00007FEAD881CF09h 0x00000020 push 00000003h 0x00000022 jmp 00007FEAD881CF07h 0x00000027 push D29A62AAh 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FEAD881CF04h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EE69 second address: D3EE78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD9B2A9FBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D51E29 second address: D51E2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D51E2F second address: D51E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6049E second address: D604B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD881CF02h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D604B6 second address: D604BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D604BB second address: D604C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D604C0 second address: D604CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D288BD second address: D288CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jo 00007FEAD881CEF6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D288CA second address: D288DE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEAD9B2A9FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E521 second address: D5E55B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF06h 0x00000007 jmp 00007FEAD881CF02h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FEAD881CEFAh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E6D3 second address: D5E6D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E6D7 second address: D5E706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF08h 0x00000007 jp 00007FEAD881CEF6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FEAD881CEFDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5EE8B second address: D5EE95 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEAD9B2A9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F180 second address: D5F185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F404 second address: D5F408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F408 second address: D5F40C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F40C second address: D5F412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F412 second address: D5F43B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FEAD881CEF6h 0x0000000d jne 00007FEAD881CEF6h 0x00000013 popad 0x00000014 pop edi 0x00000015 push esi 0x00000016 jmp 00007FEAD881CEFBh 0x0000001b jc 00007FEAD881CEFCh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F581 second address: D5F585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D533DB second address: D533DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D533DF second address: D533E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A39C second address: D2A3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FD7E second address: D5FD8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FD8A second address: D5FD8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FD8E second address: D5FDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEAD9B2AA01h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007FEAD9B2AA04h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FDC1 second address: D5FDD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD881CF00h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FDD5 second address: D5FDDB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60053 second address: D60058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60058 second address: D60064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60064 second address: D60068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60327 second address: D6032C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6032C second address: D60351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 jnl 00007FEAD881CEF6h 0x0000000e jmp 00007FEAD881CF05h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6362C second address: D63631 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63631 second address: D63679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007FEAD881CF00h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007FEAD881CF08h 0x00000017 mov eax, dword ptr [eax] 0x00000019 push edx 0x0000001a pushad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push edi 0x0000001e pop edi 0x0000001f popad 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push edi 0x0000002a pop edi 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63679 second address: D63687 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2A9FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63687 second address: D6368D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6C434 second address: D6C43D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B871 second address: D6B87B instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD881CEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B87B second address: D6B889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BB38 second address: D6BB49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FEAD881CEF6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF62 second address: D6BF66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF66 second address: D6BF72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF72 second address: D6BF78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF78 second address: D6BF7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6C0BB second address: D6C0E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FEAD9B2A9FCh 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FEAD9B2AA04h 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FEAD9B2A9FCh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6C2BA second address: D6C2BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D30E second address: D6D331 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D331 second address: D6D337 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D337 second address: D6D33C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D33C second address: D6D34B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D34B second address: D6D39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007FEAD9B2A9FFh 0x0000000c popad 0x0000000d mov eax, dword ptr [eax] 0x0000000f jns 00007FEAD9B2AA00h 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 jmp 00007FEAD9B2A9FAh 0x0000001e pop eax 0x0000001f xor si, AD61h 0x00000024 mov edi, dword ptr [ebp+122D29B0h] 0x0000002a push 662797E2h 0x0000002f push eax 0x00000030 push edx 0x00000031 jc 00007FEAD9B2A9F8h 0x00000037 push eax 0x00000038 pop eax 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D828 second address: D6D82C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D82C second address: D6D830 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D830 second address: D6D836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6E0EA second address: D6E107 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FEAD9B2AA03h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6E300 second address: D6E32A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jns 00007FEAD881CEF6h 0x00000011 jmp 00007FEAD881CF08h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6E4EE second address: D6E4F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70EE5 second address: D70EEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70C78 second address: D70C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70EEB second address: D70EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D723E5 second address: D723F3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEAD9B2A9F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D72BB9 second address: D72BBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73840 second address: D73844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D72BBD second address: D72BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEAD881CEFEh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73844 second address: D73848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73848 second address: D7384E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7384E second address: D73858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FEAD9B2A9F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3424E second address: D34255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AB8F second address: D7AB93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79D67 second address: D79D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7ACA0 second address: D7AD26 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD9B2AA05h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push dword ptr fs:[00000000h] 0x00000014 mov edi, dword ptr [ebp+122D2229h] 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FEAD9B2A9F8h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 00000015h 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b jnc 00007FEAD9B2A9FCh 0x00000041 mov eax, dword ptr [ebp+122D0425h] 0x00000047 movzx ebx, bx 0x0000004a push FFFFFFFFh 0x0000004c mov ebx, dword ptr [ebp+122D2307h] 0x00000052 nop 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FEAD9B2AA09h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7DB88 second address: D7DB8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F7FB second address: D7F7FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7DB8C second address: D7DBA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F7FF second address: D7F81B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F81B second address: D7F8A5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEAD881CF0Ah 0x00000008 jmp 00007FEAD881CF04h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007FEAD881CEF8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov edi, dword ptr [ebp+122D2CE4h] 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FEAD881CEF8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000018h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 mov di, 0250h 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jc 00007FEAD881CF08h 0x0000005d jmp 00007FEAD881CF02h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA05 second address: D7FA09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA09 second address: D7FA0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84AC6 second address: D84ACA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85C2D second address: D85C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83BA7 second address: D83BBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEAD9B2A9FFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85C37 second address: D85CA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CEFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov bx, BDC7h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007FEAD881CEF8h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c mov ebx, 24725CA4h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007FEAD881CEF8h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d push eax 0x0000004e push ebx 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84C8A second address: D84CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 nop 0x00000007 sbb bx, D9A0h 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov ebx, dword ptr [ebp+122D2AC4h] 0x00000019 mov dword ptr fs:[00000000h], esp 0x00000020 xor dword ptr [ebp+124676B4h], eax 0x00000026 mov eax, dword ptr [ebp+122D066Dh] 0x0000002c jmp 00007FEAD9B2A9FDh 0x00000031 push FFFFFFFFh 0x00000033 add dword ptr [ebp+122D1B17h], ecx 0x00000039 nop 0x0000003a jc 00007FEAD9B2AA0Dh 0x00000040 jg 00007FEAD9B2AA07h 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84CF0 second address: D84CF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84CF4 second address: D84CFA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87B79 second address: D87B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87B7F second address: D87BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push edx 0x00000009 call 00007FEAD9B2A9F8h 0x0000000e pop edx 0x0000000f mov dword ptr [esp+04h], edx 0x00000013 add dword ptr [esp+04h], 00000015h 0x0000001b inc edx 0x0000001c push edx 0x0000001d ret 0x0000001e pop edx 0x0000001f ret 0x00000020 push 00000000h 0x00000022 mov dword ptr [ebp+122D18D4h], edx 0x00000028 push 00000000h 0x0000002a mov edi, dword ptr [ebp+1247C097h] 0x00000030 xchg eax, esi 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FEAD9B2AA08h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87BCF second address: D87BE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CEFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87BE2 second address: D87C02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87C02 second address: D87C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FEAD881CEF6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86EB9 second address: D86EDF instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEAD9B2AA08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FEAD9B2A9F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86EDF second address: D86EE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D6F second address: D87D79 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEAD9B2A9FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88D62 second address: D88D67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88D67 second address: D88D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FEAD9B2A9F6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 jc 00007FEAD9B2A9F6h 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88D7F second address: D88D85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B828 second address: D8B834 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FEAD9B2A9F6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B834 second address: D8B847 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jng 00007FEAD881CEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B847 second address: D8B857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD9B2A9FAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B857 second address: D8B85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B85C second address: D8B878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FEAD9B2A9FFh 0x0000000a jne 00007FEAD9B2A9F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E3EF second address: D8E3F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E3F5 second address: D8E3F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D21E26 second address: D21E42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEAD881CF07h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D238F8 second address: D23906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FEAD9B2A9F8h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D23906 second address: D2390E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2390E second address: D23912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9B130 second address: D9B134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9B134 second address: D9B161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FEAD9B2AA07h 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FEAD9B2A9F6h 0x00000015 jne 00007FEAD9B2A9F6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC1C second address: DAAC20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC20 second address: DAAC28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC28 second address: DAAC2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC2C second address: DAAC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC35 second address: DAAC59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEAD881CF09h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC59 second address: DAAC5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC5D second address: DAAC65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA98A4 second address: DA98B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FEAD9B2A9F6h 0x0000000d jbe 00007FEAD9B2A9F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA98B7 second address: DA98BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA98BB second address: DA98C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA98C1 second address: DA98D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FEAD881CEFCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA9EC3 second address: DA9EEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FEAD9B2AA04h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA9EEF second address: DA9F08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF04h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA307 second address: DAA350 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEAD9B2A9F6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007FEAD9B2AA1Fh 0x00000012 jmp 00007FEAD9B2AA03h 0x00000017 jmp 00007FEAD9B2AA06h 0x0000001c jmp 00007FEAD9B2A9FAh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA350 second address: DAA35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA4DA second address: DAA4DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA78B second address: DAA7A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FEAD881CF02h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA8E7 second address: DAA8EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA8EB second address: DAA904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD881CF03h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA904 second address: DAA90A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA90A second address: DAA910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA910 second address: DAA914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA914 second address: DAA949 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FEAD881CF04h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jmp 00007FEAD881CF08h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF556 second address: DAF55A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF55A second address: DAF57F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FEAD881CEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FEAD881CF05h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF6FB second address: DAF707 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEAD9B2A9F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF84A second address: DAF86A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FEAD881CEF6h 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007FEAD881CF00h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFAE3 second address: DAFAEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jl 00007FEAD9B2A9F6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFD9F second address: DAFDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFDA9 second address: DAFDAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFDAD second address: DAFDD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEAD881CEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FEAD881CEF6h 0x00000014 jmp 00007FEAD881CF02h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53F7D second address: D53F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB07A7 second address: DB07B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB07B1 second address: DB07B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E22 second address: D26E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEAD881CEFDh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E34 second address: D26E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E40 second address: D26E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4643 second address: DB467F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jg 00007FEAD9B2AA23h 0x0000000f jmp 00007FEAD9B2AA05h 0x00000014 jmp 00007FEAD9B2AA08h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D776BB second address: D776BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D776BF second address: D776E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FEAD9B2A9F8h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jmp 00007FEAD9B2A9FFh 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B04 second address: D77B08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B08 second address: D77B0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B6F second address: D77B75 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B75 second address: D77B7F instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD9B2A9FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B7F second address: D77BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 3ECF6EB3h 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FEAD881CEF8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 push F8A79340h 0x0000002c push eax 0x0000002d push edx 0x0000002e push edx 0x0000002f jnl 00007FEAD881CEF6h 0x00000035 pop edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7855D second address: D78567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FEAD9B2A9F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78567 second address: D78583 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEAD881CF00h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78419 second address: D7841D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7876B second address: D78784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD881CF05h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78784 second address: D78788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB495E second address: DB4965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4965 second address: DB4971 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4971 second address: DB497C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB497C second address: DB4982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4982 second address: DB498F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB498F second address: DB4993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4993 second address: DB49AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CEFBh 0x00000007 jmp 00007FEAD881CEFDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB49AF second address: DB49CD instructions: 0x00000000 rdtsc 0x00000002 js 00007FEAD9B2AA04h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FEAD9B2A9FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FEAD9B2A9F6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4C3A second address: DB4C40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4C40 second address: DB4C44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4D85 second address: DB4D89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB501D second address: DB503A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEAD9B2AA07h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBB5DC second address: DBB5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007FEAD881CEF6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBEA4D second address: DBEA56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBEA56 second address: DBEA60 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEAD881CEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2BE8F second address: D2BE94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC449C second address: DC44A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC44A2 second address: DC44B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 ja 00007FEAD9B2A9F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC36FE second address: DC3708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3708 second address: DC372D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEAD9B2A9F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jc 00007FEAD9B2A9FEh 0x00000013 jnc 00007FEAD9B2A9F6h 0x00000019 push edx 0x0000001a pop edx 0x0000001b jc 00007FEAD9B2A9FEh 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC372D second address: DC3736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D24 second address: DC3D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FEAD9B2A9F6h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D32 second address: DC3D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FEAD881CEF6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30CD7 second address: D30CFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FEAD9B2A9F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30CFB second address: D30D12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF03h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6528 second address: DC652C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC652C second address: DC6532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6532 second address: DC653E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FEAD9B2A9F6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC653E second address: DC6598 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEAD881CEF6h 0x00000008 jmp 00007FEAD881CF02h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FEAD881CF04h 0x00000015 jmp 00007FEAD881CF04h 0x0000001a jbe 00007FEAD881CEF6h 0x00000020 push edi 0x00000021 pop edi 0x00000022 popad 0x00000023 pop edx 0x00000024 pop eax 0x00000025 push ebx 0x00000026 pushad 0x00000027 jc 00007FEAD881CEF6h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6598 second address: DC65A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC65A2 second address: DC65A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC66F3 second address: DC66F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9B26 second address: DC9B30 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD881CEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9B30 second address: DC9B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jnl 00007FEAD9B2A9F6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9B45 second address: DC9B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC94F5 second address: DC9502 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9502 second address: DC9506 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9506 second address: DC950C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9694 second address: DC9698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCEA06 second address: DCEA22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA07h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE03A second address: DCE040 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE15D second address: DCE167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE2C3 second address: DCE2C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE2C7 second address: DCE2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE462 second address: DCE467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE467 second address: DCE46D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE46D second address: DCE473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE473 second address: DCE477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE5F2 second address: DCE5F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3C58 second address: DD3C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jno 00007FEAD9B2A9F6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3EF1 second address: DD3F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD881CF00h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007FEAD881CEFFh 0x00000010 popad 0x00000011 push esi 0x00000012 jc 00007FEAD881CEF8h 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3F24 second address: DD3F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD4098 second address: DD40AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FEAD881CEF6h 0x0000000a ja 00007FEAD881CEF6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD4518 second address: DD451C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD451C second address: DD4534 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FEAD881CF02h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8477 second address: DD847B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7B18 second address: DD7B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7B1C second address: DD7B22 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7CD5 second address: DD7CF0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FEAD881CEFBh 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jl 00007FEAD881CEF6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7E30 second address: DD7E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD9B2AA02h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7E4C second address: DD7E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pop ecx 0x00000008 pushad 0x00000009 jmp 00007FEAD881CF02h 0x0000000e jmp 00007FEAD881CF07h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD81A1 second address: DD81A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD81A5 second address: DD81A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD81A9 second address: DD81AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD81AF second address: DD81D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEAD881CEFFh 0x00000008 jne 00007FEAD881CEF6h 0x0000000e popad 0x0000000f jp 00007FEAD881CEFCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDDDB5 second address: DDDDB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDDDB9 second address: DDDDC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDDDC8 second address: DDDDD2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEAD9B2A9FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDEB64 second address: DDEB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF06D second address: DDF071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF071 second address: DDF076 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF076 second address: DDF0A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD9B2AA08h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEAD9B2AA02h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF0A9 second address: DDF0C5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD881CEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEAD881CEFBh 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF96F second address: DDF975 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF975 second address: DDF98B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD881CF00h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF98B second address: DDF991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE12B8 second address: DE12BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE12BE second address: DE12C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE6A50 second address: DE6A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9E3F second address: DE9E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEA3C7 second address: DEA3D3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEA3D3 second address: DEA3DE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEA98A second address: DEA990 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEA990 second address: DEA99A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD9B2A9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEC24A second address: DEC262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007FEAD881CEFEh 0x0000000b pop edi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEC262 second address: DEC268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF4E18 second address: DF4E52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEAD881CEFBh 0x00000010 pushad 0x00000011 je 00007FEAD881CEF6h 0x00000017 jne 00007FEAD881CEF6h 0x0000001d push edx 0x0000001e pop edx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3606 second address: DF360C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF360C second address: DF363F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FEAD881CEFCh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007FEAD881CF05h 0x00000016 jno 00007FEAD881CEF6h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF363F second address: DF3647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3647 second address: DF364B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3BA4 second address: DF3BA9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3D09 second address: DF3D0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3D0E second address: DF3D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEAD9B2AA08h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3D2D second address: DF3D5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF03h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007FEAD881CEF6h 0x0000001c je 00007FEAD881CEF6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFCAF6 second address: DFCAFB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFCE0A second address: DFCE10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E152F8 second address: E15320 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007FEAD9B2A9F6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c jmp 00007FEAD9B2AA05h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13E58 second address: E13E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13E62 second address: E13E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1CE2D second address: E1CE31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1CC85 second address: E1CC89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1CC89 second address: E1CC99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FEAD881CEFEh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F373 second address: E1F37F instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEAD9B2A9F6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F37F second address: E1F39B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FEAD881CF06h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F39B second address: E1F39F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F210 second address: E1F21A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F21A second address: E1F21E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F21E second address: E1F222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F222 second address: E1F235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FEAD9B2A9F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F235 second address: E1F23C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25310 second address: D25316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2914C second address: E29155 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E29155 second address: E2915A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E27B27 second address: E27B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jl 00007FEAD881CEF6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E27B37 second address: E27B54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FEAD9B2A9F6h 0x0000000d jmp 00007FEAD9B2AA00h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E27B54 second address: E27B5E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEAD881CEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E27E54 second address: E27E68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FEAD9B2A9F6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jc 00007FEAD9B2A9FCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28205 second address: E28209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28209 second address: E28250 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEAD9B2AA06h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FEAD9B2AA01h 0x00000011 jmp 00007FEAD9B2AA07h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283B5 second address: E283BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283BA second address: E283C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283C6 second address: E283CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283CF second address: E283D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283D3 second address: E283ED instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD881CEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007FEAD881CF21h 0x00000012 push eax 0x00000013 push edx 0x00000014 jp 00007FEAD881CEF6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283ED second address: E283F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28E98 second address: E28E9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28E9D second address: E28EA8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28EA8 second address: E28EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FEAD881CEF6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEAD881CEFEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28EC7 second address: E28ED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FEAD9B2A9F6h 0x00000009 jns 00007FEAD9B2A9F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2CE7E second address: E2CE82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E43F68 second address: E43FA0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD9B2A9F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FEAD9B2AA00h 0x00000010 jmp 00007FEAD9B2AA07h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E43FA0 second address: E43FA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E43FA4 second address: E43FB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA01h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E46803 second address: E4680D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E95F second address: E4E97C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 jmp 00007FEAD9B2AA04h 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E97C second address: E4E986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DC72 second address: E4DC78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DC78 second address: E4DC7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DDBD second address: E4DDC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DDC3 second address: E4DDCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DDCF second address: E4DDDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FEAD9B2A9F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DDDE second address: E4DDE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E1E1 second address: E4E1E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E348 second address: E4E356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD881CEFAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E4B6 second address: E4E4C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEAD9B2A9FAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E4C7 second address: E4E4DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CEFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E4DA second address: E4E4DF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E4DF second address: E4E4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FEAD881CF05h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E67C second address: E4E681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E681 second address: E4E687 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E687 second address: E4E694 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E694 second address: E4E69A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5A750 second address: E5A779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD9B2A9FDh 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEAD9B2AA04h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51C17 second address: E51C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51C1B second address: E51C29 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD9B2A9F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51C29 second address: E51C88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push ecx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jnc 00007FEAD881CEF6h 0x00000011 pop ecx 0x00000012 jbe 00007FEAD881CF08h 0x00000018 pushad 0x00000019 jmp 00007FEAD881CF04h 0x0000001e jmp 00007FEAD881CF00h 0x00000023 jmp 00007FEAD881CEFEh 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51C88 second address: E51C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jns 00007FEAD9B2A9F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51E2E second address: E51E61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FEAD881CEFAh 0x0000000a jp 00007FEAD881CEF8h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FEAD881CF02h 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jns 00007FEAD881CEF6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51E61 second address: E51E65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E52FFE second address: E53041 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF09h 0x00000007 jmp 00007FEAD881CEFEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007FEAD881CEFCh 0x00000016 js 00007FEAD881CEF6h 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f jne 00007FEAD881CEF6h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E53041 second address: E53072 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEAD9B2AA09h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007FEAD9B2AA01h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEAD9B2A9FEh 0x00000016 jo 00007FEAD9B2A9F6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D702B2 second address: D702B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D7776D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DFE7EF instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4C60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4DC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4C60000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BC28FA rdtsc

0_2_00BC28FA

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7444

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D9E13C GetSystemInfo,VirtualAlloc,

0_2_00D9E13C

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BC28FA rdtsc

0_2_00BC28FA

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BBB909 LdrInitializeThunk,VirtualProtect,

0_2_00BBB909

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: &Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D954B5 GetSystemTime,GetFileTime,

0_2_00D954B5

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\Desktop\file.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\Desktop\file.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Bypass User Account Control	261 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	261 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	24 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1533002
Start date and time:	2024-10-14 09:45:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtProtectVirtualMemory calls found.

