Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1533035
MD5:	b98ffed8586d28233c812bd2e9c4f1f2
SHA1:	7198dfb80f47bb34c9f74a54454478dfc8cab2f8
SHA256:	d32cabe55f2ab4e97c167d948a9999e0a8f5ef3c49f9c3005240669e11a5cd75
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 1684 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B98FFED8586D28233C812BD2E9C4F1F2)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 55%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BEF324 CryptVerifySignatureA,

0_2_00BEF324

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2118475854.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6	0_2_00ADF0A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B050BB	0_2_00B050BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6F0BA	0_2_00B6F0BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2E0A4	0_2_00B2E0A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1	0_2_00B8B0A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A930B3	0_2_00A930B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB308E	0_2_00AB308E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3308F	0_2_00A3308F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2909D	0_2_00B2909D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B59085	0_2_00B59085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B72082	0_2_00B72082
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE8098	0_2_00AE8098
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3809F	0_2_00A3809F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD3090	0_2_00AD3090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0A0F0	0_2_00B0A0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5E0EC	0_2_00A5E0EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B580E6	0_2_00B580E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC0F9	0_2_00ADC0F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B420E3	0_2_00B420E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A460FE	0_2_00A460FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6B0E9	0_2_00B6B0E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2B0DF	0_2_00B2B0DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B550DB	0_2_00B550DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA60C5	0_2_00AA60C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A870DD	0_2_00A870DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B860CF	0_2_00B860CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2F0DE	0_2_00A2F0DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4E020	0_2_00A4E020
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A57021	0_2_00A57021
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1E034	0_2_00B1E034
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC102A	0_2_00AC102A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A99024	0_2_00A99024
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92027	0_2_00A92027
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C022	0_2_00B4C022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C033	0_2_00A9C033
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A89033	0_2_00A89033
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B53029	0_2_00B53029
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A70039	0_2_00A70039
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F009	0_2_00A9F009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2E001	0_2_00A2E001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACA008	0_2_00ACA008
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3201D	0_2_00B3201D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0101F	0_2_00B0101F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A37011	0_2_00A37011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A23011	0_2_00A23011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFC01B	0_2_00AFC01B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B36009	0_2_00B36009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A52018	0_2_00A52018
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9006A	0_2_00A9006A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3C077	0_2_00B3C077
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8062	0_2_00AB8062
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE5079	0_2_00AE5079
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B79069	0_2_00B79069
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2107C	0_2_00A2107C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A36041	0_2_00A36041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF104A	0_2_00AF104A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE2044	0_2_00AE2044
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B39059	0_2_00B39059
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6004A	0_2_00A6004A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A47049	0_2_00A47049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4305A	0_2_00B4305A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1A053	0_2_00A1A053
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE305D	0_2_00AE305D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABD05E	0_2_00ABD05E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE705B	0_2_00AE705B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6C1B2	0_2_00B6C1B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAC1AF	0_2_00AAC1AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7A1BD	0_2_00B7A1BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A421AF	0_2_00A421AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B331B8	0_2_00B331B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6E1BA	0_2_00A6E1BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA1B6	0_2_00ABA1B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA418A	0_2_00AA418A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A72186	0_2_00A72186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFE18C	0_2_00AFE18C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14195	0_2_00B14195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A40181	0_2_00A40181
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3B195	0_2_00B3B195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2619A	0_2_00B2619A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF9183	0_2_00AF9183
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B18184	0_2_00B18184
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A43192	0_2_00A43192
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9D195	0_2_00A9D195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE1190	0_2_00AE1190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9E1EB	0_2_00A9E1EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B611FB	0_2_00B611FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABB1E4	0_2_00ABB1E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B171E5	0_2_00B171E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA51FC	0_2_00AA51FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5F1F9	0_2_00A5F1F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADD1CB	0_2_00ADD1CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6E1D0	0_2_00B6E1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B061DC	0_2_00B061DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B161C1	0_2_00B161C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B491C4	0_2_00B491C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A851DC	0_2_00A851DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68136	0_2_00B68136
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB7128	0_2_00AB7128
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4F122	0_2_00A4F122
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4B132	0_2_00A4B132
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8131	0_2_00AF8131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8E10C	0_2_00A8E10C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6B100	0_2_00A6B100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7E10E	0_2_00A7E10E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0104	0_2_00AD0104