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.933795244521296
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'762'816 bytes
MD5:	8e7b1277f59e4026ab6f51465fac3a86
SHA1:	f5b35e55ce77e8d3272a8643084927e5fbdf6d7f
SHA256:	2b827e1a195301d413885981ca553b38570d8d79488a2f57b573580dc7420496
SHA512:	1939267885b3d733b87bd2cfee906fd151cc1aa20fb4c740ba2eb56756cc569c8e2c484c8a922734f2717a66c15558a901f4d1eb9bdc2d6be689386cb3e675b8
SSDEEP:	24576:etL61Ynmht43wMtixEZpoXLeKzJbAv3JCVM59vaiu5qm/1MaCWRAm2IbYgAwsEPw:eM12KONUbeKyhCVM5ih1Ma3BzYf7i
TLSH:	8485334317078756CC0F803A2197CEC6A86837A4784C48B57F5B7BEA5DEAFAB2C44661
File Content Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... F.. ...`....@.. .......................`F.....>.....`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x862000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:	0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FEAD88B1F9Ah
pinsrw mm3, word ptr [edx], 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FEAD88B3F95h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], ch
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8055	0x69	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x59c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x81f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x2000	0x4000	0x1200	b0a249606cfe1e876096405b94605975	False	0.9327256944444444	data	7.794995507460187	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6000	0x59c	0x600	aae15e30898a02f09cc86ed48aa06b09	False	0.4140625	data	4.036947054771808	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x8000	0x2000	0x200	ec9cb51e8cb4ea49a56ee3cf434fb69e	False	0.1484375	data	0.9342685949460681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0xa000	0x2ac000	0x200	9b812de8685812f10b3da1f3f6a2b7af	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
olubeyjy	0x2b6000	0x1aa000	0x1a8400	8e2988402814b8b16021d649671c0b07	False	0.9949934627283441	data	7.953111192474588	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
nxtyhpgw	0x460000	0x2000	0x400	cc5328c4c286a06e25abcfefe394bd00	False	0.8125	data	6.27398716845765	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x462000	0x4000	0x2200	b0f58a33c824d86548bab9186f8c9cf9	False	0.06985294117647059	DOS executable (COM)	0.8933642898476719	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x6090	0x30c	data			0.42948717948717946
RT_MANIFEST	0x63ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
kernel32.dll	lstrcpy

Target ID:	0
Start time:	03:46:12
Start date:	14/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xbb0000
File size:	1'762'816 bytes
MD5 hash:	8E7B1277F59E4026AB6F51465FAC3A86
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	3.5%
Signature Coverage:	4%
Total number of Nodes:	347
Total number of Limit Nodes:	21

Executed Functions

Function 00D9E13C Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,-11715FEC), ref: 00D9E148
VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 00D9E1A9

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: 309961e5a64476061e5012944941f898225c2f6d5829664234c18dad625e0d12
Instruction ID: 4f2c6cf5aed38090ec2c505e343f66fda6d37707b1b805b5e4a7cc659ceb7874
Opcode Fuzzy Hash: 309961e5a64476061e5012944941f898225c2f6d5829664234c18dad625e0d12
Instruction Fuzzy Hash: 35415871D04206AFE729DFA2D845F96BBACFF0D741F1004A6AA03CE882D67195D48BF4

Function 00BBB909 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4448cd6091ec6475fa4f1638edda57b0d5a6f5c67cf2f647263ecadcc502b31
Instruction ID: c90085856290124b54d28b4ebc85354f458219e3fea16301a79c552e958efc94
Opcode Fuzzy Hash: f4448cd6091ec6475fa4f1638edda57b0d5a6f5c67cf2f647263ecadcc502b31
Instruction Fuzzy Hash: 9E51C0B2C0DBD18FD7124F2888247A57FB1EF02314F0A41EAC8C59B6A7D7A85C45C796

Function 00D92A3B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?), ref: 00D92B4C
LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 00D92B60

Strings

1002, xrefs: 00D92B16
.dll, xrefs: 00D92A83
.exe, xrefs: 00D92AA7

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: .dll$.exe$1002
API String ID: 1029625771-847511843
Opcode ID: bb5b0d6fee4b87183057e641397579ff061f7bca6ff908909cc66c6a38871485
Instruction ID: b4f9efa877470bd5fe7b45822e6b58e78f32d95499a7c6c0714a3a23cc95090c
Opcode Fuzzy Hash: bb5b0d6fee4b87183057e641397579ff061f7bca6ff908909cc66c6a38871485
Instruction Fuzzy Hash: D4319E36900205FFDF25AF50D905ABE7BB9FF18354F148165F90296125C731D9A0EBB1

Function 00D92F41 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00D92ED3,?,00000000,00000000), ref: 00D92FFE
GetModuleHandleA.KERNEL32(00000000,?,?,?,00D92ED3,?,00000000,00000000), ref: 00D9300C

Strings

.dll, xrefs: 00D92F74

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: HandleModule
String ID: .dll
API String ID: 4139908857-2738580789
Opcode ID: 1b22b6c8554fb3cafa9842e4127ce651670af36d4f6b040c17e7d11efb3d4cf2
Instruction ID: 767207aa06e34f34e967617a5c8c401fbb95cd43ad24f7fe7fa723d80da0ef20
Opcode Fuzzy Hash: 1b22b6c8554fb3cafa9842e4127ce651670af36d4f6b040c17e7d11efb3d4cf2
Instruction Fuzzy Hash: B7118B34205206FEEF31DF11C808BA97AB9FF50354F088226B806498A1C7B4D9E0DAB2

Function 00D9589B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(00775174,-11715FEC), ref: 00D95914
GetFileAttributesA.KERNEL32(00000000,-11715FEC), ref: 00D95922

Strings

@, xrefs: 00D958C7

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2726393805
Opcode ID: 9756b335aa4535047577a7b13eff395f6812773fa5f897853ebe49b88c67517c
Instruction ID: 43d3d9cd7a538641cf8b7e149ebec4e1715e57ca2f2acacdb032e6ce82f46515
Opcode Fuzzy Hash: 9756b335aa4535047577a7b13eff395f6812773fa5f897853ebe49b88c67517c
Instruction Fuzzy Hash: E101D134600A06FAEF22AF64E90979C7E70EF40344F148134E54375099C7B08A81DFB0

Function 00D9191B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddExtensionA.KERNELBASE(?,00000000), ref: 00D9197D

Strings

\\?\, xrefs: 00D919D8

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: ExtensionPath
String ID: \\?\
API String ID: 158807944-4282027825
Opcode ID: 587adc1a22cc4f9c6ed9b7529acd19e55c7e1948c3aba798915b935c2bfe1285
Instruction ID: 29640de4c43833bde46a95e57a601fbb0589456664a857d0022b6d1b88e3e21c
Opcode Fuzzy Hash: 587adc1a22cc4f9c6ed9b7529acd19e55c7e1948c3aba798915b935c2bfe1285
Instruction Fuzzy Hash: 7A312879A0160ABEEF22DF94CC09F9EBB76FF44304F444264F912A50A0D3729A61DF64

Function 00D9302A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D91368: GetCurrentThreadId.KERNEL32 ref: 00D91377

GetModuleHandleExA.KERNELBASE(?,?,?), ref: 00D9308E

Strings

.dll, xrefs: 00D9304B

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CurrentHandleModuleThread
String ID: .dll
API String ID: 2752942033-2738580789
Opcode ID: 0e3ac4c80679bad37eb8ba08b216c7f2e4e1ef8e5aab95263d3b6fa74de87127
Instruction ID: 4e2815814ee9b436b0e2f3e05a7d1168a4e862ae60505d14a7bea8f257faa5d1
Opcode Fuzzy Hash: 0e3ac4c80679bad37eb8ba08b216c7f2e4e1ef8e5aab95263d3b6fa74de87127
Instruction Fuzzy Hash: A4F09A7A200205BFDF20DF64D84ABAD7BA4FF18350F148124FE098A052C732CA60EA31

Function 00D95AB7 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00775174,?,?,-11715FEC,?,?,?,-11715FEC,?), ref: 00D95B69

Part of subcall function 00D95A69: IsBadWritePtr.KERNEL32(?,00000004), ref: 00D95A77

CreateFileA.KERNEL32(?,?,?,-11715FEC,?,?,?,-11715FEC,?), ref: 00D95B89

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CreateFile$Write
String ID:
API String ID: 1125675974-0
Opcode ID: fd5c78393db6279a01c14634241682751e6ab79e614f02b6a3d25ca8ce45a9aa
Instruction ID: 2fcb3bff2db68b1b3ef2238443dd6d4328218a434724f05da851d8f227947d25
Opcode Fuzzy Hash: fd5c78393db6279a01c14634241682751e6ab79e614f02b6a3d25ca8ce45a9aa
Instruction Fuzzy Hash: BF11F93210064AFEDF239F94ED09F9D3B72BF44348F148225B906254A8C376C9A1EB71

Function 00D95423 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D91368: GetCurrentThreadId.KERNEL32 ref: 00D91377

GetCurrentProcess.KERNEL32(-11715FEC), ref: 00D95430
DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D95496

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: Current$DuplicateHandleProcessThread
String ID:
API String ID: 3748180921-0
Opcode ID: c57c64e02be2f6b51c0c1a2ba59083aab274d51e8e2e60891242cd0104c3f19a
Instruction ID: 87310e10986e391e91bc5bf3ad16a385a6b67e28e3421c67cdace31eea2d0d58
Opcode Fuzzy Hash: c57c64e02be2f6b51c0c1a2ba59083aab274d51e8e2e60891242cd0104c3f19a
Instruction Fuzzy Hash: A9016D3610090BFB8F62AFA4EC04C9E3B75FF983517048525FA4191019D736C1A1EB71

Function 00D9EB68 Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b4f15ac945b0130afe059c3581964d9c79d6dfc11a571e8ff70f17421d95e74
Instruction ID: 8c89102a7379e8132abc1403ecd7652c3f0fb9a332b6d7549472d7f40fa75201
Opcode Fuzzy Hash: 8b4f15ac945b0130afe059c3581964d9c79d6dfc11a571e8ff70f17421d95e74
Instruction Fuzzy Hash: 5F418E72900205EFEF25CF14CA44BADBBB1FF04314F288455E992AA591D371ED90DB71

Function 00D93AA2 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 00D93B57

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 7ae92f537e042a124a50bbd96518203b1be148e29797300dc149e24b5d08f986
Instruction ID: 86ce4b35098413bb3069f544f7107f85a99ab9679c6f2a7d3a68be917ec16c3d
Opcode Fuzzy Hash: 7ae92f537e042a124a50bbd96518203b1be148e29797300dc149e24b5d08f986
Instruction Fuzzy Hash: F03180B5600204BFEF209F64DC85F9EBBB8FF44718F248269F615AA191C771AA51DB30

Function 00D932BE Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 00D93340

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 75e987416d6c5cfe16c66ab82930c551dc7da282ab199282a4088017142fa216
Instruction ID: 4d5c1ee355b4d3936e173c20d3e0caf74bcbef9b1b4a2220f8558c089f56556d
Opcode Fuzzy Hash: 75e987416d6c5cfe16c66ab82930c551dc7da282ab199282a4088017142fa216
Instruction Fuzzy Hash: 7A318571A40304BEEF209F64DC45F99BBB8EB44724F248365F615AA0D1D7B2A6428B64

Function 00D9E8B5 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,?), ref: 00D9E962

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 5bf534b7867f7d3c481e86afe47acaba1cad399d233747e6209bb19cd5d824a3
Instruction ID: 3ec40fdd157ceb48a8de8f0274250149abf45894c786f3d667002ce9226c1f89
Opcode Fuzzy Hash: 5bf534b7867f7d3c481e86afe47acaba1cad399d233747e6209bb19cd5d824a3
Instruction Fuzzy Hash: 39119071A05229AFEF70CB068D48BAA7B7CFF44758F1951A5E885A6041D7709D808EB1

Function 04D40D43 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04D40DCD

Memory Dump Source

Source File: 00000000.00000002.1964667297.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d40000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: c2e5ccd651f71e785de37826d9c2804798a46d6b670a11c4dd95dd7245e960b8
Instruction ID: f847232e98eaabd82112ba5a1c831dccef54ce96eadc5bdd2384a42bf341d91d
Opcode Fuzzy Hash: c2e5ccd651f71e785de37826d9c2804798a46d6b670a11c4dd95dd7245e960b8
Instruction Fuzzy Hash: AD2104B6C012199FCB50CF99D885ADEFBB4FF88320F14865AD908AB344D774A545CBA4

Function 04D40D48 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04D40DCD

Memory Dump Source

Source File: 00000000.00000002.1964667297.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d40000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 628e60c6019c05e870048c7368b3e89e0d1aa28ef24de5d335565d5e0daf95c4
Instruction ID: 8d355ce7f98c17fcf927da927589a062c39a9a9386387c1b4061f0f9ece50a4a
Opcode Fuzzy Hash: 628e60c6019c05e870048c7368b3e89e0d1aa28ef24de5d335565d5e0daf95c4
Instruction Fuzzy Hash: E02102B6C002199FCB50CF99D884ADEFBF4FB88320F14865AD908AB204D774A544CBA4

Function 04D41509 Relevance: 1.6, APIs: 1, Instructions: 56serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04D41580

Memory Dump Source

Source File: 00000000.00000002.1964667297.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d40000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: eb1f7fa344d01c4bd4b715f6d969f61d81071a5fbab40d070261e6b328b107b4
Instruction ID: 2e9238a117f477aed159bce7a96e5dcf6c2b0d547d51cefef78b7f3fb46be952
Opcode Fuzzy Hash: eb1f7fa344d01c4bd4b715f6d969f61d81071a5fbab40d070261e6b328b107b4
Instruction Fuzzy Hash: 7C2103B59002499FDB20CF9AD585BDEFBF4EB48320F10842AE958A7240D778A644CFA5

Function 04D41510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04D41580

Memory Dump Source

Source File: 00000000.00000002.1964667297.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d40000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 30c39e1dda0480554b50a2ccab9e976c6376800f70ac6a97250f8376e55b8524
Instruction ID: 7f454500c76992f1547b30d591ea60a8e4427d8d63464ca5a181ee77ec5f3f12
Opcode Fuzzy Hash: 30c39e1dda0480554b50a2ccab9e976c6376800f70ac6a97250f8376e55b8524
Instruction Fuzzy Hash: 7211E4B5D002499FDB10CF9AC585BDEFBF8EB48320F14842AE559A3250D378A644CFA5

Function 00D965EF Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00D91368: GetCurrentThreadId.KERNEL32 ref: 00D91377

MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-11715FEC), ref: 00D96676

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CurrentFileThreadView
String ID:
API String ID: 1949693742-0
Opcode ID: 935cb378bf58ec1f394ad4bde6201f7944cab89eca1bd4dab66ccc4a7a385408
Instruction ID: 284a9c3c16fe215cb1f8d63bfc8dc8d1b8823195a649abd89cf947a20d7125b7
Opcode Fuzzy Hash: 935cb378bf58ec1f394ad4bde6201f7944cab89eca1bd4dab66ccc4a7a385408
Instruction Fuzzy Hash: 4411137610020AFFCF22AFA4CC0ADAE3B66FF58344B048561FA1159025C736D472EBB1

Function 00D963D7 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: d9c209612964d5839d2175d17b4229d65a99e47447db6b1d3e0cc8a32790fefa
Instruction ID: bf890483f337dd0c633e4a43f26640fc398ee26c850307b4367165fa44a8c514
Opcode Fuzzy Hash: d9c209612964d5839d2175d17b4229d65a99e47447db6b1d3e0cc8a32790fefa
Instruction Fuzzy Hash: CC11297210820AEBCF12AFE4C919E9E3BB5EF44344F188120FA1156061C736CA75EB70

Function 04D41301 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04D41367

Memory Dump Source

Source File: 00000000.00000002.1964667297.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d40000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 529abaccf4dbda3ab6e1d31629a7122ee982a426cac74eb94cc0c3a92f4f124e
Instruction ID: 702b7b49799a836cc6ce08411211953ec993a5840c20cbdb39f5f0305c11a25a
Opcode Fuzzy Hash: 529abaccf4dbda3ab6e1d31629a7122ee982a426cac74eb94cc0c3a92f4f124e
Instruction Fuzzy Hash: 971128B1800249CFDB10CF9AC589BDEFBF4EF48324F24845AD558A3640C778A544CFA5

Function 04D41308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04D41367

Memory Dump Source

Source File: 00000000.00000002.1964667297.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d40000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: becb2d5837197ae841aaf8d616d4221677e5b75862c2fcf09dcfa2658d10cd18
Instruction ID: 62af31ce77687c4b1c2303bf7f29d66c3fa463fb7bd0f503b4717a2edb15c772
Opcode Fuzzy Hash: becb2d5837197ae841aaf8d616d4221677e5b75862c2fcf09dcfa2658d10cd18
Instruction Fuzzy Hash: CC1106B1800249CFDB20CF9AC549BDEFBF8EB48324F24845AD558A3650D778A544CFA5

Function 00D95CBB Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00D91368: GetCurrentThreadId.KERNEL32 ref: 00D91377

ReadFile.KERNELBASE(?,00000000,?,00000400,?,-11715FEC,?,?,00D939EA,?,?,00000400,?,00000000,?,00000000), ref: 00D95D27

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CurrentFileReadThread
String ID:
API String ID: 2348311434-0
Opcode ID: 300d16bd6d5b3ac44d041a9633da571ade1bdec3225df67772d1e07188492a26
Instruction ID: 4aa7a6eece671637cc815dd09573e6e862cbb6b1f2b057e789c24d84ee96c709
Opcode Fuzzy Hash: 300d16bd6d5b3ac44d041a9633da571ade1bdec3225df67772d1e07188492a26
Instruction Fuzzy Hash: EDF0EC7620050ABBCF125F98ED09D9E3B66FF99354F048521FA015A065C732C5A1EB71

Function 00D91539 Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(?,?), ref: 00D9159D

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: fd436560118f12f6b16dd7c7521871b9044efbfe022e95cb1e6c50599831f0d4
Instruction ID: 0980469ed0d52bca06f3e35017859101a86e4a31134f137fa080b31c1c70d36a
Opcode Fuzzy Hash: fd436560118f12f6b16dd7c7521871b9044efbfe022e95cb1e6c50599831f0d4
Instruction Fuzzy Hash: 4501F63AA0010ABFCF529FA4CC04DDEBB76EF88B40F415161B802A4160D732CA61EF60

Function 00D9E4DF Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,00D9E4DB,?,?,00D9E1E1,?,?,00D9E1E1,?,?,00D9E1E1), ref: 00D9E4FF

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a6cbac0df49b48991c79fb7915499378137f120dd56e3b3defac07faeba04b97
Instruction ID: afd727f93a709b2467ef06a86323ec9c9a190f5eb04c8779ee9e8b248208c3d0
Opcode Fuzzy Hash: a6cbac0df49b48991c79fb7915499378137f120dd56e3b3defac07faeba04b97
Instruction Fuzzy Hash: 97F081B1900205EFDB64CF15CD04B59BFA4FF49765F268064F54AAB592E77198C0CBA0

Function 00D940BC Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 00D91368: GetCurrentThreadId.KERNEL32 ref: 00D91377

CloseHandle.KERNELBASE(00D93A7F,-11715FEC,?,?,00D93A7F,?), ref: 00D940FA

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CloseCurrentHandleThread
String ID:
API String ID: 3305057742-0
Opcode ID: c6f80beef021dd99b35eec21a21e7158a9fcb9b6b4f4cc489a7e7c03333ae2fb
Instruction ID: 59e869d6e62457d7da19093671f6a41fdd0b95540a308745386f6131600da049
Opcode Fuzzy Hash: c6f80beef021dd99b35eec21a21e7158a9fcb9b6b4f4cc489a7e7c03333ae2fb
Instruction Fuzzy Hash: FDE08676300307B6CF207B78D80AD4E2B78EFE4394B004132B202A5056CE24C5D6C670

Function 00BBED3D Relevance: 1.3, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00BBF454

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 130d8cce662491dc4adde68fa485f9f8464cdf260c9682474387f6542a37f073
Instruction ID: 75b381c9c930544fdbb4201be97df4beefab68b6420811a9a71069978d8bf272
Opcode Fuzzy Hash: 130d8cce662491dc4adde68fa485f9f8464cdf260c9682474387f6542a37f073
Instruction Fuzzy Hash: 11F07FB040CA06DFC708AF29D58127EFBE0EF48715F12882DE4CA96350E2715890DB5A

Function 00BBE8B0 Relevance: 1.3, APIs: 1, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00BBE8C7

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bf5cd1430128cb23eb1aff2ccdd313be6e022047b10f67a2ace75395e668de25
Instruction ID: c24ca43028947162b092b762ae46d6243d107ee16a39c811bf09fa097e1ca0db
Opcode Fuzzy Hash: bf5cd1430128cb23eb1aff2ccdd313be6e022047b10f67a2ace75395e668de25
Instruction Fuzzy Hash: 88E04874408505DFD704AF34C8C87FE77E1FF19311F204A54AAF3926A0D3715860DA56

Function 00D93181 Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,00D91207,?,?), ref: 00D93187

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 6fcda54a38b39369c2535aac75bd11b9a1f8ec07e59a401945bb7af9faf88dab
Instruction ID: 36c43bacd6870e2d8cf148a55eba4e0bbd0c3fa3d5424fed1babb4ddbb791348
Opcode Fuzzy Hash: 6fcda54a38b39369c2535aac75bd11b9a1f8ec07e59a401945bb7af9faf88dab
Instruction Fuzzy Hash: 11B09231000208BBCF12BFA1EC0688DBFA9FF51398B008120BA06540758B72EA609BA0

Non-executed Functions

Function 00D954B5 Relevance: 3.0, APIs: 2, Instructions: 43timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00D91368: GetCurrentThreadId.KERNEL32 ref: 00D91377

GetSystemTime.KERNEL32(?,-11715FEC), ref: 00D954EA
GetFileTime.KERNEL32(?,?,?,?,-11715FEC), ref: 00D9552D

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: Time$CurrentFileSystemThread
String ID:
API String ID: 2191017843-0
Opcode ID: 160cd18273d779a55cb54201f6e09caaa48fb2cd63fde84ee545e05cb9c6dd09
Instruction ID: 4a123744dcb40403baf07e902dad50e3ac964117c57a8fdd84de13160f0c78ce
Opcode Fuzzy Hash: 160cd18273d779a55cb54201f6e09caaa48fb2cd63fde84ee545e05cb9c6dd09
Instruction Fuzzy Hash: D801163620054AFBCF225F69F908D8EBF76EF95310B108625F40285466C732C8A1DB70

Function 00D222CC Relevance: 2.9, Strings: 1, Instructions: 1624COMMON

Download Yara Rule

Strings

747e, xrefs: 00D2326E

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 747e
API String ID: 0-3255134123
Opcode ID: ded87e1e61bc723c80edfd2d1ee9282492c3387b9c96d0432c4f09b14fbdebe1
Instruction ID: abb6f3ef61813263c9dcac0b3f09d6413720d734d0b6397ddbc237bee97e7cff
Opcode Fuzzy Hash: ded87e1e61bc723c80edfd2d1ee9282492c3387b9c96d0432c4f09b14fbdebe1
Instruction Fuzzy Hash: A7B23CF3A082049FE3046E2DEC8567ABBE9EF94720F1A453DE6C4C7744EA7598058793