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D103	0_2_00A8D103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD111A	0_2_00AD111A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6811C	0_2_00A6811C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3710F	0_2_00B3710F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6D176	0_2_00B6D176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B22175	0_2_00B22175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAB162	0_2_00AAB162
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AED167	0_2_00AED167
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4717E	0_2_00B4717E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADB161	0_2_00ADB161
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8163	0_2_00AC8163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6A172	0_2_00A6A172
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1A166	0_2_00B1A166
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A18179	0_2_00A18179
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8C171	0_2_00A8C171
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3A16D	0_2_00B3A16D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAA148	0_2_00AAA148
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7914D	0_2_00A7914D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A20149	0_2_00A20149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABF147	0_2_00ABF147
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEA158	0_2_00AEA158
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5F142	0_2_00B5F142
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC7155	0_2_00AC7155
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4A14D	0_2_00B4A14D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A98153	0_2_00A98153
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A302A2	0_2_00A302A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4B2B7	0_2_00B4B2B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9A2BA	0_2_00A9A2BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACC2BA	0_2_00ACC2BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2D2B5	0_2_00A2D2B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5E2AC	0_2_00B5E2AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A56287	0_2_00A56287
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A71293	0_2_00A71293
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B15288	0_2_00B15288
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96294	0_2_00A96294
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A452E7	0_2_00A452E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB02E8	0_2_00AB02E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A392E6	0_2_00A392E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3F2E5	0_2_00A3F2E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B122F7	0_2_00B122F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B252F8	0_2_00B252F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A402E8	0_2_00A402E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B442E0	0_2_00B442E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B702E1	0_2_00B702E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B092E7	0_2_00B092E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1F2F9	0_2_00A1F2F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2F2E8	0_2_00B2F2E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A372FC	0_2_00A372FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6A2D4	0_2_00B6A2D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A492C2	0_2_00A492C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A552CD	0_2_00A552CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC92DB	0_2_00AC92DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3D220	0_2_00A3D220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8228	0_2_00AD8228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B51233	0_2_00B51233
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5A23C	0_2_00B5A23C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA225	0_2_00AFA225
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0B23B	0_2_00B0B23B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B07222	0_2_00B07222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA9233	0_2_00AA9233
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4822F	0_2_00B4822F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4A239	0_2_00A4A239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB220A	0_2_00AB220A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB920A	0_2_00AB920A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD320B	0_2_00AD320B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A75208	0_2_00A75208
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2A212	0_2_00A2A212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACB21F	0_2_00ACB21F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A41212	0_2_00A41212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8821E	0_2_00A8821E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFB266	0_2_00AFB266
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A26269	0_2_00A26269
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A53274	0_2_00A53274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A67277	0_2_00A67277
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B54267	0_2_00B54267
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFF275	0_2_00AFF275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7927B	0_2_00A7927B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8124B	0_2_00A8124B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5D24C	0_2_00A5D24C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7C248	0_2_00A7C248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8D253	0_2_00A8D253
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A803AB	0_2_00A803AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF3A4	0_2_00ACF3A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7F3B9	0_2_00B7F3B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEB3BD	0_2_00AEB3BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5A3B3	0_2_00A5A3B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A823B2	0_2_00A823B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A193BA	0_2_00A193BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0E396	0_2_00B0E396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B60390	0_2_00B60390
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A38384	0_2_00A38384
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5238E	0_2_00A5238E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6938A	0_2_00A6938A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1639C	0_2_00B1639C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A99387	0_2_00A99387
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A66392	0_2_00A66392
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A36398	0_2_00A36398
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC5397	0_2_00AC5397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4D389	0_2_00B4D389
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2E3EB	0_2_00A2E3EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC13E2	0_2_00AC13E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B713E3	0_2_00B713E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2E3E9	0_2_00B2E3E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABD3F6	0_2_00ABD3F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B623D6	0_2_00B623D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABB3C6	0_2_00ABB3C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD53DD	0_2_00AD53DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAD329	0_2_00AAD329
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B49331	0_2_00B49331
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD230F	0_2_00AD230F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF3301	0_2_00AF3301
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4E317	0_2_00A4E317
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68300	0_2_00B68300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF6317	0_2_00AF6317
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1930B	0_2_00B1930B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE9315	0_2_00AE9315
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2730E	0_2_00B2730E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAF36A	0_2_00AAF36A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2368	0_2_00AB2368
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66375	0_2_00B66375
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6236C	0_2_00A6236C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEC37D	0_2_00AEC37D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0F368	0_2_00B0F368
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A44348	0_2_00A44348
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6D352	0_2_00A6D352
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8E35C	0_2_00A8E35C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5634A	0_2_00B5634A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF84AD	0_2_00AF84AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAE4AC	0_2_00AAE4AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6E4BC	0_2_00B6E4BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C4BB	0_2_00B4C4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC24B8	0_2_00AC24B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACB4B6	0_2_00ACB4B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD64B1	0_2_00AD64B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A704BA	0_2_00A704BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E492	0_2_00B4E492
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A90481	0_2_00A90481
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5848A	0_2_00A5848A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4F484	0_2_00B4F484
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B57488	0_2_00B57488
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB1495	0_2_00AB1495
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B214F3	0_2_00B214F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A994EA	0_2_00A994EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A564E0	0_2_00A564E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A614E0	0_2_00A614E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B204F4	0_2_00B204F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B354FF	0_2_00B354FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3E4EE	0_2_00A3E4EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6D4E8	0_2_00A6D4E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACA4FC	0_2_00ACA4FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B584E1	0_2_00B584E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA74C9	0_2_00AA74C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8A4D5	0_2_00B8A4D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1E4DE	0_2_00B1E4DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B044C1	0_2_00B044C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF44DB	0_2_00AF44DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A514D3	0_2_00A514D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2B432	0_2_00B2B432
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A86429	0_2_00A86429
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFF42D	0_2_00AFF42D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C424	0_2_00A9C424
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2D43F	0_2_00B2D43F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A22430	0_2_00A22430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B01424	0_2_00B01424
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68416	0_2_00B68416
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2A40A	0_2_00B2A40A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2C419	0_2_00A2C419
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC0410	0_2_00AC0410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7340B	0_2_00B7340B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFC46D	0_2_00AFC46D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4D461	0_2_00A4D461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4B46C	0_2_00A4B46C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8A460	0_2_00A8A460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB547A	0_2_00AB547A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B13460	0_2_00B13460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0A465	0_2_00B0A465
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A97471	0_2_00A97471
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2846A	0_2_00B2846A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE2477	0_2_00AE2477
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6A44E	0_2_00A6A44E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6145F	0_2_00B6145F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F442	0_2_00A9F442
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE7445	0_2_00AE7445
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2445D	0_2_00B2445D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA445B	0_2_00AA445B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEF459	0_2_00AEF459
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABF451	0_2_00ABF451
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5944E	0_2_00B5944E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3644E	0_2_00B3644E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE1450	0_2_00AE1450
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A565A6	0_2_00A565A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A495A1	0_2_00A495A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7E5AC	0_2_00A7E5AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5B5B1	0_2_00A5B5B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC95B8	0_2_00AC95B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADB5B8	0_2_00ADB5B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A645BE	0_2_00A645BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1B5BA	0_2_00A1B5BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B08591	0_2_00B08591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5B596	0_2_00B5B596
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E596	0_2_00B3E596
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6B593	0_2_00B6B593
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14596	0_2_00B14596
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3A59B	0_2_00B3A59B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADD586	0_2_00ADD586
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC7582	0_2_00AC7582
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7B59C	0_2_00A7B59C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF0591	0_2_00AF0591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A245E0	0_2_00A245E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A225E1	0_2_00A225E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B235F7	0_2_00B235F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A315E8	0_2_00A315E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF5E1	0_2_00ADF5E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA95E7	0_2_00AA95E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA25FA	0_2_00AA25FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD35FC	0_2_00AD35FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B445ED	0_2_00B445ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3D5D2	0_2_00B3D5D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1C5C6	0_2_00A1C5C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA85CD	0_2_00AA85CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5F5DF	0_2_00B5F5DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A725DF	0_2_00A725DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7C5D9	0_2_00A7C5D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B465CA	0_2_00B465CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0D533	0_2_00B0D533
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE5528	0_2_00AE5528