Function 00D36263 Relevance: 2.8, Strings: 1, Instructions: 1554COMMON

Download Yara Rule

Strings

kA7z, xrefs: 00D36B62

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: kA7z
API String ID: 0-2632741119
Opcode ID: 64e901268fa015fd9c499832dd9a1149a654c871d2e4d7096da75cc415fc2c14
Instruction ID: 1780e1070c9930d3e6d9e4e628aff552de7f6670a93358e15cc2c91a6c78efec
Opcode Fuzzy Hash: 64e901268fa015fd9c499832dd9a1149a654c871d2e4d7096da75cc415fc2c14
Instruction Fuzzy Hash: 77B2D3F35086009FE304AF29EC8567AFBE5EF94720F1A893DEAC4C3344E63598558697

Function 00C54006 Relevance: 1.8, Strings: 1, Instructions: 566COMMON

Download Yara Rule

Strings

aD{t, xrefs: 00C54720

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: aD{t
API String ID: 0-1324253054
Opcode ID: 4b4350283867d562e4fe925bcfc349e5ac42f2e0f178c2d9f9bca605bb53e6cc
Instruction ID: 600d9fd1766d83f4640768df2bffa6df8fb28564a38a1895c67230d4efc64bd1
Opcode Fuzzy Hash: 4b4350283867d562e4fe925bcfc349e5ac42f2e0f178c2d9f9bca605bb53e6cc
Instruction Fuzzy Hash: 1B02D0F3F142204BF3544939DD983667A92EBD4324F2F86389B88A77C4D87E9D0A4284

Function 00CD8087 Relevance: 1.8, Strings: 1, Instructions: 548COMMON

Download Yara Rule

Strings

Ww.g, xrefs: 00CD86B3

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: Ww.g
API String ID: 0-4277234437
Opcode ID: 9e803f8d88b6ff279069a5280838ee62211d7736c18ed9f69995db1a5b795ff8
Instruction ID: 206990ff0a223066186b463aabee805dee828dcecd9842521b082a0bc9775aa3
Opcode Fuzzy Hash: 9e803f8d88b6ff279069a5280838ee62211d7736c18ed9f69995db1a5b795ff8
Instruction Fuzzy Hash: B80235F3F142108BF3085D68DC98366B692EB94320F2F423D9E99977C5E97E9D058385

Function 00C9638A Relevance: 1.8, Strings: 1, Instructions: 523COMMON

Download Yara Rule

Strings

vlz-, xrefs: 00C96862

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: vlz-
API String ID: 0-3201490705
Opcode ID: e31fca1666995a326127ec8151678ebdd8c6bd3629698bc5e441a7bd68e41516
Instruction ID: 30e98015683ea6b5746cf1b25ebd8d33515b674c7f66a806c7a4bbee38cb2f02
Opcode Fuzzy Hash: e31fca1666995a326127ec8151678ebdd8c6bd3629698bc5e441a7bd68e41516
Instruction Fuzzy Hash: CC02BEF3E152208BF3545D38DD88366B692EB94320F2B863D9F88A77C9D93E5D058385

Function 00C80217 Relevance: 1.8, Strings: 1, Instructions: 514COMMON

Download Yara Rule

Strings

3{, xrefs: 00C8093B

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 3{
API String ID: 0-135798182
Opcode ID: b96a1f4e311eb7d83219d132c75d67e89ecf40952caa0cfc96a9b1eacfc33b1b
Instruction ID: 297554e3f17285fddf6a133c82562a4512e42106beaf5043db78345a0dcefc83
Opcode Fuzzy Hash: b96a1f4e311eb7d83219d132c75d67e89ecf40952caa0cfc96a9b1eacfc33b1b
Instruction Fuzzy Hash: 4E0200B3F152208BF3445E39CCA8366B6D2EBD4320F2F423C8A99977C4D97E99058785

Function 00C1A039 Relevance: 1.8, Strings: 1, Instructions: 507COMMON

Download Yara Rule

Strings

.2NK, xrefs: 00C1A762

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: .2NK
API String ID: 0-3383938172
Opcode ID: 2d8caea2c320929a2d1a970e224d03c7a61fa37f87a63211437cd53c4fc0a42c
Instruction ID: ed737e714eddb4881cd29c5b46befc4a050e94768c00d4abbda2566ddb624068
Opcode Fuzzy Hash: 2d8caea2c320929a2d1a970e224d03c7a61fa37f87a63211437cd53c4fc0a42c
Instruction Fuzzy Hash: 9B02D0B3F042208BF3585E69DC99366B692EB94320F2B863DCF88977C4D97E5D058385

Function 00CDA492 Relevance: 1.7, Strings: 1, Instructions: 499COMMON

Download Yara Rule

Strings

{5v}, xrefs: 00CDAAD3

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: {5v}
API String ID: 0-3893038091
Opcode ID: 9ecdc4e2a8d644b288bae3dceca10e62a6d7df5d086ef3be0c575eadd8410a89
Instruction ID: cbb7adcd2b15af3f69013bc03641e29b69dbcd37593d1bf94d35ca7e07664491
Opcode Fuzzy Hash: 9ecdc4e2a8d644b288bae3dceca10e62a6d7df5d086ef3be0c575eadd8410a89
Instruction Fuzzy Hash: 2DF1E0F7F146244BF3448D29DD58366B696DBE4320F2F823D9E8897BC4E87E5C0A4285

Function 00C72650 Relevance: 1.7, Strings: 1, Instructions: 468COMMON

Download Yara Rule

Strings

>, xrefs: 00C72835

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: >
API String ID: 0-325317158
Opcode ID: 41fdb5836ad3e19caca81bb5491d156b14d7a0a58560618076fe1f3807f3ca3b
Instruction ID: 138237263959e3ee3f589cdf081da4a171701d03b83c663b7552f93116cb1a24
Opcode Fuzzy Hash: 41fdb5836ad3e19caca81bb5491d156b14d7a0a58560618076fe1f3807f3ca3b
Instruction Fuzzy Hash: C4E1D0F3F142204BF3445D39DC98366B692EBD4320F2B823D9B89977C9D87E5D098285

Function 00C95006 Relevance: 1.7, Strings: 1, Instructions: 465COMMON

Download Yara Rule

Strings

}Vm, xrefs: 00C955EA

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: }Vm
API String ID: 0-4220467978
Opcode ID: a497bf46255ab25b4d502065f3eb58ed19f5910ba1d2ebdc5453d898f6b0b996
Instruction ID: 35c3da38a9fe4386403f3f0933eaf90554468d17ae7aad1abd4d0f3f38175e2e
Opcode Fuzzy Hash: a497bf46255ab25b4d502065f3eb58ed19f5910ba1d2ebdc5453d898f6b0b996
Instruction Fuzzy Hash: 43E1CDF3E156144BF3185E29DC99376B6D3EBD4320F2B823C9A98977C4E93E9C058285

Function 00C841F2 Relevance: 1.7, Strings: 1, Instructions: 431COMMON

Download Yara Rule

Strings

z, xrefs: 00C843FC

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: z
API String ID: 0-1657960367
Opcode ID: 30e006633cd990de20c8ecf680bead1895d3c00a062dc53b342eba4a84955448
Instruction ID: 5eb96b922e6a6cdb764a28ccf5c3ab96ca6b25d23446dca89fcb0148f93b3e9b
Opcode Fuzzy Hash: 30e006633cd990de20c8ecf680bead1895d3c00a062dc53b342eba4a84955448
Instruction Fuzzy Hash: 66E1BEF3E142214BF3504D29DC983A6B692EB95320F2F4239DE8CA77C4E97E5D0682C5

Function 00CBC129 Relevance: 1.7, Strings: 1, Instructions: 424COMMON

Download Yara Rule

Strings

!VwO, xrefs: 00CBC676

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: !VwO
API String ID: 0-3622237813
Opcode ID: c7a29d6b88b262d94cb0ff60d347144d662171671a8bc8b76294ac5a01702de5
Instruction ID: e77597b65c235dd74dd8b7701dd7eab1d0afdaa94fe55f04b927970e0c9af8c4
Opcode Fuzzy Hash: c7a29d6b88b262d94cb0ff60d347144d662171671a8bc8b76294ac5a01702de5
Instruction Fuzzy Hash: 3CD1EFF3F142244BF3085A28DCA9376B692EB94310F2B423C9F89A77C5E87E5D094385

Function 00CAE28D Relevance: 1.6, Strings: 1, Instructions: 349COMMON

Download Yara Rule

Strings

@,~s, xrefs: 00CAE5F0

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: @,~s
API String ID: 0-4088876123
Opcode ID: 54e4a4d1fade405b1224994e22499866925964188519ee4a00cc54988173e394
Instruction ID: 448ff2d9c22a5756fa13af7cbb859b9e57563e93d82d3f6d671ff251c103cc7a
Opcode Fuzzy Hash: 54e4a4d1fade405b1224994e22499866925964188519ee4a00cc54988173e394
Instruction Fuzzy Hash: 32C146F3F1022547F3544979CD98362A6829B95724F2F82788F8CBB7C5E87E5D0A82C4

Function 00C1E2F9 Relevance: 1.6, Strings: 1, Instructions: 323COMMON

Download Yara Rule

Strings

z, xrefs: 00C1E551

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: z
API String ID: 0-1657960367
Opcode ID: c7d89deea5f8c4c37ef6a5a8a6c3207fdd03504657506ee363d0a3a45cf0865c
Instruction ID: c92d40d457fb44633e95623835fdc0109656cff4b0eb88266c3c0d64d3698264
Opcode Fuzzy Hash: c7d89deea5f8c4c37ef6a5a8a6c3207fdd03504657506ee363d0a3a45cf0865c
Instruction Fuzzy Hash: CEB18CF3F215214BF3588839CD593626683DBD5314F2F82788E8CAB7C9D87E8D0A5284

Function 00BFE0B4 Relevance: 1.5, Strings: 1, Instructions: 295COMMON

Download Yara Rule

Strings

, xrefs: 00BFE273

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 54bcd48d80deaa734166d5a38c6fe9484105d2ae2e8dd9ae609653e1042b6233
Instruction ID: 68663b39eba29dfcc8f56246ee57395f7bba113bc7897c7c515bc64a112d9cc6
Opcode Fuzzy Hash: 54bcd48d80deaa734166d5a38c6fe9484105d2ae2e8dd9ae609653e1042b6233
Instruction Fuzzy Hash: F3A16AB7F216258BF3444E28CC983616693DBE5320F2F81788E8C5B7C5D97E6D4A9384

Function 00CEC1F4 Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

2gL, xrefs: 00CEC449

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 2gL
API String ID: 0-3179125077
Opcode ID: 0111862ec68595c26482de874de7d091a48d44c7dc788a95e452f5f0afeb46a9
Instruction ID: 9cef4a4beb7350f7bcb3c91b45fe99e615f146a04385cb062b310690c126c9b9
Opcode Fuzzy Hash: 0111862ec68595c26482de874de7d091a48d44c7dc788a95e452f5f0afeb46a9
Instruction Fuzzy Hash: 6DA19CE3F116244BF3544838CDA83626643E7E5314F2F82388F5DABBCAD97E5D0A4284

Function 00CC84FA Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

(, xrefs: 00CC86D8

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 315135462a5861dec50d171a38cddd3388339a15e4741c464f7934899e53f2e2
Instruction ID: 88bfb09a40a002ccbbad17eba4b1c0c0389884c8cb60e15e31bf47999986ef02
Opcode Fuzzy Hash: 315135462a5861dec50d171a38cddd3388339a15e4741c464f7934899e53f2e2
Instruction Fuzzy Hash: C5A158F3F2012547F3540929CC683A6A643EBE1324F2F42388F8D6B7C5D97E9D0A5288

Function 00BE83B5 Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

N, xrefs: 00BE8557

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: 078ba94126d7d0fe10ac47b7fb5a9e8b166b5f31d48ec8aae9424b71395d0ac5
Instruction ID: 33c0a1ae27ebd718e7d225c0ede235476ef00664e64f0b34b4ad2e002cf32aad
Opcode Fuzzy Hash: 078ba94126d7d0fe10ac47b7fb5a9e8b166b5f31d48ec8aae9424b71395d0ac5
Instruction Fuzzy Hash: EFA18BF7F126214BF3544925CC983626683ABE5324F2F82788F9C6B3C5D87E5D0A5384

Function 00C623FC Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

@, xrefs: 00C624E4

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0696eb30c3905482a266157d4e096a50ac18240c21247e8a790f2a5e6588ea9b
Instruction ID: 303d3ca34af039b58dee6498dd38422793c3a1e81cd06d3f7c655de0209df4cd
Opcode Fuzzy Hash: 0696eb30c3905482a266157d4e096a50ac18240c21247e8a790f2a5e6588ea9b
Instruction Fuzzy Hash: 22918BB3F1112547F3544D29CC9836266839BE5324F2F82788E8DAB7C9ED7E5D069284

Function 00D96373 Relevance: 1.5, APIs: 1, Instructions: 24encryptionCOMMON

Download Yara Rule

APIs

CryptVerifySignatureA.ADVAPI32(?,?,?,?,?,?), ref: 00D963BA

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: CryptSignatureVerify
String ID:
API String ID: 1015439381-0
Opcode ID: a610bb40c24f069c50366d31a3a114504390b31218182de80bd09494089d30c4
Instruction ID: 874df6a8a90a8c6b03c4e7a0131bdda191bf704f4de089a12247dc29df863b0c
Opcode Fuzzy Hash: a610bb40c24f069c50366d31a3a114504390b31218182de80bd09494089d30c4
Instruction Fuzzy Hash: 46F0F83260120AEFCF01DF94C90498C7BB2FF58304B148129F91596111D376D660EF54

Function 00C4C274 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

MD4, xrefs: 00C4C276

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: MD4
API String ID: 0-2511775012
Opcode ID: 5b36de54808f6e49378538c8de0c665a1db6dac31108ce81deeec13c6a09b6a6
Instruction ID: e61e8b9040429542ecc2b5e162d082e5f634a6df0d18ff6591a614175de8d48a
Opcode Fuzzy Hash: 5b36de54808f6e49378538c8de0c665a1db6dac31108ce81deeec13c6a09b6a6
Instruction Fuzzy Hash: A6917DF3F2162147F3584878DC983616583DB99324F2F46788FADAB7C5D8BE9D068284

Function 00C1C35E Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

Dagp, xrefs: 00C1C678

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: Dagp
API String ID: 0-111033661
Opcode ID: ce4abcc1e2b8f6332509b442e647a3e4e3c1358a3d187b70fc43fe09a1528b0d
Instruction ID: 7f6930644c72ab5b85daf85e9b3747d0badf03f0485bddbb5d52606353729977
Opcode Fuzzy Hash: ce4abcc1e2b8f6332509b442e647a3e4e3c1358a3d187b70fc43fe09a1528b0d
Instruction Fuzzy Hash: D6916CB3F116258BF3444D38CCA83A27652EB91314F2F427C8E896B7C5D97E6E099284

Function 00CEE43F Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

`D, xrefs: 00CEE6B2

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: `D
API String ID: 0-276537467
Opcode ID: 0b2f016c0396b5f6556ca62881501af2188ce2a3a5eb925ffb94839c8753e0e8
Instruction ID: 9289775578b822edd437c9fd28a57da3e6c4033b2520036e22d1cce6ac681805
Opcode Fuzzy Hash: 0b2f016c0396b5f6556ca62881501af2188ce2a3a5eb925ffb94839c8753e0e8
Instruction Fuzzy Hash: 86917EB3F112254BF3944969CC983A27683DBD5321F2F82788E8CA77C5D97E5D0A9384

Function 00BD602C Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

0, xrefs: 00BD61C1

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9640b3eda05d6baae60d1e40f1d2e6e070b054ce7566dc512fddff79b1dbbc79
Instruction ID: a753882c9f02d8613d7268e0362858ade927a15fe15913a9d5d9c7f825e2e42e
Opcode Fuzzy Hash: 9640b3eda05d6baae60d1e40f1d2e6e070b054ce7566dc512fddff79b1dbbc79
Instruction Fuzzy Hash: EA916AF3F2012187F3584939CD683626692EB95324F2F82788F9DAB7C4D97E5D0A5384

Function 00CA8406 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

{, xrefs: 00CA85AA

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: 558cad5652a1e8697ac5c8148a5dd93e6e0329f026db106b916deee860cb3eaa
Instruction ID: 497cbed3a17676b338bb89e839d676800f203df912ffd118c7e75cb83d009127
Opcode Fuzzy Hash: 558cad5652a1e8697ac5c8148a5dd93e6e0329f026db106b916deee860cb3eaa
Instruction Fuzzy Hash: 5F9179F3F115244BF3544D39CC5836262839BE5324F2F82789E9CAB7C5E93E9D0A5684

Function 00C02345 Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

76#U, xrefs: 00C02345

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 76#U
API String ID: 0-3388363836
Opcode ID: 1182969f876628de368767c75d9cba36c6db25c4a8b2b874bb4fad316752930c
Instruction ID: fa6b153a6f33b501d3b9c226c7ee8aed160ca31485d271b801318e7a9d089286
Opcode Fuzzy Hash: 1182969f876628de368767c75d9cba36c6db25c4a8b2b874bb4fad316752930c
Instruction Fuzzy Hash: FB815DB3F211248BF3444A39CC583627693ABD6324F3F41788A9C5B7C4DD7EA90A9384

Function 00C370DC Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

b, xrefs: 00C3715B

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: f57e26bac6a09cf0af143b8cd0b0b7bc68b8bfeb95c833706d87f47c6aece6bb
Instruction ID: ec55ed4574a2ec71f620a15c5a6322f28dcb13285c698f40e95443f598838bf3
Opcode Fuzzy Hash: f57e26bac6a09cf0af143b8cd0b0b7bc68b8bfeb95c833706d87f47c6aece6bb
Instruction Fuzzy Hash: 5C617AB3F1122547F3544D29CCA8362B683EBE1320F2F82798E586B7C1D97E6E159384

Function 00C23191 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

q, xrefs: 00C23338

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: q
API String ID: 0-4110462503
Opcode ID: c1fd8389219d17e45e4f3aaeccb6cacdfa872d7493c91ae24c1469c31f84ff25
Instruction ID: 4f348eb6355b04d50def63ac4206f1358ba02b72572ac0e4b144176366273ab5
Opcode Fuzzy Hash: c1fd8389219d17e45e4f3aaeccb6cacdfa872d7493c91ae24c1469c31f84ff25
Instruction Fuzzy Hash: BA618FB3F112158BF3544D28CC683627253EBD5714F2F82788B995BBC8D93E9D0A9384

Function 00D12173 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

yok, xrefs: 00D1229F

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: yok
API String ID: 0-1215995153
Opcode ID: d45d2426291272e7a9f3158bfb7064c7b273a007af49fe29cbf83680f543b5f5
Instruction ID: 90afe59a273c1fe0a4bd41df69f17385d4cf969d972a708e73923bea52f88508
Opcode Fuzzy Hash: d45d2426291272e7a9f3158bfb7064c7b273a007af49fe29cbf83680f543b5f5
Instruction Fuzzy Hash: A8413AF39182145BF3085E28EC9277B76D9DB40364F1A423EEA86E3784E86A5C0581DA

Function 00C3A111 Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb0bd017f49d743ded9bdefbf3485222e1ad5e9b44efb60685bf13d113c961f
Instruction ID: 64f0682c3a32e1bf83fa0f8bec65063e4370d687504816444600dd60cf386b2f
Opcode Fuzzy Hash: fdb0bd017f49d743ded9bdefbf3485222e1ad5e9b44efb60685bf13d113c961f
Instruction Fuzzy Hash: C5025CB3F616240BF7644478CD58392598387E5320F2F8275CEAC6BBC6D8BE4D4A52C6

Function 00C7700A Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf59eef991b71dca3635c4345abbaac19d5439c9026c594c24f148388e695664
Instruction ID: a094bd2e6485172fe337648c95b75cab3980085260a4436f0068d829a75712aa
Opcode Fuzzy Hash: cf59eef991b71dca3635c4345abbaac19d5439c9026c594c24f148388e695664
Instruction Fuzzy Hash: 2602ADF3F102214BF3544E28CDA83667692DB95310F2B863CDE89AB7C4D97E5D0A9285

Function 00CAC4FE Relevance: .5, Instructions: 496COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d3745b9644d7cbc3e940e4804088b165916679c2afd64150ed1976a53a83123
Instruction ID: f71f5088a3827244a6bbcca66efb0e4dbe74409ae54e3623990da5106c064f25
Opcode Fuzzy Hash: 7d3745b9644d7cbc3e940e4804088b165916679c2afd64150ed1976a53a83123
Instruction Fuzzy Hash: 3DF1D0F3E152208BF3448D29DC58366B693EBD4324F2B853D9B88A77C4E93E5C068385

Function 00CE239C Relevance: .5, Instructions: 480COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc94309d31d6b292eb081d7662c84c55442c88a141feaeef7f2704f0ae37f06d
Instruction ID: 51897b0aaaa227f1e385d5d5eae54762e5c05266dc0eee4881d947259d72ea03
Opcode Fuzzy Hash: cc94309d31d6b292eb081d7662c84c55442c88a141feaeef7f2704f0ae37f06d
Instruction Fuzzy Hash: 57F1CFF3E146244BF3149D39DC583A6B696DBD4320F2F82399F98977C4E87E5C0A8285

Function 00C4031A Relevance: .5, Instructions: 472COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a5d0a3b36d2a3bfd7b81f323aa580d5bc80fc301c740812597e482326f20c5
Instruction ID: 10fd2758cf514ade8b18c959c7fd08850c9d13516c0000a58c7b4585726fe59f
Opcode Fuzzy Hash: c0a5d0a3b36d2a3bfd7b81f323aa580d5bc80fc301c740812597e482326f20c5
Instruction Fuzzy Hash: C6E1CCF3F552144BF3444869DD983A6B683DBD4324F2F823D9A88A77C5E8BE5D0A4284