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA3523	0_2_00AA3523
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE53E	0_2_00AEE53E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF750C	0_2_00AF750C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B15515	0_2_00B15515
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B41512	0_2_00B41512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8C50F	0_2_00A8C50F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE0507	0_2_00AE0507
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAB500	0_2_00AAB500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5A51B	0_2_00B5A51B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4A50B	0_2_00A4A50B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1A514	0_2_00A1A514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4950F	0_2_00B4950F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2650C	0_2_00B2650C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5E574	0_2_00B5E574
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB956F	0_2_00AB956F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE856B	0_2_00AE856B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8956F	0_2_00A8956F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4757C	0_2_00B4757C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B09579	0_2_00B09579
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6A573	0_2_00A6A573
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B51560	0_2_00B51560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB7577	0_2_00AB7577
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2256F	0_2_00B2256F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC54E	0_2_00ADC54E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF154A	0_2_00AF154A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB055C	0_2_00AB055C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0C54A	0_2_00B0C54A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1A54E	0_2_00B1A54E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A816AC	0_2_00A816AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3B6AB	0_2_00A3B6AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACD6BC	0_2_00ACD6BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A786B0	0_2_00A786B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52691	0_2_00B52691
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABD68C	0_2_00ABD68C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1F69D	0_2_00B1F69D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7F696	0_2_00A7F696
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B38680	0_2_00B38680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA569F	0_2_00AA569F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A17699	0_2_00A17699
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4569F	0_2_00A4569F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB46EB	0_2_00AB46EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B486F2	0_2_00B486F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A396EB	0_2_00A396EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A886E2	0_2_00A886E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A946E3	0_2_00A946E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6B6EA	0_2_00A6B6EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC86E3	0_2_00AC86E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4B6E0	0_2_00B4B6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA6F9	0_2_00AFA6F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A566F8	0_2_00A566F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A976F6	0_2_00A976F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A186C0	0_2_00A186C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A166C4	0_2_00A166C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B546DD	0_2_00B546DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B066D9	0_2_00B066D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF96D4	0_2_00AF96D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9A6D4	0_2_00A9A6D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B04638	0_2_00B04638
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0B63C	0_2_00B0B63C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA6639	0_2_00AA6639
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1E603	0_2_00A1E603
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8608	0_2_00AB8608
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1E616	0_2_00B1E616
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A54608	0_2_00A54608
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9E606	0_2_00A9E606
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5F617	0_2_00A5F617
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9B61D	0_2_00A9B61D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8B611	0_2_00A8B611
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5361B	0_2_00A5361B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8E67E	0_2_00B8E67E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4E674	0_2_00A4E674
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6E671	0_2_00A6E671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0A669	0_2_00B0A669
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2B67E	0_2_00A2B67E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACE64D	0_2_00ACE64D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B70646	0_2_00B70646
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9565C	0_2_00A9565C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE9655	0_2_00AE9655
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E7B7	0_2_00B4E7B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A717A3	0_2_00A717A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8E7A0	0_2_00A8E7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC37A5	0_2_00AC37A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE67A7	0_2_00AE67A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A377AE	0_2_00A377AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B177AC	0_2_00B177AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B007AE	0_2_00B007AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADA78D	0_2_00ADA78D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B23793	0_2_00B23793
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B27790	0_2_00B27790
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4278D	0_2_00A4278D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1978C	0_2_00B1978C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFF7EE	0_2_00AFF7EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B647F5	0_2_00B647F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1D7E5	0_2_00A1D7E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9B7E0	0_2_00A9B7E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B187FD	0_2_00B187FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4D7E9	0_2_00A4D7E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A4B7F5	0_2_00A4B7F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC17FD	0_2_00AC17FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF27CC	0_2_00AF27CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3E7C7	0_2_00A3E7C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A267CB	0_2_00A267CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2D7CE	0_2_00A2D7CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A737CA	0_2_00A737CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF47C2	0_2_00AF47C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B317CB	0_2_00B317CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B627CC	0_2_00B627CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE07D5	0_2_00AE07D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3D7DC	0_2_00A3D7DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD2729	0_2_00AD2729
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF3728	0_2_00AF3728
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9673F	0_2_00A9673F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7673E	0_2_00A7673E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3472A	0_2_00B3472A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2C713	0_2_00B2C713
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC670E	0_2_00AC670E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2F710	0_2_00B2F710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A29701	0_2_00A29701
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7771F	0_2_00A7771F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0768	0_2_00AA0768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8B778	0_2_00A8B778
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFD77F	0_2_00AFD77F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B37760	0_2_00B37760
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A50770	0_2_00A50770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE1774	0_2_00AE1774
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0E76F	0_2_00B0E76F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A66746	0_2_00A66746
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A82748	0_2_00A82748
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B60755	0_2_00B60755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B71754	0_2_00B71754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE741	0_2_00ABE741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A32748	0_2_00A32748
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C751	0_2_00A9C751
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6475D	0_2_00A6475D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A86753	0_2_00A86753
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A2E8B7	0_2_00A2E8B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2B8AB	0_2_00B2B8AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B308AC	0_2_00B308AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4889	0_2_00AC4889
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A7988E	0_2_00A7988E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A3F89F	0_2_00A3F89F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA48EC	0_2_00AA48EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9F8E1	0_2_00A9F8E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A558EA	0_2_00A558EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8A8F9	0_2_00A8A8F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B428E6	0_2_00B428E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5E8FA	0_2_00A5E8FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACE8F3	0_2_00ACE8F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A1A8C0	0_2_00A1A8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD48CF	0_2_00AD48CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A198C5	0_2_00A198C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A728CE	0_2_00A728CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A348CC	0_2_00A348CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A448D7	0_2_00A448D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B408C0	0_2_00B408C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2E8C4	0_2_00B2E8C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A218D5	0_2_00A218D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A708D9	0_2_00A708D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B348CD	0_2_00B348CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5D830	0_2_00B5D830
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B07838	0_2_00B07838
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A6382B	0_2_00A6382B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB383E	0_2_00AB383E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3C82A	0_2_00B3C82A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A5783E	0_2_00A5783E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC580D	0_2_00AC580D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6E814	0_2_00B6E814
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD9809	0_2_00AD9809
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8880F	0_2_00A8880F

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00BEA319 appears 35 times

Source: file.exe, 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2251545737.000000000090E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: emyaprgj ZLIB complexity 0.9950791321784354

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

Virustotal: Detection: 55%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 1772544 > 1048576

Source: file.exe

Static PE information: Raw size of emyaprgj is bigger than: 0x100000 < 0x1aaa00

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.a00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;emyaprgj:EW;wiqpbsfr:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1bd03e should be: 0x1bc0a3

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: emyaprgj
Source: file.exe	Static PE information: section name: wiqpbsfr
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A11990 push ecx; mov dword ptr [esp], esi	0_2_00A119A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A0EF70 push ebx; mov dword ptr [esp], eax	0_2_00A0F5F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A130AA push edi; mov dword ptr [esp], 76FB0B29h	0_2_00A1323A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push edx; mov dword ptr [esp], ebp	0_2_00ADF396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push 2D0BD9D1h; mov dword ptr [esp], eax	0_2_00ADF3A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push edx; mov dword ptr [esp], edi	0_2_00ADF3BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push 183A62E3h; mov dword ptr [esp], esi	0_2_00ADF416
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push edi; mov dword ptr [esp], esp	0_2_00ADF422
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push 3B3FAE03h; mov dword ptr [esp], eax	0_2_00ADF433
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push edx; mov dword ptr [esp], edi	0_2_00ADF453
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push edx; mov dword ptr [esp], ecx	0_2_00ADF498
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push edi; mov dword ptr [esp], 6F616185h	0_2_00ADF547
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push 46AB80ABh; mov dword ptr [esp], ebx	0_2_00ADF584
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADF0A6 push eax; mov dword ptr [esp], 161E7B7Eh	0_2_00ADF58E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C810DF push 09F50D33h; mov dword ptr [esp], eax	0_2_00C81145
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push ebx; mov dword ptr [esp], esp	0_2_00B8B0D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push edi; mov dword ptr [esp], 69BAA2A4h	0_2_00B8B221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push ebp; mov dword ptr [esp], ecx	0_2_00B8B23C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push 463F73FDh; mov dword ptr [esp], eax	0_2_00B8B349
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push eax; mov dword ptr [esp], 16F07912h	0_2_00B8B3B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push edx; mov dword ptr [esp], 68DFB461h	0_2_00B8B3D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push 20507DB7h; mov dword ptr [esp], ebx	0_2_00B8B4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push ebp; mov dword ptr [esp], 70C92EC3h	0_2_00B8B536
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push 651C62C2h; mov dword ptr [esp], ebx	0_2_00B8B58D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push edi; mov dword ptr [esp], 3BFE5100h	0_2_00B8B59C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push esi; mov dword ptr [esp], eax	0_2_00B8B62B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push esi; mov dword ptr [esp], 7ADFF6FBh	0_2_00B8B630
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push ebx; mov dword ptr [esp], ebp	0_2_00B8B69B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push ebp; mov dword ptr [esp], edx	0_2_00B8B69F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push ebp; mov dword ptr [esp], ecx	0_2_00B8B6D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8B0A1 push 46479BD8h; mov dword ptr [esp], ebx	0_2_00B8B78A