Function 00C7606E Relevance: .5, Instructions: 456COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 311f281e69a0bc4863a92b63d253b1efdb25df608147b996be08b01517af6f77
Instruction ID: 665c7d11b34a6d7adc75e7bbf93f9c07c8dd532ddd2cc1dddb5bb29c590f99db
Opcode Fuzzy Hash: 311f281e69a0bc4863a92b63d253b1efdb25df608147b996be08b01517af6f77
Instruction Fuzzy Hash: E9E1BFF3E142208BF3545929DC99366B6D2EB94320F2F823D8E8DA77C5D97E5C068385

Function 00C650D2 Relevance: .4, Instructions: 434COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccd47179577e995cd1595e1f147384b139b10760a4045a10083a91791e67dd78
Instruction ID: 703a6e5d424da41ed5a2ea7983b85c809cb9ae638dace3b7655f9e4a8e8e81f2
Opcode Fuzzy Hash: ccd47179577e995cd1595e1f147384b139b10760a4045a10083a91791e67dd78
Instruction Fuzzy Hash: 7DE145F3E2292506F7654438CD583A2598397E1325F3FC2748E686BBCAD9BE4D4A43C4

Function 00D0D00F Relevance: .4, Instructions: 426COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f247a3ccefe76e21c72f764c60a42fbcf35f56e66a61b2411491f35921223433
Instruction ID: 63407470942b3cddb1ef3218c05606fe1842fad16887742330b6b85e6a10a739
Opcode Fuzzy Hash: f247a3ccefe76e21c72f764c60a42fbcf35f56e66a61b2411491f35921223433
Instruction Fuzzy Hash: AAE1C2F3F151108BF3045E28DD593767692EBD5320F2B863CDA889B7C8E93E99058785

Function 00C3A1E8 Relevance: .4, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6fab531c9812cbe53f09d0f01aec438384f4a837facce03af22974fbf4606ef
Instruction ID: 3b8c1f15130aa8e00aabc639252b91ea29315d87297a906235135ee88d470775
Opcode Fuzzy Hash: d6fab531c9812cbe53f09d0f01aec438384f4a837facce03af22974fbf4606ef
Instruction Fuzzy Hash: EDE12DB3F61A240BF7614079CD58392598343E1320F6F8275CEAC6BBC6D9BE4D5A42C6

Function 00C751F7 Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 971d52f45207e30521a6032ca42f1a079b6360dfa39b7478d71bfc134b8e84bc
Instruction ID: 10be710b25f66500240353b0c79cc25f3c35c61747071dd7902b8de0e0f24844
Opcode Fuzzy Hash: 971d52f45207e30521a6032ca42f1a079b6360dfa39b7478d71bfc134b8e84bc
Instruction Fuzzy Hash: FBD124F3F152204BF3445E28DC983667692EB94320F2B853CDAC99B7C5E93E5C058786

Function 00C2E1F0 Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6717861686dfa40d2d4e32a7ac3c5be25fa071788c88717428fa79a2859658e8
Instruction ID: 7cfb8af982a40d3406549ca48d1eb08fb5b7cea78b0cf50242b97f16a2817e63
Opcode Fuzzy Hash: 6717861686dfa40d2d4e32a7ac3c5be25fa071788c88717428fa79a2859658e8
Instruction Fuzzy Hash: 50D1BFF3F512244BF3848879DC983A26583D7D5314F2F82788F58AB7D5E8BE9D0A5284

Function 00BEC471 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bd5350afda9b0106f0247573b501f89e8a6de49519d117bd1b0a49dfe048bac
Instruction ID: 591dc6a506bbc15a75eb1c525fce54483c154706c28bcf9189e0345a2f0130b2
Opcode Fuzzy Hash: 1bd5350afda9b0106f0247573b501f89e8a6de49519d117bd1b0a49dfe048bac
Instruction Fuzzy Hash: BBD122B7F116254BF3944839CD583A26583ABD5324F2F82788F8C6BBC5D87E5D0A5288

Function 00CA7065 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 354ed709cfb2f66b736a2da3452d32fa2fe6f46286048568c02379a1577c77f2
Instruction ID: aca241acd3763fe5714a2f3ced9939c96f94199c2ad08bce0c2a76ffb57f3dce
Opcode Fuzzy Hash: 354ed709cfb2f66b736a2da3452d32fa2fe6f46286048568c02379a1577c77f2
Instruction Fuzzy Hash: 13D1C1F3F5122147F3544979DC983A26583DBE5315F2F82388E88ABBC9D8BE5D0A5380

Function 00C5A694 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35b0eb7aeb999186be162a5951e57def30125c0f75300e14300b01e45731236f
Instruction ID: 41393746d82d72b1085235fa6caf2f58b5cf9f94c6308f7c04d8b3ff2eaa2563
Opcode Fuzzy Hash: 35b0eb7aeb999186be162a5951e57def30125c0f75300e14300b01e45731236f
Instruction Fuzzy Hash: F8D156F3F516214BF3544879DD983A225839BE5324F2F82788F5C2BBC9D87E0D0A5284

Function 00CEA42B Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3444b785492261f48908b5d0cd479c93f5f4b55110b86c50a418efe5d4821e1
Instruction ID: 9a327242b5d8ff2cd8db8ceea97c551d2805ad337b108dbbfddd859d3ba8182a
Opcode Fuzzy Hash: f3444b785492261f48908b5d0cd479c93f5f4b55110b86c50a418efe5d4821e1
Instruction Fuzzy Hash: 89D189F3F5122547F7584839CD683A26683DBE1324F2F82388B9E6B7C5D87E5D0A5284

Function 00C0C644 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd848a5c3ec3408123d222d95ee5d85ee4c3b7f9e9d947065fd46b9ae7b4d465
Instruction ID: 47343182db18d5a08234548ebbbc42d9b99860d66aa41d28274c0771c1a736ad
Opcode Fuzzy Hash: fd848a5c3ec3408123d222d95ee5d85ee4c3b7f9e9d947065fd46b9ae7b4d465
Instruction Fuzzy Hash: 84D19FF3F1162547F3584938CC683A26583DBE5324F2F82788E9D6BBC9D87E5D0A5284

Function 00C10073 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c666d7e39a94fdee5772ffc0d988b67dd0d53de174adc6039682ecdaa3ba9f6
Instruction ID: 51497cc745ba20ebaf5e9ac3ad4140b9a5a722f11cc2dedc12b18866e9df9c20
Opcode Fuzzy Hash: 0c666d7e39a94fdee5772ffc0d988b67dd0d53de174adc6039682ecdaa3ba9f6
Instruction Fuzzy Hash: 9CD188F3F1122587F3484939CC683622643DBD6324F2F82788B9D6B7C9E87E5D0A5284

Function 00C68645 Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88c91b21c72c58057731e5a9e6dc075613a87fe88e2f084da1fc69464977997b
Instruction ID: 1b4f7919d7eb6ec5033c3104b5c5ab37f221e942514ff9b3357de16c3a8455de
Opcode Fuzzy Hash: 88c91b21c72c58057731e5a9e6dc075613a87fe88e2f084da1fc69464977997b
Instruction Fuzzy Hash: FAC17BB3F112254BF3544D39CDA83A26683EBD5320F2F82788E996B7C9DC7E5D095284

Function 00D0A296 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50bf7a8b61fb33561244fb62fbe830778cfc5fbae6d6dbf7b4a94db2a58f29fa
Instruction ID: c06187c85d70f9b8575b7c4eeeddb9645d613e55984d4464de87e386f2b750a7
Opcode Fuzzy Hash: 50bf7a8b61fb33561244fb62fbe830778cfc5fbae6d6dbf7b4a94db2a58f29fa
Instruction Fuzzy Hash: AEC18BF3F2062147F3544978CD583A26682DBA5324F2F82788F9CAB7C9D87E9D0952C4

Function 00CCA5F3 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 987ae02f64f72461d3d6f885bc33e667e8f2ded94a565f11661ac60494c5e306
Instruction ID: 9a7f570d4b708a4bc43eb96779b92c23cf4b2dc3d7e6f8cfd4e926d077508a72
Opcode Fuzzy Hash: 987ae02f64f72461d3d6f885bc33e667e8f2ded94a565f11661ac60494c5e306
Instruction Fuzzy Hash: 34C147F3F5122547F3504879DD983A2658397D5324F2F82788E8CABBC9D87E5D0A52C4

Function 00C0A25D Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c93d57c0ae222e9f2482a7ef0a07e437f19bb4cbb2f8c55e1225bffdc008f6a0
Instruction ID: 7de28bd592037e343c0afe55d59cc19b750ea67b0e2b6b29d4eb09671779d839
Opcode Fuzzy Hash: c93d57c0ae222e9f2482a7ef0a07e437f19bb4cbb2f8c55e1225bffdc008f6a0
Instruction Fuzzy Hash: 3FC158F3F112214BF3544979CD983A265839BD5324F2F82388F996BBC9E87E5D0A4284

Function 00CCE112 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 892d208cbc16d54bc16415a6a1792d10272a4a2e9fd632cd13ba6eb5ac55764a
Instruction ID: a7d12d9b3a42b1ea974ffe6b5a0a3127ad6368a8fb1fe6e1254450b746ddb607
Opcode Fuzzy Hash: 892d208cbc16d54bc16415a6a1792d10272a4a2e9fd632cd13ba6eb5ac55764a
Instruction Fuzzy Hash: D9C17AF7F117214BF34448A8DD983A26582DBA5325F2F82388F5C6B7C6D8BE5D0A12C4

Function 00C09065 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5621ca1277619beaa803e281b849f7d560cbcfb269cb31db877dd26a06a94e21
Instruction ID: f9be8eb5cb3d133fefcf998652f79115be6700c1627f08f53dc29635dd9b4580
Opcode Fuzzy Hash: 5621ca1277619beaa803e281b849f7d560cbcfb269cb31db877dd26a06a94e21
Instruction Fuzzy Hash: 31C17CB3F1122547F3544969CC983A26583EBD5324F2F82788F9CAB7C4D97E9D0A5384

Function 00C42345 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 236d0d6fe7cf39df7969d1e7fe0d330b1b351f40a5ea957822feb9e75bb12e3b
Instruction ID: bada84d8328ee435ae705c71b582c548a439858278c61eaab4ba453b423deb8d
Opcode Fuzzy Hash: 236d0d6fe7cf39df7969d1e7fe0d330b1b351f40a5ea957822feb9e75bb12e3b
Instruction Fuzzy Hash: 05C16AB3F2122547F3584878CD683A26643DBA5324F2F82798E4DAB7C5D87E9D0A53C4

Function 00CE5041 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf55c9a0b246befd2307f415ccf909479037cca142c1d6f4ebd7a0d2c969da21
Instruction ID: ccd5262eb355624c9d676e3e535ab2fa2d14f9435336bf7669939ab09b7f14b3
Opcode Fuzzy Hash: cf55c9a0b246befd2307f415ccf909479037cca142c1d6f4ebd7a0d2c969da21
Instruction Fuzzy Hash: 57C16BB3F516244BF3548C39CD9839265839BD5324F2F82788E9CAB7C5D8BE9D0A5284

Function 00CB04EE Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9db9ab2e4d4ba9bf2856d3c9628f76c7c85d1c45f74b0830787a404224db4842
Instruction ID: 6132eed1d32fc23952d5e83dee618cfb7c8b948f546f838643443f94ef215bdb
Opcode Fuzzy Hash: 9db9ab2e4d4ba9bf2856d3c9628f76c7c85d1c45f74b0830787a404224db4842
Instruction Fuzzy Hash: E8C17BF3F2162547F3544938CD983A22683DBD1324F2F82788F58ABBC9D97E5D0A5284

Function 00CDC6D2 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af4ad0d1d95e78dbed86ca429ff87ef1ab8d27884a4d22caa95158eb7920ab0
Instruction ID: dcf9ac9541e109d3341dfa34496dce0319342649851d8947561bb8e6dd48416d
Opcode Fuzzy Hash: 0af4ad0d1d95e78dbed86ca429ff87ef1ab8d27884a4d22caa95158eb7920ab0
Instruction Fuzzy Hash: 78C169F3F1162547F3544929CC9836266839BE5324F2F82788F8DABBC9D87E5D0A5384

Function 00C94396 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4960dd85751b2847f740c33c8dad09b7d669679c4a0918f7614086a894fce33a
Instruction ID: 006acee54173adb4a57be765aea57e27c4ada42a4a58c02907d5c2484a222793
Opcode Fuzzy Hash: 4960dd85751b2847f740c33c8dad09b7d669679c4a0918f7614086a894fce33a
Instruction Fuzzy Hash: 4BB169F3F1122547F3984879CD683A266829BE5320F2F82788F9D6B7C5E87E5C0952C4

Function 00C7065E Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f09f9fa41de427de95ef031644833149c28c228ef2df8e84fc993574f8abd894
Instruction ID: 1239bcd9dd897547a55281ebd32ebd8ee37386552b1733b3b10f94279f305ba3
Opcode Fuzzy Hash: f09f9fa41de427de95ef031644833149c28c228ef2df8e84fc993574f8abd894
Instruction Fuzzy Hash: EEB179F3F6122147F3584929CD583626683ABE5324F2F82788F4DAB7C5D87E9D0A5384

Function 00BCD09D Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c3a1aa5b0ea0ea6ca4b633642a40bda425a4624ee208fa40d4c41ceee25502
Instruction ID: 4580fea73f304c9eff36c7db2b61a1558451d1d59df1f520e9131d1492afa8bf
Opcode Fuzzy Hash: 93c3a1aa5b0ea0ea6ca4b633642a40bda425a4624ee208fa40d4c41ceee25502
Instruction Fuzzy Hash: E8B18CE7F5062447F7484829DDA83A62583EBD5314F2F82788B899BBC9D87E5D0A4284

Function 00CD662D Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b590e8608108acee9cbdb0dc6f82ed2d5c2cb6320d7df8dc912553ddd76da976
Instruction ID: 389ebb84f6a3cea38b6e8324c3b6dda856a25c19b45b15c441308441390cf902
Opcode Fuzzy Hash: b590e8608108acee9cbdb0dc6f82ed2d5c2cb6320d7df8dc912553ddd76da976
Instruction Fuzzy Hash: 1BB19AE3F1121547F3484839CD683626683E7D5314F2F81398F5AAB7C9D87E9D0A8384

Function 00D063BD Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13fdecd0c0ae6a47f7e3c4de44e6d610aff369de74125dcfb7c876645cfe74b3
Instruction ID: c88f91c1c62af5e7bbd25ddef956c6c1b94c4ebaa847980491e02be7aa23e1ed
Opcode Fuzzy Hash: 13fdecd0c0ae6a47f7e3c4de44e6d610aff369de74125dcfb7c876645cfe74b3
Instruction Fuzzy Hash: A4B179F7F5122647F3584879DC9836266839BE5324F2F82788F8CAB7C5D8BE5D064284

Function 00C04128 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51e625086f9d321732e7560787ef1929aa93f2265bb63b92eedbf643697fe72c
Instruction ID: c8331b343d92abd519db9d38bc5bff367d8ee9746f33971e6982c56e25c8083c
Opcode Fuzzy Hash: 51e625086f9d321732e7560787ef1929aa93f2265bb63b92eedbf643697fe72c
Instruction Fuzzy Hash: AAB18BB3F1122587F3544D38CC58362B693ABD5320F2F82788E5CAB7C5D97E9D0A5284

Function 00D0C655 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 334a21a63301b388d432a9bd1271a1e5ed9765a8911d21b158875beeb2707666
Instruction ID: 23047d39acda2f2d9fa62b42af83b6ba5c61f11e92468982d5f11f1cddb81230
Opcode Fuzzy Hash: 334a21a63301b388d432a9bd1271a1e5ed9765a8911d21b158875beeb2707666
Instruction Fuzzy Hash: F0B16CF3F1022687F3544939CD983626543EB91314F2F82389F59AB7C5D97E9E0A5384

Function 00C3E59A Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46c22d8c2d44513fe3edeb95ae29ee11b9481e24db3cd22dae35df82fe1932df
Instruction ID: 8a4f17bbbcfc81345352b086c77d4f78a30fa61a1beb9939c6427a1cdc12b226
Opcode Fuzzy Hash: 46c22d8c2d44513fe3edeb95ae29ee11b9481e24db3cd22dae35df82fe1932df
Instruction Fuzzy Hash: 84B16DF3F1162447F3544838CDA93A225839BE5324F2F82788F9D6B7C5E87E5E095284

Function 00D12332 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cfdfd4379b978767a5dad6b61a456c99784337d7eb46acd22bb39398a04022f
Instruction ID: 9c8f76f07c109e7407fff8c5f15457c4467051dd6ed7cebe58fa6a9ec35bc377
Opcode Fuzzy Hash: 9cfdfd4379b978767a5dad6b61a456c99784337d7eb46acd22bb39398a04022f
Instruction Fuzzy Hash: 8CB149F3F1162447F3584839DD6836265839BA1324F2F82788F9DAB7C9D87E9D4A4384

Function 00BEA514 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce4476cc555bfe270d6e283e408069f76e8a47707e902ffa151d47456a119867
Instruction ID: a3c795302679b0dde579a65fce5367f6b2bac5ea8088cd1ec33294d64898fc4c
Opcode Fuzzy Hash: ce4476cc555bfe270d6e283e408069f76e8a47707e902ffa151d47456a119867
Instruction Fuzzy Hash: F9B168F7F2262547F3484869CC583626543D7E5324F2F82788F8DAB7C5D87E9C0A5288

Function 00C8252E Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d302137112460688e5f0bd58ab1544fc1da79806c99c65c92be5af9e8b123211
Instruction ID: c41986bbda7d9d99bc790c1c30c8dbd03b4e011de75c3f3d29eabc350491ae82
Opcode Fuzzy Hash: d302137112460688e5f0bd58ab1544fc1da79806c99c65c92be5af9e8b123211
Instruction Fuzzy Hash: EFB109B7F111258BF3544A29CC583617693EBD5324F2F82788E8C6B7C5D93E6D0A9284

Function 00C12307 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6c670ee07550560b99fbede5301788787e3e39f0f36eb8577d4debf0bd162a9
Instruction ID: 2e895028a3689dafee2e61323f5849257e7e21c986756d4c95c6bded5a486723
Opcode Fuzzy Hash: e6c670ee07550560b99fbede5301788787e3e39f0f36eb8577d4debf0bd162a9
Instruction Fuzzy Hash: 88B177F3F5162147F3584878CCA83A26682DBD5314F2F82788F4DAB7C5D8BE5E0A5284

Function 00C2254A Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d459b1f26cc01a55cb6c431584c1cecd10b92ac923616fee8364adf53062b8f
Instruction ID: 98465e063f084fdef34035ecbc92c1d74122b26a29c40bfaf570f36360316728
Opcode Fuzzy Hash: 7d459b1f26cc01a55cb6c431584c1cecd10b92ac923616fee8364adf53062b8f
Instruction Fuzzy Hash: CAB18BB3F1122587F3584D29CCA8362A683DBD5324F2F42788F5D6B7C4D97E6D069284

Function 00BD645A Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc784f75cc950e1e11ec5611c6fa2cd23a3fc4ffa82d5dcb76af0d86bce0a55
Instruction ID: 8b4c5b10e588fa358c37f35628d702f5f79ece102fd3d1032b4a1c5f34506dc0
Opcode Fuzzy Hash: abc784f75cc950e1e11ec5611c6fa2cd23a3fc4ffa82d5dcb76af0d86bce0a55
Instruction Fuzzy Hash: B9B1AFF3F106244BF3544869CD693626583DBD5324F2F82788F8DAB7C6D87E5D0A5284

Function 00D1C5C7 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2a95c29daa29447ef473be4ba021873d12f871acf0ccf337838f9b51c22f7f2
Instruction ID: 296e4d7b4d287fbcaf1702e9804df6da2bfd107cef5505338a6062ec9afc02ff
Opcode Fuzzy Hash: d2a95c29daa29447ef473be4ba021873d12f871acf0ccf337838f9b51c22f7f2
Instruction Fuzzy Hash: B8B18AF3F5022547F3584879CD693A2A5839BA5324F2F82788F5CAB7C1D87E8D0A52C4

Function 00BDE10D Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3b514f91e31d0915c62e114a134e96a3aac2e1d0e202e4228b08255db69367f
Instruction ID: 27e9ab50894f77150c84a7c5cef9320d8f6bc017c70963614d0151255052bb7e
Opcode Fuzzy Hash: f3b514f91e31d0915c62e114a134e96a3aac2e1d0e202e4228b08255db69367f
Instruction Fuzzy Hash: 2CB18CF3F5162547F3444868DC983A26583D7E5324F2F82788F5CAB7C9D87E9D0A5288

Function 00D005F5 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ead1d74a2ea4dedbe8546ce743c5a2fefa7a3f39004c8ff4176dda5fa665f3
Instruction ID: ffd96bc8c37a81f47d3d2b037bbe3e7d63445cadaa19736833db73478d32b6ce
Opcode Fuzzy Hash: b0ead1d74a2ea4dedbe8546ce743c5a2fefa7a3f39004c8ff4176dda5fa665f3
Instruction Fuzzy Hash: 73B19DF3F1122547F3544978DCA83626682EB95314F2F82788F4C6B7C5E97E5D0A9384

Function 00BD44A3 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f4408562841af5865f8136899fd30bbe87e0de4d5e23cae94156ebf2104abd6
Instruction ID: 1a5a331a62396789c3b317c766aeafa0591dc273c15789bdfd9cf615affdaa2f
Opcode Fuzzy Hash: 1f4408562841af5865f8136899fd30bbe87e0de4d5e23cae94156ebf2104abd6
Instruction Fuzzy Hash: 30B147F7F1162547F3444829DD983626583DBE5325F2F82388F5CAB7C9E87E9D0A4284