Source: file.exe	Static PE information: section name: entropy: 7.7321523141435
Source: file.exe	Static PE information: section name: emyaprgj entropy: 7.954214251652952

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A0E2D2 second address: A0E2F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C3552Dh 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD698C3552Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85BCE second address: B85BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85BD4 second address: B85BD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85BD8 second address: B85BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD698C2C8E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FD698C2C8ECh 0x00000015 jng 00007FD698C2C8E6h 0x0000001b popad 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85BFE second address: B85C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85C05 second address: B85C19 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD698C2C8EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B85C19 second address: B85C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C35532h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B93152 second address: B93157 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B932E6 second address: B932EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B932EE second address: B932F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B932F7 second address: B932FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B932FB second address: B9331A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96B15 second address: B96B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96B19 second address: B96B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96B1F second address: B96BBE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 65B43700h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FD698C35528h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 push 00000003h 0x0000002b cld 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebp 0x00000031 call 00007FD698C35528h 0x00000036 pop ebp 0x00000037 mov dword ptr [esp+04h], ebp 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc ebp 0x00000044 push ebp 0x00000045 ret 0x00000046 pop ebp 0x00000047 ret 0x00000048 mov ecx, 221485F7h 0x0000004d push 00000003h 0x0000004f je 00007FD698C35528h 0x00000055 mov edi, edx 0x00000057 call 00007FD698C35529h 0x0000005c jmp 00007FD698C35530h 0x00000061 push eax 0x00000062 jmp 00007FD698C35530h 0x00000067 mov eax, dword ptr [esp+04h] 0x0000006b pushad 0x0000006c pushad 0x0000006d jnc 00007FD698C35526h 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96BBE second address: B96C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FD698C2C8ECh 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007FD698C2C8EBh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 jmp 00007FD698C2C8F6h 0x0000001d jg 00007FD698C2C8ECh 0x00000023 popad 0x00000024 pop eax 0x00000025 mov si, bx 0x00000028 mov cx, 32C0h 0x0000002c lea ebx, dword ptr [ebp+1245C8C7h] 0x00000032 mov di, dx 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b pushad 0x0000003c popad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96C1F second address: B96C24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96C24 second address: B96C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD698C2C8E6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD698C2C8EDh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96C41 second address: B96C47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B96D0F second address: B96D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD698C2C8E6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD698C2C8F5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB577E second address: BB5784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5784 second address: BB57A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push edx 0x00000007 jmp 00007FD698C2C8F7h 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB58D2 second address: BB58DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD698C35526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB58DC second address: BB58E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB58E0 second address: BB58F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD698C3552Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5A25 second address: BB5A49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FD698C2C8FAh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5B97 second address: BB5BAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD698C35532h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5E3A second address: BB5E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8AC6E second address: B8AC76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6DD2 second address: BB6DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB6DD9 second address: BB6DE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBAEC4 second address: BBAEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBB0CB second address: BBB0D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBB0D1 second address: BBB0D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBD243 second address: BBD25A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007FD698C35526h 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7EF2A second address: B7EF37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FD698C2C8E6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC2215 second address: BC2275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD698C3552Ah 0x0000000c jmp 00007FD698C35539h 0x00000011 push eax 0x00000012 jmp 00007FD698C35537h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pop eax 0x0000001a popad 0x0000001b push edi 0x0000001c push edi 0x0000001d pushad 0x0000001e popad 0x0000001f pop edi 0x00000020 pushad 0x00000021 jmp 00007FD698C35533h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC17EA second address: BC17FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD698C2C8EBh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC17FE second address: BC1804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC1804 second address: BC1808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC1808 second address: BC1816 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC1816 second address: BC183B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FD698C2C8F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC183B second address: BC1853 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD698C35526h 0x00000008 ja 00007FD698C35526h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jl 00007FD698C35528h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC1853 second address: BC185F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jbe 00007FD698C2C8E6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC1964 second address: BC19AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD698C35526h 0x0000000a jmp 00007FD698C35538h 0x0000000f popad 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007FD698C3552Ch 0x00000019 push esi 0x0000001a jmp 00007FD698C35532h 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC19AA second address: BC19B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8AC56 second address: B8AC5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B8AC5A second address: B8AC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jl 00007FD698C2C8E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC3837 second address: BC385F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Bh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FD698C35531h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC385F second address: BC3879 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD698C2C8EAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FD698C2C8EEh 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4E3D