Function 00C07188 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f4db3d5c949be2e094f1b65157651baa761eaa948dbbcf9608d62feb849b1bd
Instruction ID: 82ca31f7921a91fe95965f379026d5294293df6fb8a0d2fac47ed1ff7aaa96ec
Opcode Fuzzy Hash: 3f4db3d5c949be2e094f1b65157651baa761eaa948dbbcf9608d62feb849b1bd
Instruction Fuzzy Hash: 9EA16AB3F1022547F3444979DD983A26582EB95324F2F82788F9CABBC9DC7E5D0A5384

Function 00BDD01D Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9f2ff55aed06bcf3a12f193a6913dcae85efca1ba08b444bc4a6a59210e772
Instruction ID: 69f0d5be21c40e43f46eacfc89ffe4c9a96364c9d7dc9f341dad45af5e13e5b5
Opcode Fuzzy Hash: df9f2ff55aed06bcf3a12f193a6913dcae85efca1ba08b444bc4a6a59210e772
Instruction Fuzzy Hash: A8B19FB3F2162547F3444938CD683616683DBD1324F2F827C8E896BBC5D97EAD0A9384

Function 00C52441 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e102a744940a7f6fa319ca2b2bde337366a60b8629ac7896cf385c052dd721a
Instruction ID: 30c00afd602bcbe643b24da72ffa4089afc734b127d6d88d750a7f5945931131
Opcode Fuzzy Hash: 5e102a744940a7f6fa319ca2b2bde337366a60b8629ac7896cf385c052dd721a
Instruction Fuzzy Hash: CFB19EF3F112148BF7044D29CCA43617683EBE6324F2F42788B595B7C9E97E5D0A9288

Function 00C50455 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8b6b443b71745bb10aedf69b551c3b0ce44af97cf66acbc43bac87f4bfbc682
Instruction ID: c32a31f8da1a1ef5c229e2d466b13f96eabbe56b18d65f5d2dc6f8f720474a8e
Opcode Fuzzy Hash: a8b6b443b71745bb10aedf69b551c3b0ce44af97cf66acbc43bac87f4bfbc682
Instruction Fuzzy Hash: 19A179F3F5062547F3544969CCA83626683DBE1324F2F82788E8D6BBC5D87E5D0A52C4

Function 00CC70C9 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e718f82d146fb637d7bcd255af6b90ac34628aadb90d8b8b1398fa1226ce82d
Instruction ID: d9d6646405133ce58078e3b4ad0c7c62817650a492c779e8850636173be66364
Opcode Fuzzy Hash: 5e718f82d146fb637d7bcd255af6b90ac34628aadb90d8b8b1398fa1226ce82d
Instruction Fuzzy Hash: 69B18DB3F111258BF3504A28CC583A27693EB95324F2F4278CA4CAB7C5D97E9D099784

Function 00C9C187 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c580f9288e3a79fc8ef875905870c77810e5dce3298ddef86d636fd794c8210f
Instruction ID: 3410c54d97840e36374bc1d00c9b71c02aa3618dc71fb08484ab1fa601348cb3
Opcode Fuzzy Hash: c580f9288e3a79fc8ef875905870c77810e5dce3298ddef86d636fd794c8210f
Instruction Fuzzy Hash: 19B189B3F106254BF3584928CCA83666642DBD5324F2F82788F8D6BBC6D87E5D0A53C4

Function 00CE45DD Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ef189f8eb3c79bc79be788b5567283a5dd0d2a084515ba8897c94a67046d962
Instruction ID: 2baa0e6d2cb004fa1a4d6aca799891b1aff1e6adff1b37f9a8c0e25f7874519d
Opcode Fuzzy Hash: 8ef189f8eb3c79bc79be788b5567283a5dd0d2a084515ba8897c94a67046d962
Instruction Fuzzy Hash: 40A18BB3F1112647F3584D38CD683A26683DBD5324F2F82388B99AB7C5DD7E9D069284

Function 00CA46C5 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c38db8202a72373feb977c234c1ce9e4285ab23fbd0f326019c30e1aa691e631
Instruction ID: 49d920e0cdcd90cb55cf977fe4b1603ae298c9f974dc93601bd007300965d964
Opcode Fuzzy Hash: c38db8202a72373feb977c234c1ce9e4285ab23fbd0f326019c30e1aa691e631
Instruction Fuzzy Hash: D4B157B3F1112647F3544D78CC683A266939BA2324F2F42788E8D6B7C4D97E5E4A93C4

Function 00C2507B Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83aa4ed1ee650e476c68d2eb95948a35095cee7d599548ebc350747b40051c59
Instruction ID: ba02a974a901a07dfad78ce6b890a7d66782d1f3348e8965a534bc0e81637985
Opcode Fuzzy Hash: 83aa4ed1ee650e476c68d2eb95948a35095cee7d599548ebc350747b40051c59
Instruction Fuzzy Hash: B4A157F3F2162547F3544928CCA83A16642EBD5324F2F82788F89AB7C9D97E9D095384

Function 00C4D02D Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418ae6c482bcb886fc89ed065018b46d6f773e7a8724c40a17b87694d2b28b24
Instruction ID: 44da32252ea47f83b95c35934f143e96304adb4dfb5392e149b947b6ac145bd1
Opcode Fuzzy Hash: 418ae6c482bcb886fc89ed065018b46d6f773e7a8724c40a17b87694d2b28b24
Instruction Fuzzy Hash: 3EA148E3F1122547F3584878CD683626683EB91324F2F82789E5DAB7C9D87E9D0A5384

Function 00C5C141 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28fc7e664de59de0d9a9839dde1d799ccc0cc0ddc40a7e4139209c621c84106e
Instruction ID: 9ca781f1e37ab432abbab4771335a29f0b6f16d5276811ab86f7ea96fed835e7
Opcode Fuzzy Hash: 28fc7e664de59de0d9a9839dde1d799ccc0cc0ddc40a7e4139209c621c84106e
Instruction Fuzzy Hash: 0CB16AB3F1122547F3504E29CC643627683DBD5724F2F82789A986B7C8D97E6D0A53C4

Function 00C5E25A Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 752467b87b690bb826d80ed387d73d47e49cea8b117e3814446420becdd617ae
Instruction ID: 7e24c12e7b3356e98ff918c4e33cd81167a858e0d639c5bc03b1f676edc4ae9a
Opcode Fuzzy Hash: 752467b87b690bb826d80ed387d73d47e49cea8b117e3814446420becdd617ae
Instruction Fuzzy Hash: 68A178B3F1122547F3444938CDA83A26683EBD5324F2F82788E4C6BBC9D87E5D0A5384

Function 00CDE1E5 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81910c098254f6af121c58e8da79d6be9895b460de9e225b160c8f9d4f378cf7
Instruction ID: a604b95f7e00534213610822c069bdd9012c2157019ecc656659f574fb900186
Opcode Fuzzy Hash: 81910c098254f6af121c58e8da79d6be9895b460de9e225b160c8f9d4f378cf7
Instruction Fuzzy Hash: C2A17DB3F116264BF3544878CD9836265839BD5324F2F82388F5CABBC9D87E9D0652C4

Function 00BCC390 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c381065d798f77b8391532a2256ec33f6a78fbffe9d4b342b9a19e459c732bc
Instruction ID: daa0d9425062ec567b55c6722ce5366c9260b04e79d8e779acf8e73aaa59b1af
Opcode Fuzzy Hash: 3c381065d798f77b8391532a2256ec33f6a78fbffe9d4b342b9a19e459c732bc
Instruction Fuzzy Hash: 3DA18BB3F116254BF3484D28CC683B26683EBE5324F2F417C8B5A9B7C5D97E5D0A5288

Function 00BDA2FA Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c312465de91c016762f005fa7dd728a7ed5523c20e8250453eeae97b5e4886a7
Instruction ID: db1e9b335707b5a7d72a46fd7a5820ba117cd5ec8b849b1d45da1350b5600590
Opcode Fuzzy Hash: c312465de91c016762f005fa7dd728a7ed5523c20e8250453eeae97b5e4886a7
Instruction Fuzzy Hash: 21A17BF3F2122547F3944939DDA83626683DBE1324F2F82388F996B7C5D87E5D0A5284

Function 00CDC05A Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89da7e2d14f2d61e25ba731fc3eca171b9603cec3de657885d2904f0fe3c9ebb
Instruction ID: 9b6c81370f1e1b031c2a650abcad48f197458cc1aa0f2d4443a9f7771ee6b215
Opcode Fuzzy Hash: 89da7e2d14f2d61e25ba731fc3eca171b9603cec3de657885d2904f0fe3c9ebb
Instruction Fuzzy Hash: D3A188B3F1122147F3444968CCA83A26642EBD5314F2F81788F896B7C6D9BE6D0A93C4

Function 00CF42F6 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23de87e222d4d6e8585c070fd80a8bfb52b18cbb68128298dda8d1c34b259bf8
Instruction ID: f667705a70466c280db5980489db1659b2c768aa9a70b9f0c6189158cf2ae020
Opcode Fuzzy Hash: 23de87e222d4d6e8585c070fd80a8bfb52b18cbb68128298dda8d1c34b259bf8
Instruction Fuzzy Hash: 16A19BB3F112244BF3544D29CC983626683DBD5325F2F82788E9CAB7C9D97E9D0A5384

Function 00CE63EC Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c003248f2847719585936d4c7fd96f8015206ab8e5a71b6cd2a5e861747f7e6
Instruction ID: 98277a6e366177717ef10ba36d5a006b292af8e840b2d40840bbe0466d3772b7
Opcode Fuzzy Hash: 4c003248f2847719585936d4c7fd96f8015206ab8e5a71b6cd2a5e861747f7e6
Instruction Fuzzy Hash: 09A17BF3F511214BF3544939CD583626683DBE5314F2F82788A88ABBC9D87E9D0A9384

Function 00C862F5 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e7f6450cefb0438a51204d8cf3e2f8465737035a9ea4b77b23a0e39bb2baae5
Instruction ID: 51439431e123980381ce587ba502e2d08f29dd16665504058d44877bc9e23197
Opcode Fuzzy Hash: 1e7f6450cefb0438a51204d8cf3e2f8465737035a9ea4b77b23a0e39bb2baae5
Instruction Fuzzy Hash: F0A17DF3F1022547F7484928CCA83616692DB95324F2F82788F8DAB7C5E97E5D0A9384

Function 00BF06BD Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14ac208590c5d08c27ddcec3d197bd34d643c70f7b97cd3d145cd06e7fd67fea
Instruction ID: 67cca3f74d350f9271e8ff5d3c8dfce55d4194dcf6310fc3ceabf6817210104c
Opcode Fuzzy Hash: 14ac208590c5d08c27ddcec3d197bd34d643c70f7b97cd3d145cd06e7fd67fea
Instruction Fuzzy Hash: 45A168B3F1162547F3584939CCA83A266829B95324F2F827C8F9D6B7C5EC7E1D0A52C4

Function 00BFD1A6 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 754b70c822ef1203f4a608fa6d54a07334be3dee5e728a605f2f7418586a867e
Instruction ID: b542b72e3a7e1369f7fe46615afc1aed2475966d0c2b5a1e25fe57fe5e6ac639
Opcode Fuzzy Hash: 754b70c822ef1203f4a608fa6d54a07334be3dee5e728a605f2f7418586a867e
Instruction Fuzzy Hash: 73A169E7F1162547F3448879CD98362668397E1325F2F82788F9C6BBC9EC7E5D0A4284

Function 00D146FE Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f14677666e3138b6c1ccd7c062d8aa9aea31012ab66e2862c3759ce943390e58
Instruction ID: a3c27277796a65d88e9e49449de782a08cff015cea5d6aeaafe126ab869e5ea4
Opcode Fuzzy Hash: f14677666e3138b6c1ccd7c062d8aa9aea31012ab66e2862c3759ce943390e58
Instruction Fuzzy Hash: 56A16CB3F1022447F3548D38DC983A27692DB95324F2F82788E8CAB7C5D97E5D099384

Function 00BF61B5 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bfbea7fd14f52fff1be7c1b30d1fe8aecc496477d67d1af194d7f324ecfa9cd
Instruction ID: 0d90c7766168dbdd593f014d621d44ac0d288b7452829a1edac6d57adbe16552
Opcode Fuzzy Hash: 9bfbea7fd14f52fff1be7c1b30d1fe8aecc496477d67d1af194d7f324ecfa9cd
Instruction Fuzzy Hash: 93A17FB3F1022547F3544879CD583626683DBD5315F2F82788E5C6BBCAD87E9D0A5384

Function 00BCA0A8 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382fb296fc8d28d0db5d657dd4680f4fb36a5d91157bce536a10e2868e3dabf4
Instruction ID: 59aecd64c281c32986e1357a2297654654207bc2f39f74a54fde8e9dacc8e2dd
Opcode Fuzzy Hash: 382fb296fc8d28d0db5d657dd4680f4fb36a5d91157bce536a10e2868e3dabf4
Instruction Fuzzy Hash: C9A1AEF3F5162547F3484878CD693626582DBA4314F2F82398F4EABBCADC7E9D095284

Function 00C6A6FF Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d5c47cc9852f8fefaec4f795a0be532a2ff562074996f20f76395202868b315
Instruction ID: 9d4e792235e91015572616d6358e4283353b8b86224c4375c3ec09805f908d01
Opcode Fuzzy Hash: 6d5c47cc9852f8fefaec4f795a0be532a2ff562074996f20f76395202868b315
Instruction Fuzzy Hash: DBA169F7F116254BF3444939CDA83A226839BD5314F2F42788B4C6BBC9D87E5E4A9284

Function 00C480A5 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab6b0dd45b3ffd60e9ff7ca0b3f286e850928970549e7bd77d6304de5c683f7
Instruction ID: d3c812056f8d5f698cb5b86c1b3767c13795b2e0edd7040eacd3b63fe9a6e060
Opcode Fuzzy Hash: 7ab6b0dd45b3ffd60e9ff7ca0b3f286e850928970549e7bd77d6304de5c683f7
Instruction Fuzzy Hash: 06A18DF3F1122587F3444D78CD983626682E7A5324F2F42788F58ABBCAD97E9D064384

Function 00C8A608 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1eb91942702c1304623fb86405d1dd8c67aefbef58b0cb943557f804774fea0
Instruction ID: b2a2d211a4b94c63013705bf9dcdfb6c014865631d3e7847158c88825741399f
Opcode Fuzzy Hash: c1eb91942702c1304623fb86405d1dd8c67aefbef58b0cb943557f804774fea0
Instruction Fuzzy Hash: 8CA16AE7F1162547F3484979CDA83626583DBE5320F2F82388F9D6B7C5E8BE4D0A5284

Function 00D084EF Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eb734d9e7a5c9770365d95e8be8fa1c53359d50bfebea97b0c10ab48787226f
Instruction ID: c41c6a9d755597da29333ad936e548cbed7962db5e3ae5dedf6096f98fe78e96
Opcode Fuzzy Hash: 5eb734d9e7a5c9770365d95e8be8fa1c53359d50bfebea97b0c10ab48787226f
Instruction Fuzzy Hash: FFA17CB3F202254BF7544D79CC583626683DBD5320F2F42388E8DAB7C9D9BE5E0A5284

Function 00BE639A Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e6ea2b853b584fc4d95d71898b9f6665931d61c58c770355b6ad0ef017c6650
Instruction ID: 9e30ccdd51ea7be9831776740cc7b0ff8e957dad9afb059d70b75a7990d7754a
Opcode Fuzzy Hash: 0e6ea2b853b584fc4d95d71898b9f6665931d61c58c770355b6ad0ef017c6650
Instruction Fuzzy Hash: A6A14AB3F116254BF3904929CC983A27683ABD5324F2F41788E9C6B7C5DD7E6D0A5384

Function 00BE02FA Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e702f34f40753c8651763abbb5f9a5dfd8f387b8ba01876ce9e02b28be5fd2c
Instruction ID: 52fb4d07125dde60f2a504402e66de176ce6b158189086f33a24caa3be73f915
Opcode Fuzzy Hash: 2e702f34f40753c8651763abbb5f9a5dfd8f387b8ba01876ce9e02b28be5fd2c
Instruction Fuzzy Hash: 29A17EB3F1162447F3044939CC583A27683DBD5715F2F82788A9C9BBC9D87E9D0A9384

Function 00CDD1E4 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b862faff9a5072fa16bc90766cb22e1b867b8aac33304bbe6b0691eca9e9914
Instruction ID: 718ec6e82bb530e875c625e87b3be7d8952546186e69662f4b5ccd2c8868f296
Opcode Fuzzy Hash: 7b862faff9a5072fa16bc90766cb22e1b867b8aac33304bbe6b0691eca9e9914
Instruction Fuzzy Hash: AFA15CF3F2122547F3444978CD983626683DBA5314F2F82388F58AB7C9D9BE9D0A5384

Function 00CF61B1 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e92170731dd2a00c8124dd41acd54d5e4ccd31219cda7ef06177f08e57c095af
Instruction ID: 53095f8a3b93f8a8f163b59c9a572daac271a11fe896464eef0268f3b71f2735
Opcode Fuzzy Hash: e92170731dd2a00c8124dd41acd54d5e4ccd31219cda7ef06177f08e57c095af
Instruction Fuzzy Hash: 52A1BDF3F1122487F3444A68CCA83A17693EB96724F2F41788F49AB7C5D97E9D099384

Function 00C6C3FB Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32797bf25960dc4a5d0a3434cb145fd1a89c4eac07f3484ba23c2617ff6b9a74
Instruction ID: e3204459dc8f75b320f12dbfc2cceb893659d2d41cc89431e11b19658870a146
Opcode Fuzzy Hash: 32797bf25960dc4a5d0a3434cb145fd1a89c4eac07f3484ba23c2617ff6b9a74
Instruction Fuzzy Hash: 19A19AF7E112364BF3544974CC58362A643ABA1324F2F82788E9C6BBC5D97E5D0A93C4

Function 00C604D3 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2eb2c390d6917645faafd5eb12d54972900156acfd50adb42b97862d2c1b70
Instruction ID: 60c8f835a38265b82a13aace197588027d387d9b4378ef6095bd16ca38aadd9c
Opcode Fuzzy Hash: ec2eb2c390d6917645faafd5eb12d54972900156acfd50adb42b97862d2c1b70
Instruction Fuzzy Hash: 91A14DB3F5122547F3544D29CC583A27683DBD1325F2F82788F98ABBC5D93E9D0A5284

Function 00D1118C Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a555795f3edc72e9ac6a8a5415d1b60ab51d9645f1463d767690535bdb231b62
Instruction ID: f9b4b475adbab309779e57c81ff9988afdf33aba7860938d9917c17d3176a6a8
Opcode Fuzzy Hash: a555795f3edc72e9ac6a8a5415d1b60ab51d9645f1463d767690535bdb231b62
Instruction Fuzzy Hash: 9DA19CF3F1122547F3484979CC6836666839BE5321F2F82388F5D6BBC9E87E5D0A5284

Function 00C746B9 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52089ff06b573a7b5fab8862b8a17adcb989496e713b6c40819b3fb06ec597f0
Instruction ID: 1a3ca9e8ee1aec7cb07593c603f1912ed6171925de6538f218868a1519d2d3e1
Opcode Fuzzy Hash: 52089ff06b573a7b5fab8862b8a17adcb989496e713b6c40819b3fb06ec597f0
Instruction Fuzzy Hash: 4EA158F3F112254BF3544879CD5836265839BD5324F2F82788F5CAB7C5D8BE4D0A4284

Function 00BD4019 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 549c32afe6d2224d490523c9f7c4eae938c511712b8d38619a46300497541f0e
Instruction ID: dcf605aa02e5b71ae8bddae98923a274001566b32f72fa98bf45d92c9f923bd4
Opcode Fuzzy Hash: 549c32afe6d2224d490523c9f7c4eae938c511712b8d38619a46300497541f0e
Instruction Fuzzy Hash: EA919BF7F112204BF3584C78DC583626582EBA5324F2F82789F5CABBC8D87E5D094284

Function 00CA64AA Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5035ea63fec79bccc87cb4b2cc703743f74ebd90585445d775153643d2ba64cf
Instruction ID: ed64b67c8fcf03e4014aa227637ca268830fc3d9c05476cad79f746722f49f30
Opcode Fuzzy Hash: 5035ea63fec79bccc87cb4b2cc703743f74ebd90585445d775153643d2ba64cf
Instruction Fuzzy Hash: 9BA15BB3F112258BF3404D69CC983A17653EBD1324F2F81788E886BBC9D97E5D1A9784

Function 00C9A5CD Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 964b5982cd5d060614b674f91af7abe3e71068734e972a3166d324e7da3d0c10
Instruction ID: 3d0f0d581aeb92bb4ed46a5eba6057eb1707ffec82180557bcf8b915ead536f1
Opcode Fuzzy Hash: 964b5982cd5d060614b674f91af7abe3e71068734e972a3166d324e7da3d0c10
Instruction Fuzzy Hash: 48917FF3F206214BF3544968CC9936265829BE5324F2F82788F5CAB7C5D8BE9D0953C8

Function 00C46574 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad4e3ef1e535ff66690406a38045f99406ced3da98ceceb8b4ed81901b4f3cc7
Instruction ID: 999f78841049ba47de5dfe97a47083ec9b7e50d59d544709e43dcac1474cf675
Opcode Fuzzy Hash: ad4e3ef1e535ff66690406a38045f99406ced3da98ceceb8b4ed81901b4f3cc7
Instruction Fuzzy Hash: 9C916CF3F1122547F3484879CD5836166839BE5324F2F82788F5DABBC9E87E4D0A5284

Function 00CCC2E1 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8ae7b78be07c24f3191beda37014b516437695995fc483d0fb7c7872ec463f0
Instruction ID: 5f7c341e8d6841d299f5e6fc4f23e39b031190062f47ddfd8efb23146549200a
Opcode Fuzzy Hash: f8ae7b78be07c24f3191beda37014b516437695995fc483d0fb7c7872ec463f0
Instruction Fuzzy Hash: FDA178E3F5122187F3544D24CCA83A12283EB95325F2F82789F996B7C9D97E5D068384