second address: BC4E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FD698C3552Ch 0x00000012 jng 00007FD698C35526h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC4E55 second address: BC4E5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC5930 second address: BC5934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC5934 second address: BC5938 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC5A4C second address: BC5A56 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD698C3552Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC5F76 second address: BC5FA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD698C2C8F0h 0x00000008 jmp 00007FD698C2C8F0h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 je 00007FD698C2C8E6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC5FA7 second address: BC5FB1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6DA1 second address: BC6DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC6DA5 second address: BC6DAB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC806E second address: BC8091 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FD698C2C8E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC8AD5 second address: BC8B34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007FD698C35528h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov edi, esi 0x00000028 jmp 00007FD698C35536h 0x0000002d push 00000000h 0x0000002f jmp 00007FD698C3552Ah 0x00000034 push 00000000h 0x00000036 xchg eax, ebx 0x00000037 pushad 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC92C9 second address: BC92CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC92CD second address: BC92D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCA013 second address: BCA067 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FD698C2C8E8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007FD698C2C8E8h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 00000017h 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e mov edi, dword ptr [ebp+122D2A58h] 0x00000044 push 00000000h 0x00000046 xchg eax, ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 push esi 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC92D3 second address: BC92DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD698C35526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCA067 second address: BCA06C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCA06C second address: BCA089 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FD698C35531h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCAB1D second address: BCABC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007FD698C2C8E8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 sbb si, 5771h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007FD698C2C8E8h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 0000001Ch 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 jnl 00007FD698C2C8ECh 0x0000004d xchg eax, ebx 0x0000004e push eax 0x0000004f pushad 0x00000050 jmp 00007FD698C2C8F2h 0x00000055 jmp 00007FD698C2C8F5h 0x0000005a popad 0x0000005b pop eax 0x0000005c push eax 0x0000005d jc 00007FD698C2C8EEh 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB6DB second address: BCB6DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB46E second address: BCB473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCB473 second address: BCB478 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCEE16 second address: BCEE1C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0DC8 second address: BD0E29 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007FD698C35528h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push ecx 0x00000029 call 00007FD698C35528h 0x0000002e pop ecx 0x0000002f mov dword ptr [esp+04h], ecx 0x00000033 add dword ptr [esp+04h], 00000014h 0x0000003b inc ecx 0x0000003c push ecx 0x0000003d ret 0x0000003e pop ecx 0x0000003f ret 0x00000040 push 00000000h 0x00000042 mov ebx, 34D6ADBEh 0x00000047 push eax 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007FD698C3552Ch 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD1DA7 second address: BD1DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD2D82 second address: BD2D86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD2D86 second address: BD2D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD3D43 second address: BD3D4D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD698C3552Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD3D4D second address: BD3DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FD698C2C8E8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 sub bh, 00000050h 0x00000026 call 00007FD698C2C8ECh 0x0000002b mov ebx, 6782084Ah 0x00000030 pop edi 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 cld 0x00000036 jmp 00007FD698C2C8EBh 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 pushad 0x00000041 popad 0x00000042 popad 0x00000043 push eax 0x00000044 push edx 0x00000045 jbe 00007FD698C2C8E6h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD5BFC second address: BD5C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD5C00 second address: BD5C0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FD698C2C8E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6B7D second address: BD6B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6B81 second address: BD6B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8DD2 second address: BD8E63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C35536h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FD698C35528h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov edi, 5B8AFD14h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007FD698C35528h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000016h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 mov edi, dword ptr [ebp+122D18ACh] 0x0000004f xchg eax, esi 0x00000050 pushad 0x00000051 pushad 0x00000052 jc 00007FD698C35526h 0x00000058 push edi 0x00000059 pop edi 0x0000005a popad 0x0000005b jmp 00007FD698C35530h 0x00000060 popad 0x00000061 push eax 0x00000062 push ecx 0x00000063 push eax 0x00000064 push edx 0x00000065 push ebx 0x00000066 pop ebx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB550 second address: BDB554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6CC8 second address: BD6CD2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD698C3552Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD905A second address: BD9064 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD698C2C8E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB554 second address: BDB56C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C35534h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD9064 second address: BD906A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB56C second address: BDB572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB572 second address: BDB576 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB576 second address: BDB5D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FD698C35528h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov di, dx 0x00000026 push 00000000h 0x00000028 add dword ptr [ebp+122D19DEh], ecx 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007FD698C35528h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 0000001Ch 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a or bx, 617Bh 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB5D9 second address: BDB5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDB5DD second address: BDB5E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD87B second address: BDD895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD698C2C8F6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE078E second address: BE079D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jns 00007FD698C35526h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE079D second address: BE07BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE07BC second address: BE07CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FD698C3552Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE07CD second address: BE07D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE07D1 second address: BE07E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD698C35531h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE07E6 second address: BE07EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0D6C second address: BE0DD0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007FD698C35528h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007FD698C35528h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 mov ebx, edx 0x00000046 push 00000000h 0x00000048 ja 00007FD698C3552Ch 0x0000004e xchg eax, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jl 00007FD698C35526h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0DD0 second address: BE0DD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0DD6 second address: BE0DE0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD698C3552Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0DE0 second address: BE0DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0DEC second address: BE0DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0DF0 second address: BE0DFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0DFA second address: BE0DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE0DFE second address: BE0E02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE100E second address: BE1014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8626 second address: BE862C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE862C second address: BE8630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA26F second address: BFA273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA273 second address: BFA279 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA30D second address: BFA369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD698C2C8E6h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FD698C2C8F9h 0x00000016 popad 0x00000017 pop edx 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c pushad 0x0000001d jc 00007FD698C2C8ECh 0x00000023 jmp 00007FD698C2C8F2h 0x00000028 popad 0x00000029 mov eax, dword ptr [eax] 0x0000002b push eax 0x0000002c push edx 0x0000002d je 00007FD698C2C8ECh 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA369 second address: BFA36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA43D second address: BFA443 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA443 second address: BFA448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA4D6 second address: BFA512 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD698C2C8ECh 0x00000008 ja 00007FD698C2C8E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jns 00007FD698C2C8F6h 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD698C2C8ECh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA512 second address: BFA51C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC58A second address: BFC58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC58E second address: BFC5A4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD698C3552Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC5A4 second address: BFC5AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC5AC second address: BFC5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC5B0 second address: BFC5B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC5B4 second address: BFC602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD698C35526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FD698C35539h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a pushad 0x0000001b jmp 00007FD698C35539h 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC602 second address: BFC60B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC60B second address: BFC60F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B74B8F second address: B74B9B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD698C2C8EEh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B74B9B second address: B74BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD698C35530h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B74BB5 second address: B74BBB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B74BBB second address: B74BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007FD698C35526h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B74BCC second address: B74BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B74BD3 second address: B74BD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C014E8 second address: C014F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C014F1 second address: C014F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C014F5 second address: C01500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C002D6 second address: C002DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C002DA second address: C002EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnp 00007FD698C2C8E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C002EC second address: C002F2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C008A4 second address: C008B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD698C2C8ECh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C008B6 second address: C008DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Fh 0x00000007 push ecx 0x00000008 jmp 00007FD698C35533h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01074 second address: C01089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD698C2C8E6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01089 second address: C0108F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C011CE second address: C011E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD698C2C8EEh 0x0000000c jl 00007FD698C2C8E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C040AC second address: C040D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FD698C35526h 0x00000011 jmp 00007FD698C35533h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C040D7 second address: C040E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 jno 00007FD698C2C91Fh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C092D9 second address: C092E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C092E1 second address: C092E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCC87B second address: BCC8AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C35532h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d movsx esi, cx 0x00000010 mov ah, 3Bh 0x00000012 popad 0x00000013 lea eax, dword ptr [ebp+12492604h] 0x00000019 mov dword ptr [ebp+122D376Bh], esi 0x0000001f push eax 0x00000020 pushad 0x00000021 push ecx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCC8AC second address: BCC8B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCCCF0 second address: BCCCF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCCDA0 second address: BCCDA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCCDA4 second address: BCCDB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FD698C35526h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCD68B second address: BCD6A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD698C2C8F3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCD6A2 second address: BCD6EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007FD698C3552Fh 0x00000013 push 0000001Eh 0x00000015 mov dx, bx 0x00000018 push eax 0x00000019 jne 00007FD698C35558h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FD698C35536h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCD9A5 second address: BCDA27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD698C2C8F6h 0x0000000f nop 0x00000010 jmp 00007FD698C2C8F6h 0x00000015 lea eax, dword ptr [ebp+12492604h] 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007FD698C2C8E8h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov edx, dword ptr [ebp+122D214Ah] 0x0000003b sub dword ptr [ebp+122D2B62h], eax 0x00000041 or ecx, 65D2248Eh 0x00