Function 00C302E1 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a91c69699150a6ea5bc1456a571d9cb04a1acce0a5859a10fa8232bddc6547c4
Instruction ID: 741de5a316322cef614d27c3df1e30b87e28c2081c284450ccc88e921abd593e
Opcode Fuzzy Hash: a91c69699150a6ea5bc1456a571d9cb04a1acce0a5859a10fa8232bddc6547c4
Instruction Fuzzy Hash: 5EA15BF3F216254BF3544968CDA83612682DBE6324F2F82789F9CAB7C4D87E5D095284

Function 00BF86B6 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b716d3844a93ac2833a2b2395b30538eea1aaf587a64f16fb755b08b1288f45f
Instruction ID: 72af9043e0f8ace80d90ca7db7fdb7119f5fb26ebe7378128067e51203efb90a
Opcode Fuzzy Hash: b716d3844a93ac2833a2b2395b30538eea1aaf587a64f16fb755b08b1288f45f
Instruction Fuzzy Hash: E7916AF3F6162547F3484879CD583A2658397D5320F2F82788E4CABBC5DC7E9D0A5288

Function 00C510FC Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b81a10c4ccee3f220cd4b56265a57c6da94c6798046d60352921c891cdf3c762
Instruction ID: d3fc0646b1e8719bc3aa73eca41ed2794df2f285c4bbbb93d37cecd59b1fe321
Opcode Fuzzy Hash: b81a10c4ccee3f220cd4b56265a57c6da94c6798046d60352921c891cdf3c762
Instruction Fuzzy Hash: 1AA1ACB3F102214BF3544939CD993627682DB95320F2F82789E9CAB7C5DC7E9D095384

Function 00CD20BB Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 438f27c39ea73f904cd6e8db84834c3426afe0a9dcbe5aa2ce0df09088bfb699
Instruction ID: d0c43e0f3e0d379f4ddb578767ebb0b3dd75438698363169458dc992e0ec091a
Opcode Fuzzy Hash: 438f27c39ea73f904cd6e8db84834c3426afe0a9dcbe5aa2ce0df09088bfb699
Instruction Fuzzy Hash: 3D916AF3F1122547F3444839DDA83626583DBE5325F2F82388B98ABBC9DC7E5D0A5284

Function 00C2403D Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00916c75a167c2b3db157d5a749b0fcf6dfdda6d8dc028407ea18a548661517b
Instruction ID: 07a61690e79e519a56e2cc95cc38d3f385db92625879bf83f4ff06d005489336
Opcode Fuzzy Hash: 00916c75a167c2b3db157d5a749b0fcf6dfdda6d8dc028407ea18a548661517b
Instruction Fuzzy Hash: 6A91ACB3F116254BF3944929CC993A26283DBD5324F2F82788E9CAB7C5D87E5D0A53C4

Function 00CE835C Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16c2bf152feab3789c8743f2a9e9ef26e1a27cfffe5204dfbea57e7bd3ec23fe
Instruction ID: 645a0e435bb1819321301f11d81ffb10909e502941ec64ed4982169e71cdced4
Opcode Fuzzy Hash: 16c2bf152feab3789c8743f2a9e9ef26e1a27cfffe5204dfbea57e7bd3ec23fe
Instruction Fuzzy Hash: E4918AB7F2112547F3544E28CC583A27652DB95314F2F82789E8CAB7C4D97FAD0A9384

Function 00CCA194 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3264a0652f128b45bca55236d68e8d86fb03e140be2e2191b4ed1bb4b7d2d654
Instruction ID: 8f54010b67bd94e6a3fc40161f9b2ce5291aded730370db30c48d8d45bb4d175
Opcode Fuzzy Hash: 3264a0652f128b45bca55236d68e8d86fb03e140be2e2191b4ed1bb4b7d2d654
Instruction Fuzzy Hash: 87918DB7F212254BF3544D68CCA83626283DBE5325F3F82388F586B7C9D97E5D0A5284

Function 00C2A659 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cc20e68712c753df2e6c970ac059543ad692debd21710f763d74d356bbf6c6b
Instruction ID: 414fce1eecb8520d82555fb5c5663b5f5d0106046e3ed5e639a7b0ae6d2d0be2
Opcode Fuzzy Hash: 5cc20e68712c753df2e6c970ac059543ad692debd21710f763d74d356bbf6c6b
Instruction Fuzzy Hash: 469147F3F5162547F3544839CC5836266839BE1324F2F82788E9CABBC9E87E5D0A5384

Function 00CA51F3 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c4692a776cc7ffb5db51960585ae255d736596c4523223c0965a7b98a83a5ca
Instruction ID: c8470ad9454d9b4458a2d380a72314d2de760bfc15c4fa82a45273e3d682d87f
Opcode Fuzzy Hash: 7c4692a776cc7ffb5db51960585ae255d736596c4523223c0965a7b98a83a5ca
Instruction Fuzzy Hash: D6913BF3F1162447F3444929DD983626683E7E5324F2F82788F5CAB7C6D87E9D0A5288

Function 00D16117 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2395a687e64b87deed301ea02968518e5434ea363cdaf970485fae1b477a28d4
Instruction ID: 3d64248eaabfd61a38a456b66a72d11d802a9ae651e1965b23b288bca8996760
Opcode Fuzzy Hash: 2395a687e64b87deed301ea02968518e5434ea363cdaf970485fae1b477a28d4
Instruction Fuzzy Hash: 089179F3E1163547F3544968DD983A1A692ABA1324F2F42388F9C7B3C1E97E9D0552C4

Function 00C4C6D2 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c132c61a43d34ba81b6198c0566df0425bb939000bd5dd76275ec4ef253229db
Instruction ID: 9615dfa997c3643f9a5ea0dbb81589a030ff45298897be8e10130befd673e829
Opcode Fuzzy Hash: c132c61a43d34ba81b6198c0566df0425bb939000bd5dd76275ec4ef253229db
Instruction Fuzzy Hash: DB919CF3F1122587F3444978CD983666692EB95320F2F42388F5CABBC9D9BE5D094388

Function 00CBF1CC Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5af318c8098ae643039992e313a299630c342268cbca374c4adac11124f1c0cc
Instruction ID: a6e789048e93712420c268f95dec42434174d9e9b2a4eabd4cb21809b4fab911
Opcode Fuzzy Hash: 5af318c8098ae643039992e313a299630c342268cbca374c4adac11124f1c0cc
Instruction Fuzzy Hash: D4915BF7F116254BF7444928DC983627683EBD9314F2F81388B889B7C9E97E9D0A5384

Function 00BFC281 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9799223515a3c5143f528136cb4a6351d260af11eae3e970e8d47653f825a131
Instruction ID: f6877e36f7e7bf63eaf7a7ec4eb79e9c2ebb7adf229cd7ce9aa442e80a581edf
Opcode Fuzzy Hash: 9799223515a3c5143f528136cb4a6351d260af11eae3e970e8d47653f825a131
Instruction Fuzzy Hash: 099179F3F1022547F3544938CD983A26683DBA5324F2F42788F9C6B7C5D87E5D499284

Function 00C8E0ED Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155083358958d856053bf42a2bc0377323a56ea50f8656258802c93cb4934b99
Instruction ID: d39e7d446e894a1135b54f084fcb9b6338da5c95faffb46da9057ba2b6b878d6
Opcode Fuzzy Hash: 155083358958d856053bf42a2bc0377323a56ea50f8656258802c93cb4934b99
Instruction Fuzzy Hash: 16915BB3F1122547F3944979CD983A266839BD5320F2F82388F9CA77C5E97E5E065288

Function 00CC1065 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 704af7a4d08024ca5ace7a11ee27db98068fb27e29fe6bb0e1e12ff8b48095ee
Instruction ID: a2ff0d219056c1ce986edfebad20ccbf64efe6accf5ee6e2fbb60ca3683dabe3
Opcode Fuzzy Hash: 704af7a4d08024ca5ace7a11ee27db98068fb27e29fe6bb0e1e12ff8b48095ee
Instruction Fuzzy Hash: 779135F3F1122147F3544979DD983626683EBD5314F2F82798F88ABBC9D8BE5D0A4284

Function 00C6A2A7 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c20b99c9345dfd11a6bd8fe991697adb84fe3d70718a5cd856c17e6528087127
Instruction ID: 956195f612ce9c62deb9f567b7fc30ca0a98a29f9d4813c399b1fdeddc0ffc73
Opcode Fuzzy Hash: c20b99c9345dfd11a6bd8fe991697adb84fe3d70718a5cd856c17e6528087127
Instruction Fuzzy Hash: 54914AB3F1122447F3584829CD683A66583DB95314F2F827C8E8DAB7C9D87E5D0A5384

Function 00D131CB Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b680eb31996a8a0b052443cd9b28e8b9058f85c24508756243a68fd3214befed
Instruction ID: 3b533d499828c90c6afbcc61f2ec5461a1be41e4939e8023e9e36ba2198ead85
Opcode Fuzzy Hash: b680eb31996a8a0b052443cd9b28e8b9058f85c24508756243a68fd3214befed
Instruction Fuzzy Hash: 939158A3F1122147F3544928DDA8362A693EB95314F2F82788F896B7C9DD7E5D0A8384

Function 00C8844A Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7078ac58584a54816ed65698aa8f1f15fc7b290d2e176fc618fed500090e703
Instruction ID: e12b1f08b362579aaa074828c848a204e04bf0085abd03b448d663ee588c18fd
Opcode Fuzzy Hash: c7078ac58584a54816ed65698aa8f1f15fc7b290d2e176fc618fed500090e703
Instruction Fuzzy Hash: D8919DB3F112248BF3544D29CC683617693EBD5324F2F42788A8D6B7C5D97E5E0A9388

Function 00C191CA Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c55c8bb9eca090f5e72e7ee0dcff186ae3a45abbe87434df6e7b28a9ee7cabe5
Instruction ID: 6fe2e017b7c2c8ff97e874735e620dd5bc760a1bb6b9fccabadde941d418bcd3
Opcode Fuzzy Hash: c55c8bb9eca090f5e72e7ee0dcff186ae3a45abbe87434df6e7b28a9ee7cabe5
Instruction Fuzzy Hash: 739157B3F5062147F3584939CDA83626583ABD5324F2F823C8F4DAB7C5D8BE5D0A5284

Function 00D0F19D Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00ae5f9ebd1bdc1fa0781845f6bb4b5a96bc94c547521652ccd3f51431a1bb70
Instruction ID: 126f320075ef14596b1795f4263569e47a767d21b3f1548daec101b0ed430b53
Opcode Fuzzy Hash: 00ae5f9ebd1bdc1fa0781845f6bb4b5a96bc94c547521652ccd3f51431a1bb70
Instruction Fuzzy Hash: B691A0F3F116258BF3484D78CC983A26683DBE5315F2F82788B495B7C9E87E5D0A5284

Function 00BCE1F2 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f92550c022fb5e7802e52cc58e08a0c1514a1903ad2c714d6d1e11c4aa79da48
Instruction ID: e55e8f295bb496ed33745e9c8c1669fbd0e7132eed7b24db5cb57399a13957f1
Opcode Fuzzy Hash: f92550c022fb5e7802e52cc58e08a0c1514a1903ad2c714d6d1e11c4aa79da48
Instruction Fuzzy Hash: 6B915DB3F1122587F7544D39CC983617693DB95320F2F82788E5C6B7C4D97E6D0A9284

Function 00C571BB Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77102a94c380738437b78710a4e3418f7b2746c8c502f9602f55da8d8249d9af
Instruction ID: 58a3120531673ff17e1ca12d7a5988379ae60018cb66421f08f1ebe1c7c7bd04
Opcode Fuzzy Hash: 77102a94c380738437b78710a4e3418f7b2746c8c502f9602f55da8d8249d9af
Instruction Fuzzy Hash: 8D918CF3F2162547F3480928CCA83626683D7D1324F2F82398F596B7C9DC7E9D0A5284

Function 00C46132 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9c2e3651c84523d499884acbe120289fa566fa648a323e203f0106fa44d951b
Instruction ID: cb49b3e87cbad93693591ddc98b5256d4aaae690db3cc33899752c99284e103c
Opcode Fuzzy Hash: f9c2e3651c84523d499884acbe120289fa566fa648a323e203f0106fa44d951b
Instruction Fuzzy Hash: 0A916DF3F1022447F3544D29DC983626693DBA5325F2F82788E9C6B7C9D87E9E099384

Function 00C6633F Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1387310e8e2473ab6f8136afeb6142db4336a8971eca7e2f44ce3f5c26b84839
Instruction ID: 77b783167bc4650332aed5b2dbc456961c43066f14907990c096007c14698ae9
Opcode Fuzzy Hash: 1387310e8e2473ab6f8136afeb6142db4336a8971eca7e2f44ce3f5c26b84839
Instruction Fuzzy Hash: E2915BE7F1122547F3544939CC683626683EBD5324F2F82788F9D6B7C5E83E5D095284

Function 00BF8288 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d59de4320ba50157e4620ec39ead2b13aa4388767f69a67c59dd5b534f9c9c3
Instruction ID: 794dcb3fd9728270b9c07a68785e628b722347922b6efea9d30c0a0b62a228a6
Opcode Fuzzy Hash: 5d59de4320ba50157e4620ec39ead2b13aa4388767f69a67c59dd5b534f9c9c3
Instruction Fuzzy Hash: 40917BB3F112244BF3944938CC583A16692DB91320F2F82798E9CBBBC5D87E5D4A93C4

Function 00BC847C Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ce2a0cb7ad0ffbb7833392b40ad2a56ecdcbc682848653d561c62977dcef43
Instruction ID: d15945ed2221e46a001d6fdc663e777448e2242b62360f47022dc2a34ef79b8b
Opcode Fuzzy Hash: 30ce2a0cb7ad0ffbb7833392b40ad2a56ecdcbc682848653d561c62977dcef43
Instruction Fuzzy Hash: 26915AF3F1162547F3484838CD683626583D7E5321F2F82788E996B7C9EC7E5D0A5284

Function 00CD45CD Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1e948a609cadc8492bf284adc3d32536a20176db6d81f3bf06ae6fdd6454316
Instruction ID: e71550dee04e6278b9e255124dafc1d9d8fe6d80514d7b18679e79996ecccb8b
Opcode Fuzzy Hash: a1e948a609cadc8492bf284adc3d32536a20176db6d81f3bf06ae6fdd6454316
Instruction Fuzzy Hash: 63916AB7F502254BF3544D29CDA83626683DBD1310F2F82798E9CAB7C4D87E5E4A9384

Function 00D1C024 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 512cd748c5551a89acf5cf57be9316676faecac655066d4e7e1503e64a643a77
Instruction ID: 4f52d761f2122a652a44241146c0279ef5fb57e2a0b948a9c192f78f8cca77f6
Opcode Fuzzy Hash: 512cd748c5551a89acf5cf57be9316676faecac655066d4e7e1503e64a643a77
Instruction Fuzzy Hash: 929148B3F2162547F3584C38CDA836266839BD1315F2F82788F9D6BBC9D87E5D0A4284

Function 00CF8560 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6510677e69dc7222cf346f5712100b94d5452fa91035a24f66fd908ce77e52de
Instruction ID: 63a53a67734b9fbafdff0285f8fdf380c1c24a8f3ae6bc3f257f77fae124e9e2
Opcode Fuzzy Hash: 6510677e69dc7222cf346f5712100b94d5452fa91035a24f66fd908ce77e52de
Instruction Fuzzy Hash: DC91ACB3F112248BF3484928CCA836176839BD6320F3F42788A5D6B3C5DD7E5D0A9284

Function 00CD51D4 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df2a12c699fdfbde10e9086771551539144288a7baecf0bbe48b168c3f8dd411
Instruction ID: a157ec7940d06660c08503a230216b4dd7fa4cef4a19abefcc5ed8726929d148
Opcode Fuzzy Hash: df2a12c699fdfbde10e9086771551539144288a7baecf0bbe48b168c3f8dd411
Instruction Fuzzy Hash: F2918AB3F106248BF3544D69CC58362B683EBD5714F2F81788F49ABBC4D97E9D095284

Function 00C0C238 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b9554bc53ea6729c6d023a2751de8d18f1b6c4aebf6f9489fd83896d811f16
Instruction ID: 7762234546b0d3346d4b0b2bc2639ca2feb3e37c102225bd7c3c1a69814880a1
Opcode Fuzzy Hash: 75b9554bc53ea6729c6d023a2751de8d18f1b6c4aebf6f9489fd83896d811f16
Instruction Fuzzy Hash: 9D919DF7F2162547F3544D28DC983A26683D7A5314F2F82388F88AB7C5D97E9D0A9384

Function 00D0E42B Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7a79086663019c48cd5a31c01f49e400b53fc2b04c06905f4cb570c3cfe1f79
Instruction ID: 9f34deafe1b9006abf16ff00222bb086a6586a02e431d089c89d7acb239d59ef
Opcode Fuzzy Hash: f7a79086663019c48cd5a31c01f49e400b53fc2b04c06905f4cb570c3cfe1f79
Instruction Fuzzy Hash: D99158B7F1023587F3544968DCA8362A292DBA5320F2F42788F4D6B7C5E97E5D0A53C4

Function 00CA9009 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 361743c8197b1acb49f52ea3e23ba81f270d87efa4355334b522c3b1e70c8427
Instruction ID: efdc08a2b06be13e0948f0d91c79a0e6ba1c4701074bbf2e8601bc05e2d0a99b
Opcode Fuzzy Hash: 361743c8197b1acb49f52ea3e23ba81f270d87efa4355334b522c3b1e70c8427
Instruction Fuzzy Hash: AF914DF3F1122547F3588D78CC683A26683DB95314F2F82788F896B7C9E87E5D4A5284

Function 00BD2120 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9a7f792e2f1fa258187ff9dfc1671b39e212eff2af9a93b6e5fafaa122b838
Instruction ID: 87e4a3b1f250a5f1c83715e795e60c8a7686aaf91c473f854b6d60bffe939322
Opcode Fuzzy Hash: 2f9a7f792e2f1fa258187ff9dfc1671b39e212eff2af9a93b6e5fafaa122b838
Instruction Fuzzy Hash: 0C915CF3F1122547F3544979CD983626583EB91320F2F82789F9CABBC9D87E9D095288

Function 00CD623F Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7efe0bcee743f35a8604f3052f4392d2d47db006383d4a0c6c613910e477fb2
Instruction ID: 77428ea229a55e575c339036d9ab6d4252948612ea9d5f54647ea93d69b198b5
Opcode Fuzzy Hash: d7efe0bcee743f35a8604f3052f4392d2d47db006383d4a0c6c613910e477fb2
Instruction Fuzzy Hash: 11815BB3F1122547F3544D68CC683626693EBD6320F2F82788E986B7C4D97E9D4A93C4

Function 00D1046A Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50a5b4804d33d23587d55eab38c8db8dfd7734e8dd7f77ff976617c76cb6901a
Instruction ID: 8196ff3365b89305427a11a93188f63df963226e91a69b5c91a14e4b74327a75
Opcode Fuzzy Hash: 50a5b4804d33d23587d55eab38c8db8dfd7734e8dd7f77ff976617c76cb6901a
Instruction Fuzzy Hash: 15917FB3F112248BF3444E29CC583A27253DBE5724F2F81788E886B7C5D97E5D099384

Function 00D18396 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b50cce462dce34b114e5a53c29b52d45ee2c25812f62bde6be5cc727e08a4a09
Instruction ID: 2d4b4156f133889e711a07d2d8456588ef10f6a659e84772ecc3f4aa186191b1
Opcode Fuzzy Hash: b50cce462dce34b114e5a53c29b52d45ee2c25812f62bde6be5cc727e08a4a09
Instruction Fuzzy Hash: C08177B3E1152543F3948834CD693A26282E791324F2F82798F9DABBC9DC3E5D0A53C4

Function 00CC0400 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 372de6b9d7960b086ec5e231cdd7692e45443ab3714b6246f447677331616fef
Instruction ID: aa79833ae967d1840a566455467df841bb35588f1e720ea1756004ed5bfdc473
Opcode Fuzzy Hash: 372de6b9d7960b086ec5e231cdd7692e45443ab3714b6246f447677331616fef
Instruction Fuzzy Hash: 7B8166F3F1162587F3644D29DC98361A2839BA9721F2F82788E9C6B3C5E87E5D0653C4

Function 00CDE6BE Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0e405297683de7c5d2693afd8a652986ef519c46e16281db4b3243f5c8b830
Instruction ID: 7fed3ca5b91ce044838bf795079fcf2e41da5a92c867ee84681feacb0006e176
Opcode Fuzzy Hash: 5b0e405297683de7c5d2693afd8a652986ef519c46e16281db4b3243f5c8b830
Instruction Fuzzy Hash: 858159E3F1122547F3484969CDA83616643EB91314F2F82788F896BBC5D97E9E0A9384

Function 00CE41F1 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b8972398f47a379c3a2417cf8df48862198bcdd842bfe4ec4462bf7118b6bb8
Instruction ID: aa550323c2f524619e1865a6ab02a8aadd4618d0414692bb4fc55bd001fa70f2
Opcode Fuzzy Hash: 9b8972398f47a379c3a2417cf8df48862198bcdd842bfe4ec4462bf7118b6bb8
Instruction Fuzzy Hash: 3C8138F3F116254BF3644D29CC9836166839BE5320F2F82788E9C6B7C5E97E6D0A5284

Function 00BEB1FF Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e8b6e08d5d5477640e6030851cd5b1dfd5c996824b178276e68690c5c60ccc
Instruction ID: dc2da22743a4d16e5cd873484be3b7c751f8481fb900fbe64a37c9ed71223556
Opcode Fuzzy Hash: 59e8b6e08d5d5477640e6030851cd5b1dfd5c996824b178276e68690c5c60ccc
Instruction Fuzzy Hash: 84815AB3F112258BF3444D29CC583527693DBD6324F2F81788A8CAB7C9D97EAD468784

Function 00D0B197 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95af81159287c5631ad1b300ba8f17e765d485c639537a0cbb023339f5186717
Instruction ID: 1192432633d7ba00bb13701e71111ed29603b49d0796ce7f54eb88c0e81c2242
Opcode Fuzzy Hash: 95af81159287c5631ad1b300ba8f17e765d485c639537a0cbb023339f5186717
Instruction Fuzzy Hash: 0F814CF7F1022547F3544878DD983626583DBA5324F2B43388FAC6BBC9D87E5E0A5284

Function 00BF2461 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b129267ca76e13b7b23d6b31fd913e7d0e32cac1fd2fd665311e12eda8e8fb
Instruction ID: 77898aa2b0a45ed3323e4431ea7c3b95458156d702924b933d670ff96ebe09cc
Opcode Fuzzy Hash: 44b129267ca76e13b7b23d6b31fd913e7d0e32cac1fd2fd665311e12eda8e8fb
Instruction Fuzzy Hash: 0A8178B7F112258BF3404968DC98361B683ABD5324F3F42388E9C6B3C5D97E9D1A9384

Function 00C10698 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07fb61b8dd344e4439c20a173f25da5892715fc32cbabb5c2f95c52e22bffa91
Instruction ID: 446b3d705b1b1863f19381178348ef08d1d4422ed01d0c11b798cb8384bb7636
Opcode Fuzzy Hash: 07fb61b8dd344e4439c20a173f25da5892715fc32cbabb5c2f95c52e22bffa91
Instruction Fuzzy Hash: 6B815BB3F116258BF3544E29CC983A17252DB91320F2F82788E8C6B7C4D97FAD499384

Function 00C7E3BD Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0590fbfbaeab8dcc0612a53dc6998f764d5d2440cf87519b425615b1bb159f57
Instruction ID: 24cdecdd7e5678da353bff079ed22b10a69b035cb315432732db67739cce2b2f
Opcode Fuzzy Hash: 0590fbfbaeab8dcc0612a53dc6998f764d5d2440cf87519b425615b1bb159f57
Instruction Fuzzy Hash: 8591C1B3F1122587F3544E28CC683B13692EB95324F2F82788E995B7C5D97E6E099384

Function 00CB234E Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87a97e084e5d61226c2369dcf88abca51c9c0f4cec52a75d5860dce9d70aa178
Instruction ID: 5513d9cb00daeeb9c751273dfce60be2505dd35a52874b7c34c83cff4ebeba67
Opcode Fuzzy Hash: 87a97e084e5d61226c2369dcf88abca51c9c0f4cec52a75d5860dce9d70aa178
Instruction Fuzzy Hash: D38190F7F6122547F3544879CD593A26583DBE5320F2F82388F58ABBC5D8BE9D061284

Function 00C0518A Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b2e11eb9aa684abc4815641eae19fb28d8c1e329101261a85899d797cb7cce3
Instruction ID: 9d50cd0ad02c056aff5fccbde6e80f0c99f308a968c65774ba102f6be090c216
Opcode Fuzzy Hash: 6b2e11eb9aa684abc4815641eae19fb28d8c1e329101261a85899d797cb7cce3
Instruction Fuzzy Hash: 12817CB3F6162587F3544928CC683A27283DBD5324F2F4178CA9C6B7C5D97EAD069388

Function 00CC4104 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d63c579c87f6b14fd4e757bd01fdf8346ce3393d3b75d573db287ce8878787
Instruction ID: c9b9397dc5e684fb8517ac0d27251f1ab43d862cbac0796dab3d02400fc3129d
Opcode Fuzzy Hash: 93d63c579c87f6b14fd4e757bd01fdf8346ce3393d3b75d573db287ce8878787
Instruction Fuzzy Hash: AB818EB3F512154BF3444D29CC983A67693EBD5320F2F42788A885B7C5D97EAE0A9384

Function 00C263E2 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e68769e2e3ac6f2666d0b70d6e5e5bb56e46d7d53b66b2df6ac553b0889f083
Instruction ID: 4e3d6692c8093285940a00b12290572d140ef7717686ee570cd233423014dd66
Opcode Fuzzy Hash: 3e68769e2e3ac6f2666d0b70d6e5e5bb56e46d7d53b66b2df6ac553b0889f083
Instruction Fuzzy Hash: 22817DB7F112204BF3548979DD683626643ABD5324F2F82788E9D6B7C5EC7E1D0A42C0

Function 00CB0130 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfc3a7f39cfa6d4fd70971c98f1a95aee7d88c25d67ab20b665081a4cbe3075e
Instruction ID: ee59f3541412402593b02ab078b00584a90144fb2f916dbcb3fd9f8d5db500c4
Opcode Fuzzy Hash: dfc3a7f39cfa6d4fd70971c98f1a95aee7d88c25d67ab20b665081a4cbe3075e
Instruction Fuzzy Hash: 7E8160B3F216154BF3444E29CC983617293EBD6314F2F81788A8D4B7D5DD7EA90A9384

Function 00C4A235 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fb14b5501da04cbf32ff420f7dcd1c45f5b7cd77ed94af85018e852f6189d1
Instruction ID: 92fe31dc10e3efff10bb5ac9b449da904a79e030942137d74eb019bdad810615
Opcode Fuzzy Hash: c1fb14b5501da04cbf32ff420f7dcd1c45f5b7cd77ed94af85018e852f6189d1
Instruction Fuzzy Hash: DC816AB7F112254BF3544D29CC98362B683EBD5324F2F82388E98677C9D97E5E0A52C4

Function 00BF20A3 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c225f3615be0c6fadac5e0c2fcdbf389c2bd43bfd704974e34c3fbd94caf6936
Instruction ID: 790d48cc61c0595105c3c285ba875f9a4bebdbfdea76b88405e979e498aab1c1
Opcode Fuzzy Hash: c225f3615be0c6fadac5e0c2fcdbf389c2bd43bfd704974e34c3fbd94caf6936
Instruction Fuzzy Hash: B5814AB7F1122447F3494928CC683A27643DBD5315F2F817D8B895B7C9D87E5D0A9388

Function 00C3D0A8 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 680c2ed8d7673d4f6fb9a2029e3d8df413a226ed45062f72530409e738011835
Instruction ID: 0d69cde6850488965b5957e8e61ecab39348da6055544eaf041f6dac90da8a6f
Opcode Fuzzy Hash: 680c2ed8d7673d4f6fb9a2029e3d8df413a226ed45062f72530409e738011835
Instruction Fuzzy Hash: 05815CF7F116258BF3448974CC983616683DB95314F2F82788F4C6B7C5E97E9D0A9284

Function 00D0235A Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e42f2c797f4d7c343d5a33b22f9580d7755545eb5628d6c951c6a751d05c5578
Instruction ID: 4ef8c265ac1dbb1fb0bf61dfc1dde00d39d9ec0cf3dac43fc0504a69d42d8330
Opcode Fuzzy Hash: e42f2c797f4d7c343d5a33b22f9580d7755545eb5628d6c951c6a751d05c5578
Instruction Fuzzy Hash: 94818BB3F1122447F3584968DCA83626682DBA5324F2F827C8F9DAB7C5DC7E5C0A5384

Function 00C9C689 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c771b3c68c279a903adb7af3f5a83e3dba4e9e1bc3ec5490b7a3d780d582e5
Instruction ID: 6f8f59e1380c2d91bcf0f32c6ae6a35a26d507b5c882e20272fd0b833680f1a6
Opcode Fuzzy Hash: 05c771b3c68c279a903adb7af3f5a83e3dba4e9e1bc3ec5490b7a3d780d582e5
Instruction Fuzzy Hash: CE817DB3F512254BF3444979CC983A26283EBD5324F2F82788F48AB7C8D97E5D0A5384

Function 00CB4012 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f218220ecf0f5aceb2806b4ecb47aa2c308046b9db35a4c789134a6c26c636
Instruction ID: 4f74d37cd8eb391d51dcffce6076c57b0b707c001ef148a87dbc9bbe337432bd
Opcode Fuzzy Hash: 42f218220ecf0f5aceb2806b4ecb47aa2c308046b9db35a4c789134a6c26c636
Instruction Fuzzy Hash: E7819CF3F2122547F3484925DC983626643EBD5314F2F81789B889B7C9DD7E9D0A9388

Function 00BDC2E7 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8714e4ae273d9c5bbbf7811dee5eba566b59af77a316ede215c8140852f74c5e
Instruction ID: c3b111996dadefdf19c519a2ebadacb8daebd2286ff4bd4f494eea45efee8c67
Opcode Fuzzy Hash: 8714e4ae273d9c5bbbf7811dee5eba566b59af77a316ede215c8140852f74c5e
Instruction Fuzzy Hash: 73819FB3F112258BF7444E69CC983613693EBD6310F2E81788F885B7C9D97E6D0A9384

Function 00C2C3FC Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1602eaf8be17311d3acdda930734219c07343618f6de98240a9a78c1699fb127
Instruction ID: 2c26bdc72255b9351079b4d8ad401c6d0c350417b4da1b955498c4f5ad8850db
Opcode Fuzzy Hash: 1602eaf8be17311d3acdda930734219c07343618f6de98240a9a78c1699fb127
Instruction Fuzzy Hash: 91815DB3F1022547F3548D69CC99362B682EBC5314F2F82798F4D6B7C4D97EAD0A5284

Function 00C7C403 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2450fb29bfa82f61af6d40904c276ad26d07987f709aca9085387b14e4cd6fa9
Instruction ID: 33927c8218bed6699fed008a6518c6b2d33405074faab823ed80fba58f9affbf
Opcode Fuzzy Hash: 2450fb29bfa82f61af6d40904c276ad26d07987f709aca9085387b14e4cd6fa9
Instruction Fuzzy Hash: CF81CEB3F1122187F3144929CC583A17683DBD6324F3F82788E5C6BBC9D87E9D065284

Function 00C00689 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7976ee994cbdffc024806ee7aba146d3d611bb58f01bd67da4c083a359c86263
Instruction ID: 3b66e9912597ff50bd30c121a79b31f935abd4c0ebe75bb746e7fb5d83f31623
Opcode Fuzzy Hash: 7976ee994cbdffc024806ee7aba146d3d611bb58f01bd67da4c083a359c86263
Instruction Fuzzy Hash: F0718FF3F1112547F3544929CD583A16643DB95314F2F82788E8C6BBC5D97E9E0A93C8

Function 00BDF19E Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aecf6b29d8d7c09ab4c8400582099b8d3f0925b2dbbefd30b6afdbedddbd171
Instruction ID: 28995e3529f8e5cc14e63552ed45066053b9d8f66558b0c34bae2b7252f835d4
Opcode Fuzzy Hash: 0aecf6b29d8d7c09ab4c8400582099b8d3f0925b2dbbefd30b6afdbedddbd171
Instruction Fuzzy Hash: BC719FB3F1022587F3544D29CC683627683DBD6324F2F82789A5C5B7C5D9BEAD0A9384

Function 00C3C6ED Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb2863443e6d92c9c22d9108e6141686132a3492f082ceeae56cc7407db8d59
Instruction ID: ee3c7d281aba1db2a7d01443858895df18cbe6b2647603da60d0a99b73ff9f7d
Opcode Fuzzy Hash: ffb2863443e6d92c9c22d9108e6141686132a3492f082ceeae56cc7407db8d59
Instruction Fuzzy Hash: CF816AB3F1122587F3584968CCA8361B693EBD5320F2F82388F596B7C5D97E5D0A9284

Function 00BD8586 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17e099fcf7bc1701f6e7c1f4c07584f907a4bc3f9f1d035017ad1fccdd6de563
Instruction ID: b0b4f4e6d9a1caeb1e160e870bff965de093b70d1f9378c71cd6bbbe8246a0c1
Opcode Fuzzy Hash: 17e099fcf7bc1701f6e7c1f4c07584f907a4bc3f9f1d035017ad1fccdd6de563
Instruction Fuzzy Hash: 7A716CE3F516254BF3444928CCA83617653EBD5314F2F81788F896B7C4D97E5D0A5384

Function 00D0816F Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c07cdeccb798dbffdb689a9836f7d54a8146fe77ef764c986c0f56a00e2a6dd4
Instruction ID: 70af0d301651670acd6e89858d8b5e6bbd97b274c19d1779c7bdd055ff0f8431
Opcode Fuzzy Hash: c07cdeccb798dbffdb689a9836f7d54a8146fe77ef764c986c0f56a00e2a6dd4
Instruction Fuzzy Hash: EA715BB3F112248BF3544929CC983617693DB96324F2F42788E8C6B7C4D97E5E0A9384

Function 00BFA41F Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3720db4ae8e3c49335bb407fcdc025eca90a176829774fac5a9b7c20a5186321
Instruction ID: b86b36a87d4f99d826809909a2ff50822383ee76ce312ed0b463fc052f5f5b4a
Opcode Fuzzy Hash: 3720db4ae8e3c49335bb407fcdc025eca90a176829774fac5a9b7c20a5186321
Instruction Fuzzy Hash: 767168B3F1122147F3444D28CD583667693EBD5314F2F82788E4C6BBC9D97E5E0A9288

Function 00CB43C4 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c571101c7f37f4a1985acddf55446833f2c8a16da1c6c2bb195a365c59ba342
Instruction ID: 464517cb2c45c86cf78b99d41e3ae44b58475493a3671407bfd89741bca6554d
Opcode Fuzzy Hash: 1c571101c7f37f4a1985acddf55446833f2c8a16da1c6c2bb195a365c59ba342
Instruction Fuzzy Hash: 76717DB3F2162587F3444E25CCA83A17293DB96315F2F41788F486B7C5D97E6E099388

Function 00C386EE Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3299e9eb43b07b8801d79845c5a1f5ee5f0097c777dc098cfa476529f839649c
Instruction ID: f788b9593d1143ca473408833aaad2d878c16bf31c2c3bded7a73fadfd6f1997
Opcode Fuzzy Hash: 3299e9eb43b07b8801d79845c5a1f5ee5f0097c777dc098cfa476529f839649c
Instruction Fuzzy Hash: 5071AAB3F2122547F3084D29CCA83626643DBD5324F2F82798B596B7C9DDBE6D0A5384

Function 00CC44B2 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1fdaafbd375358acc82ed0a7faa42f6c97f85a6a6523717b809bea67343356e
Instruction ID: 5a1c957fd7eb3d4e1872e5f1b11fcc0576c6a4db4f41c7f70fb6011206952f63
Opcode Fuzzy Hash: e1fdaafbd375358acc82ed0a7faa42f6c97f85a6a6523717b809bea67343356e
Instruction Fuzzy Hash: 4971BEF3F1162547F3584968DC98361B682DB95324F2F42388F5D6B7C1D97E9D0A8384

Function 00C281AE Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f1994fdbd22981492254402cf6c0ca43470961e089026c0a8843dfd7e48827
Instruction ID: 6beaf7bb86407d24e58b0e86e8df324732922f720d3ff7abba5e25d4a03d5298
Opcode Fuzzy Hash: f1f1994fdbd22981492254402cf6c0ca43470961e089026c0a8843dfd7e48827
Instruction Fuzzy Hash: D56148E3F112214BF3544929CD693A26683EBD5311F2F82788B89AB7C9D87E9D095284

Function 00BDC686 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5769a5b3d5314e0f834e9873812cec4bd9dd15f151c24b3e27390645b0e2f0c
Instruction ID: 0d2a8c755a13ea72c2324be3239b97686f12e16b4884b1e739785e314554e7c9
Opcode Fuzzy Hash: c5769a5b3d5314e0f834e9873812cec4bd9dd15f151c24b3e27390645b0e2f0c
Instruction Fuzzy Hash: 8B6169B3F1122547F3544978CC983616693EB91324F2F82389F9C6B7C5E97E5D0A9388

Function 00C9867B Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bd329886b648ac9fb58dd3b16fdba9816e0cf3d41658d754c3cf5f14886779
Instruction ID: 909c0564e7efac2cd4346962d555e299d83ad02aa48c2fd78818e6c8347840d0
Opcode Fuzzy Hash: a4bd329886b648ac9fb58dd3b16fdba9816e0cf3d41658d754c3cf5f14886779
Instruction Fuzzy Hash: 0661AEF3F102258BF3444968DC983627242DBA5324F2F42388F586B7C6E97E9D095388

Function 00C601C2 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459ed2d3775ccd6406e75ad897565a4be4111ae8f97ae73da8ec9cfb50065968
Instruction ID: d81083af47e4e3fc0170fdfac4c346c9b508eb1b1c25cb862fcc29bfe9ddffae
Opcode Fuzzy Hash: 459ed2d3775ccd6406e75ad897565a4be4111ae8f97ae73da8ec9cfb50065968
Instruction Fuzzy Hash: 0C61AAA7F1022587F3844D38CCA83627693EBD6314F2E417C8A899B3C5D97E5E0A9384

Function 00C6E04D Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba4b0f85c705be7c3b870c7b3a5b5cca4b7db89fa301be613dbde5988a011b8e
Instruction ID: 9284220c95f82c8ed56af8c28dc7a282dbb67d48037549fe2457d57eba7de4a0
Opcode Fuzzy Hash: ba4b0f85c705be7c3b870c7b3a5b5cca4b7db89fa301be613dbde5988a011b8e
Instruction Fuzzy Hash: 755139F39083189BE3006A2DDC4576BFBD9EF94720F1A453DD6D8D3384E93898058796

Function 00C8C45D Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69249b3a276bf1f27ef795b36e1ead908e75d134c9583114c1da581c3fc5548f
Instruction ID: 62e13b0c38810a16111fe4a6b93cc81808ce365ad3f4e198d6aa88bfda9f49f5
Opcode Fuzzy Hash: 69249b3a276bf1f27ef795b36e1ead908e75d134c9583114c1da581c3fc5548f
Instruction Fuzzy Hash: 83617CB3F1122587F3504D28CC943A16253DBD6324F3F82789E582BBC9D97E5D0A9384

Function 00C2C0FE Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e84d3acd07876dec781d83eddea4bec05a308bc1a8525e36cec3e88b1acb23a
Instruction ID: f3e1b715756e5121cff67c31742113293217796c6c58bd872011983533444b22
Opcode Fuzzy Hash: 7e84d3acd07876dec781d83eddea4bec05a308bc1a8525e36cec3e88b1acb23a
Instruction Fuzzy Hash: 26615CB3F112254BF3504D29CC983517653EBD1324F2F82389E986B7C5D97E6E0A9784

Function 00C4A5E7 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e4855a1d63365250b7690038e4e07e183991381146a80791237554a82321fce
Instruction ID: 293359a16a8a59e74d902cb2072e0855f5458c344cdd3f44d56cb49051c641fc
Opcode Fuzzy Hash: 6e4855a1d63365250b7690038e4e07e183991381146a80791237554a82321fce
Instruction Fuzzy Hash: 3B517FB3F1122547F3544D28CC583627293DBD6324F2F82789E98AB7D5D93E5E0A9384

Function 00C325FE Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a649c8042d5f5097d971c0f7be15c75716393ab2debf567d05aa1ee4aa9d4942
Instruction ID: 836715cab3e508813c4bbe2b6e1394d56e5106fb1adf2f02846235f6b937b3cc
Opcode Fuzzy Hash: a649c8042d5f5097d971c0f7be15c75716393ab2debf567d05aa1ee4aa9d4942
Instruction Fuzzy Hash: 4851AFB3F102248BF7544E28CC943617693EB99314F1F4278CE486B7C5EA7E6D1A9784

Function 00C566EE Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f770434c5ba5c4c1d1ee5f58ab9babda96e81e93f7ce798f62ed43b4764249
Instruction ID: 1f927e422dbbe8ef7ade92017b3c70d4024e87022eb2c839eb68556edefe9a7a
Opcode Fuzzy Hash: 49f770434c5ba5c4c1d1ee5f58ab9babda96e81e93f7ce798f62ed43b4764249
Instruction Fuzzy Hash: 355187F3F1122587F3180D39CD683626683ABA5320F2F427C8B9D9B3C5D87E4D0A4284

Function 00C6D141 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18276bcfe1e93ef7fbdbf705fd3b75be1af0f5aee2a19c6aafde058f1ab3f97a
Instruction ID: c5c5c8ad3487f593429b9c2d130b2a6e470cb42b7843f8cfe5c5daefe009dfee
Opcode Fuzzy Hash: 18276bcfe1e93ef7fbdbf705fd3b75be1af0f5aee2a19c6aafde058f1ab3f97a
Instruction Fuzzy Hash: C15149E7F5162147F34408B8DD983626583D7E5324F2F82388F5CAB7C9D8BE9D0A5288

Function 00C3E2DB Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d36ac46c68f3bf41f0fac9eccc154ae9996f0367dbdbadd2a7e6acffabdf0c65
Instruction ID: 7e866b69c800490e59f9f8ea4c66381acd3ec62cf9497ef5ec00c7163caf1533
Opcode Fuzzy Hash: d36ac46c68f3bf41f0fac9eccc154ae9996f0367dbdbadd2a7e6acffabdf0c65
Instruction Fuzzy Hash: 625188B3F0122547F7544D38CDA83666693ABD4324F2F82788F896BBC9DC7E5E095284

Function 00BE51A4 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9443b602934e75deb13f131d27076aa406f237f19ac7fe47fba25e1f648bf700
Instruction ID: 9f3a4aca1e833123948b02310467fab22581720c6234a0feef5a68c96b8650bb
Opcode Fuzzy Hash: 9443b602934e75deb13f131d27076aa406f237f19ac7fe47fba25e1f648bf700
Instruction Fuzzy Hash: 59510873F1522587F3588D25CCA83627253EBD5324F2F827C8A496B7C5D93E6D0A9284

Function 00C244AF Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04dd165a1d271bc63d10c23a2c3e3756a84e51166b2b609fd342b2aef0d6614d
Instruction ID: 991d9ab3466b7d524ff2860a7710845dc331b923de422211fac5f6f23ed6e616
Opcode Fuzzy Hash: 04dd165a1d271bc63d10c23a2c3e3756a84e51166b2b609fd342b2aef0d6614d
Instruction Fuzzy Hash: 91518BB3F102254BF3444979CCA83627682DBD6324F2F42788F5DAB7C5D87E5D0A9284

Function 00BFE56F Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2678b696a1ca1af58636c1949275eb19577d5bf358fe8bc507b85b7420174ee5
Instruction ID: e8d64d4c723ca29125b950a5cdb8af1bfd3dd6967fbf5154efac5d0200cf3af0
Opcode Fuzzy Hash: 2678b696a1ca1af58636c1949275eb19577d5bf358fe8bc507b85b7420174ee5
Instruction Fuzzy Hash: 1E517AB3F102248BF3544E28CCA43707392EF96314F2E02B9DA496B7D4CA7E6D499785

Function 00C8A377 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 472a090db9e3aed333027a6d71d53c11c99d83c1abf00edc428321900f1998b1
Instruction ID: 21047668b38b8c06d55696db70df282eeea9fe06820c3f46518276968748e14e
Opcode Fuzzy Hash: 472a090db9e3aed333027a6d71d53c11c99d83c1abf00edc428321900f1998b1
Instruction Fuzzy Hash: 67517DF7F2162547F7444828DC983A16543DBD5324F3F82388A996BBCADC7E5D0A5384

Function 00BFE340 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05f739eab1ffa97a54084329152bac287c08870b99a57361c3a7856a431480d5
Instruction ID: 84ffda98f0a4ae3e3faaa5c67c24295b07380501bdd1babf82259548261995e4
Opcode Fuzzy Hash: 05f739eab1ffa97a54084329152bac287c08870b99a57361c3a7856a431480d5
Instruction Fuzzy Hash: 20416AF7F516264BF3444929CC98361A283EBE5324F3F81788E8C5B7C6D97E6D065284

Function 00CAA052 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfb9c8a40451e10ad357dd37b38f93f61515d5288de0e775e2e7df3ffd63318
Instruction ID: 817f7f9c027ead89acfff2bf812ace5e17628c53baf60bc43a576f1243ca8dee
Opcode Fuzzy Hash: 7cfb9c8a40451e10ad357dd37b38f93f61515d5288de0e775e2e7df3ffd63318
Instruction Fuzzy Hash: EA4149F3F112114BF3548979CD88362A683EBD5324F2F82399F88A77C8E87D5D094284

Function 00CE621B Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 460d6570618c4f0e40b9182e769db1fe32918e936a24b4d90c5251654a465660
Instruction ID: 87017fb354b63f50f3d73f1014059b1b9239ff78193bd953c20eb2fe066c3769
Opcode Fuzzy Hash: 460d6570618c4f0e40b9182e769db1fe32918e936a24b4d90c5251654a465660
Instruction Fuzzy Hash: 52418DF3F2112547F3144D38CC983A56692EB95314F2F427C8F98ABBC5D87EAD095284

Function 00BEE0BD Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5743fc73c0cbcd7f084a95867abd5752ac5a0148173e49242cb663eef0c55eaf
Instruction ID: 78dff1d2c1bf40eda0ca876e852848575a18b401cb4874c296325a8c30828152
Opcode Fuzzy Hash: 5743fc73c0cbcd7f084a95867abd5752ac5a0148173e49242cb663eef0c55eaf
Instruction Fuzzy Hash: BE414AB3E112258BF3504E29CC983A17652EB95324F2F42788E4C6B7C9D97E6E0997C4

Function 00D1453E Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 104eb5c2cf4653362c0799f904bcdbddafabb5f7d49dd906b17b5f4a75a09c96
Instruction ID: c9336a3f0f2234875d9622dc7359b6f1f54e6b7dcb9acf922b229886e297cc55
Opcode Fuzzy Hash: 104eb5c2cf4653362c0799f904bcdbddafabb5f7d49dd906b17b5f4a75a09c96
Instruction Fuzzy Hash: 453139F3F2162547F3584838DD693A6158297A1324F2F43398E6DABACAEC7D4D0A02C4

Function 00D181E7 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f943c2e04650e2a48154fdd4934d4ee75e53c48d7d6f2315ecbd56fb5e4e6e9
Instruction ID: e11221360cd6b8d54c2d4bdab981d1bb06894eebc444ee3878fbf460425b506f
Opcode Fuzzy Hash: 7f943c2e04650e2a48154fdd4934d4ee75e53c48d7d6f2315ecbd56fb5e4e6e9
Instruction Fuzzy Hash: 42317AF3F5122047F7584879DE99366248397D5324F2F82798F4CABBC9D87E8D0A4288

Function 00CF71AA Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d497d06daa518cca83c07e474420922d8e8db1994f46667ea1a10417c9d510e
Instruction ID: 83ec3893986831bd82f8646925e4d5c807e75be887d67433a65f066a02abe324
Opcode Fuzzy Hash: 4d497d06daa518cca83c07e474420922d8e8db1994f46667ea1a10417c9d510e
Instruction Fuzzy Hash: B431F5F3F1052147F358883ADD5931665829BE4324F2F82398F9CA7BC9EC7E9D0A4284

Function 00C6F195 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 960bf23058414d30b92ef7ae8cd0038f265df4f1b832256e0260624487b2c484
Instruction ID: b248fad986def2d358f69dc27c3acd524876dbb6583bb977e0e0248ddd525cbb
Opcode Fuzzy Hash: 960bf23058414d30b92ef7ae8cd0038f265df4f1b832256e0260624487b2c484
Instruction Fuzzy Hash: 583178F7F5022143F75848B4DCA9372A182E791324F2F823D8F9AAB7C5DCAE5C495284

Function 00C0623D Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 968b37b65fffcf0ef5a4ac95aa1996a22c3891b480582a5ca8e5191768c5f610
Instruction ID: 4c206d6f946a7cbb71feb9bd6345f27220df53e388591546a8e22a6d6feefd01
Opcode Fuzzy Hash: 968b37b65fffcf0ef5a4ac95aa1996a22c3891b480582a5ca8e5191768c5f610
Instruction Fuzzy Hash: C33114B3F6152547F3588839CD58396254397D1325F2F82788F9C6BBC9D8BE8C0A4288

Function 00C3438C Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b944931ce102cce3b9facc84942d64f7d7a4700e8602f9e3fd0fd71c776ba8bd
Instruction ID: 382ef8f92b4a1a3cb4c74cd247395a11d34282e57141e5ada308574d7e564715
Opcode Fuzzy Hash: b944931ce102cce3b9facc84942d64f7d7a4700e8602f9e3fd0fd71c776ba8bd
Instruction Fuzzy Hash: A83106B3F115254BF7588839CD693A2158397D1324F2B82789A6A9BBCADC7E4D4A4380

Function 00CD06FF Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb5679a638a4bd293bcfe2a36ab6d3934c7f665eba30c814621284f1f37b8aa5
Instruction ID: 81f2f3d824056a928bf61ce899cfe1a4dd47a5d834b3359fad182754ccd1fe77
Opcode Fuzzy Hash: fb5679a638a4bd293bcfe2a36ab6d3934c7f665eba30c814621284f1f37b8aa5
Instruction Fuzzy Hash: 5B317EB3F5062247F3584878CDA9376A9829B91320F3F433A8F6AA7AD5D8BD9D050184

Function 00D00447 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfc69fed3ac79ebac13a38090132eb3ceecc9a0cb5aecb1a7f6f0a7bf4a02604
Instruction ID: 396634e0ce73fa7fa29fcb77fcb5fd8bbe0ada7aa1f0b328802225e2d00d0beb
Opcode Fuzzy Hash: dfc69fed3ac79ebac13a38090132eb3ceecc9a0cb5aecb1a7f6f0a7bf4a02604
Instruction Fuzzy Hash: 483126E3F112214BF354487ACD993536583A7E5325F2B82398F9CAB7C9DC7E5D0A4288

Function 00D0A6BD Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e9a9ef172d38a6a1a39ac0997612c9c614eb023c0c78cab7a24485b1cf24f0
Instruction ID: bfedfa9a013436e7f1691540d5a2f7f6fd0028e845654c3c04c692108c2fd7fc
Opcode Fuzzy Hash: 70e9a9ef172d38a6a1a39ac0997612c9c614eb023c0c78cab7a24485b1cf24f0
Instruction Fuzzy Hash: 38312CF7F61A2147F3584478CD55361108297E5325F2F82798F5CAB7C9DC7E8C094284

Function 00CC909F Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4753f63d4eb17cfa50feca148671c1b616b6b0b663d66d4d5e54154b1e184d9
Instruction ID: e5c26143a4d4e0398dea02be46144b60e573ff863fca12a26da27d2c9c8e9db0
Opcode Fuzzy Hash: f4753f63d4eb17cfa50feca148671c1b616b6b0b663d66d4d5e54154b1e184d9
Instruction Fuzzy Hash: A3311CE3E2163047F3508965CC98352A652EB95315F1F82788E8C2BBC9D97E5D4993C4

Function 00C421C8 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e1b40ae351237483f553d67d677990133b06a8af7623c2761d87e8fd293cc5
Instruction ID: 664f0d9d186e71846740ae13c5bf59925f0008e70f31ec8d20ef30ae8647f845
Opcode Fuzzy Hash: 34e1b40ae351237483f553d67d677990133b06a8af7623c2761d87e8fd293cc5
Instruction Fuzzy Hash: D6312AB3F116354BF39448B9CD593A2A583ABD5710F2F82358E5CA7BC5D8BD4C0A12C4

Function 00C12685 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2484460f46c8e2c85075614db849fa711f21905f2b9dd58265f3b9e1350c854b
Instruction ID: af639c2d8b977fafb34c88f6ef0626a2f0ebf83d391484adff77d3503f7a97c0
Opcode Fuzzy Hash: 2484460f46c8e2c85075614db849fa711f21905f2b9dd58265f3b9e1350c854b
Instruction Fuzzy Hash: 8E314CF3F1152147F3988879DD68362148397D5314F2B82799F5CABBC9DC7E4E0A8288

Function 00CC0276 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7984eb9f871d33b3fe441bfa65f09e04b5682e499f3582e2e40ac94b8fe35fd5
Instruction ID: c627fdb8c2fa596ef832a686d68960d338b8ce38a8c8a558871488fb38f07389
Opcode Fuzzy Hash: 7984eb9f871d33b3fe441bfa65f09e04b5682e499f3582e2e40ac94b8fe35fd5
Instruction Fuzzy Hash: 6A315EF7F6262007F3848825CD993525543D7D4715F2FC0798B48ABBCAD8BD9C0A4388

Function 00BC63F7 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80953ba7dd84acb2b5aa97b4b53a308312b5173a83180877e3b4f7100fbf95b8
Instruction ID: 6a342641a74f90af7b78bbbb9bc490be01b85d5094282973b59b02e7a13b1001
Opcode Fuzzy Hash: 80953ba7dd84acb2b5aa97b4b53a308312b5173a83180877e3b4f7100fbf95b8
Instruction Fuzzy Hash: 043148B7F111204BF3888939CDA93662583EBD4320F2F81398B8957BC8DC7E5A0A5384

Function 00BDE4AC Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c118cf6f0e05285846680dfa6f5cb750e03773753dd7680f20907789bf74b7
Instruction ID: 084637276cb5aa768e3821673c206de0acfd8dbe16f70eb4c1c29c3e6be26524
Opcode Fuzzy Hash: f7c118cf6f0e05285846680dfa6f5cb750e03773753dd7680f20907789bf74b7
Instruction Fuzzy Hash: 5C311BF7F51A2647F35448A4DD993A25443DBE4319F2F81384F88A7BCAD87D8D0A52C4

Function 00BF0522 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a9132c2c0483c82d54c9b1e6e0bbf2287579a3d0c1badb72fe1f886c51ae04
Instruction ID: 9a867f437df7c4fab7b180a65df5df96df8ce46ab5244f0bba686b1dd98eb5f5
Opcode Fuzzy Hash: 98a9132c2c0483c82d54c9b1e6e0bbf2287579a3d0c1badb72fe1f886c51ae04
Instruction Fuzzy Hash: 20317CE7F1152147F7984838DD6D3661443DBE4314F2F82398B8E67BC9DCBE580A4284

Function 00C24325 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eba4114f4048985eb95aa04c020f16d060021203df49349821ea87ae52a7f5c
Instruction ID: a6255ff35db3a33ab0ab450c247cfe90228e3e693f753ae2075b8eed125cff6c
Opcode Fuzzy Hash: 8eba4114f4048985eb95aa04c020f16d060021203df49349821ea87ae52a7f5c
Instruction Fuzzy Hash: 6D3127B3F526264BF3904875CD543A2658397D5324F2F82748E5CABBCADCBE4D4A5380

Function 00CB83A8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e55faac2ba4392eee32da16df82022ba928b0b848cbfa9869190b5f08c0e4428
Instruction ID: 7ee467f834872518ef496ffc1d4b32924ceed6a96fb0123f672315f3c98a40b5
Opcode Fuzzy Hash: e55faac2ba4392eee32da16df82022ba928b0b848cbfa9869190b5f08c0e4428
Instruction Fuzzy Hash: EB31A1B3F2062147F3584979CC683B56183DBD5320F2F82398F9AAB7C1D87D6D055284

Function 00C92597 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e60ed96590736b4fdb125b9d54cc31dda6cfee7d1269e6d43c76ccc423883fb
Instruction ID: 67477e4fa28fc0ac6e5f66983a52c0998002c2e1674abe682c8e4df06aaedf5e
Opcode Fuzzy Hash: 3e60ed96590736b4fdb125b9d54cc31dda6cfee7d1269e6d43c76ccc423883fb
Instruction Fuzzy Hash: 5A3105B3F5022147F3648835CD683A2258397D5324F2B8279CF1C6BBC9D83E5D0B5284

Function 00CDD059 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2333097354924aacc0edae9711262a9bc9d4cf9cc6ed923d85b233558377eadd
Instruction ID: 57d04b6eaefa22c16e11fac1e7ca2b9ba66e663d9389f11ec22d494f2ceddc76
Opcode Fuzzy Hash: 2333097354924aacc0edae9711262a9bc9d4cf9cc6ed923d85b233558377eadd
Instruction Fuzzy Hash: 4E314AF3E1162147F3944869CC9936295829BA1324F3F82798F6C6B7C5DC7E4D0A52C8

Function 00CF506E Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6e812df3c590ce71a3577ce5e611abf0154f94572591cc69f406345dd938b72
Instruction ID: 983d859d9543c4b37db408924783a59dfa31d4d98d6830472143dd7a1bce77a7
Opcode Fuzzy Hash: e6e812df3c590ce71a3577ce5e611abf0154f94572591cc69f406345dd938b72
Instruction Fuzzy Hash: E13159E7F51B2247F3944868CC983A266839BD1324F2F82388F5D6B7C5DC7D5C0A5284

Function 00C10511 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a32b7bae89661f69b29ab8a547e8cf9134942ccf8cd9bbe4f78ee054d27012
Instruction ID: 91794d2e4acc5652464d43324feddfd9f1761be6e60c16768a10d8331b23409f
Opcode Fuzzy Hash: 39a32b7bae89661f69b29ab8a547e8cf9134942ccf8cd9bbe4f78ee054d27012
Instruction Fuzzy Hash: BC313CF3F6062247F7648879CD5836215839BE5324F3F82788F5CABAC9E87D9D065284

Function 00C0841F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347d1f54761c6610b5d5a0f83635928fbc4491360bdb2cc6a051deebee273953
Instruction ID: e4653ac937ab3f6b96a926d2802cc3ed30e6d506be5a70cb3cbbdcba5cc2bbac
Opcode Fuzzy Hash: 347d1f54761c6610b5d5a0f83635928fbc4491360bdb2cc6a051deebee273953
Instruction Fuzzy Hash: CC313AF7F2152547F3944479DD493926583D7E1324F2F82398BACA77C6D8BE9C091284

Function 00C4519D Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f459b38d7c5b33e7f86d2db0b79e6ceb34dea21c53c7edcacd872b4e217cfe39
Instruction ID: 27f7ee3b4d82bf59a7993b4cc1d4352aa3de5d80c5060b1cc50966b3b7e4a5e6
Opcode Fuzzy Hash: f459b38d7c5b33e7f86d2db0b79e6ceb34dea21c53c7edcacd872b4e217cfe39
Instruction Fuzzy Hash: 0B2158F3F5122047F3584879DC683666583A7D9324F3F82398A5D9BBC9EC7D990A0284

Function 00C3B08B Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ffaade217fd342e1fb99e3e0c711496edb9f46e315bfe1d259b8f17361d55a
Instruction ID: 55e00287d3be796d4a5d70d1c236622fd8e70c4788df6fb19c9123deb7cfa425
Opcode Fuzzy Hash: 12ffaade217fd342e1fb99e3e0c711496edb9f46e315bfe1d259b8f17361d55a
Instruction Fuzzy Hash: AC2179B3F202214BF3540879CD493526583E7C5324F2F82398E5CABBC9D8BE9E4A5284

Function 00C1E6D6 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3127d97658ac342e103411593ba853fbde761ced35588f341d1c31769b8ef0b6
Instruction ID: 03494a75d7c8f1f7340a34d3adfeac861d3f782b3878f97ff6f77ae1d782bc37
Opcode Fuzzy Hash: 3127d97658ac342e103411593ba853fbde761ced35588f341d1c31769b8ef0b6
Instruction Fuzzy Hash: 4A2156F3F511210BF7488836CD6A37665839BD5324F2B82398F4DA76C9ECBE4C0A1284

Function 00C0C50F Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 994a0208dda383fea44cdddd1896cf4924ee59a5f3ce8cfb18e345f50a41e7d0
Instruction ID: 2cb736032bd72a31b5348d810604614c6fb38c8afe537ed35e5b97e523a43e5d
Opcode Fuzzy Hash: 994a0208dda383fea44cdddd1896cf4924ee59a5f3ce8cfb18e345f50a41e7d0
Instruction Fuzzy Hash: B021AFF7F6162143F7688C78CC94362A58297A4310F2F823D8F59A77C2D87E8C014284

Function 00CCA055 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34903e62923d8d7f0aed8e314c608be7355191f765680065a7b225053edd7596
Instruction ID: 851827122b9c249e15704ae003efc7897580de8b880292de3f7449ebcebaec14
Opcode Fuzzy Hash: 34903e62923d8d7f0aed8e314c608be7355191f765680065a7b225053edd7596
Instruction Fuzzy Hash: 7D2159F3F4023147F3604969CCA4362A1829BA6324F2F42B98E5D7B7D9D87E4D0A62C5

Function 00C26690 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 100cbf564929cdd5e6c2dc13c59d5262d406be425e7754eee79859047b59c044
Instruction ID: 34fe9eaa5b2982e9b62584833129dcd2bcca1ae1da17328f0dd85183924ff8ea
Opcode Fuzzy Hash: 100cbf564929cdd5e6c2dc13c59d5262d406be425e7754eee79859047b59c044
Instruction Fuzzy Hash: 21219DB3F111204BF384893ACD693623643EBD5710F2B82788A889BBC9DD7D590A9384

Function 00CF41BB Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19f9f20e22954439c28f4f3faad5ed87906930735e8d1b67dbd11759cb5224e2
Instruction ID: ea1bc446a201d3b642e9f99dda6d6459c46cc04890e18fab528361953fcf74e8
Opcode Fuzzy Hash: 19f9f20e22954439c28f4f3faad5ed87906930735e8d1b67dbd11759cb5224e2
Instruction Fuzzy Hash: 1C214AF3F5161547F3188839CD6936665839BD5320F3F83398B699BBC8EC3E59064244

Function 00D0436D Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 026e91cbd38537548d55152e0685fe5373a01718a0b08213a04c3fc401086a4a
Instruction ID: bbe34528bcf41fcbc33d57807877cfc3ed9025c59f9271ad65e143e318b70573
Opcode Fuzzy Hash: 026e91cbd38537548d55152e0685fe5373a01718a0b08213a04c3fc401086a4a
Instruction Fuzzy Hash: 1F213AF7F016204BF3488839CD193666683DBE5311F2B81398F49ABBC9DC7D9D0A5284

Function 00BD4376 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52009b250acd26675384ff7076fafd259b3d2b77dd4338a7efd15eaff0cfb787
Instruction ID: 48170b6c982a5d0b07ee168d61afd98cf2cf344a0b64406a405f0c8103b71516
Opcode Fuzzy Hash: 52009b250acd26675384ff7076fafd259b3d2b77dd4338a7efd15eaff0cfb787
Instruction Fuzzy Hash: FF213DF7F616210BF35848B9DD983626583ABD5314F2F82398F58A77C9E8BD0D094184

Function 00D955BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32(00775174,00004020,00000000,-11715FEC), ref: 00D956A9

Strings

@, xrefs: 00D955E8

Memory Dump Source

Source File: 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1962999941.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000BBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E56000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963053544.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963294537.0000000000E67000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963418660.0000000001010000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1963436834.0000000001012000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2726393805
Opcode ID: a3c04023aacd8221efe287ffba0a8731a0d491b5b7d6261a0a1cff816c4211ea
Instruction ID: 49413d627be12ecbb8a9d8d0684fe3ad65cacd4e9d10ebc1a85c2ded4bce7c3f
Opcode Fuzzy Hash: a3c04023aacd8221efe287ffba0a8731a0d491b5b7d6261a0a1cff816c4211ea
Instruction Fuzzy Hash: F331AD76504706EFDF269F44D844B8EBBB0FF08300F408629E95667660C3B0EAA5CFA0

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: file.exePID: 7324, Parent PID: 2580

General

Chronological Activities

Disassembly

Analysis Process: file.exePID: 7324, Parent PID: 2580COMMON

Execution Graph

Graph

Windows Analysis Report
file.exe

Function 00D9E13C Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Function 00D92A3B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Function 00D92F41 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Function 00D9589B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Function 00D9191B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Function 00D9302A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Function 00D95AB7 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Function 00D95423 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Function 00D9EB68 Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Function 00D93AA2 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Function 00D932BE Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Function 00D9E8B5 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 04D40D43 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON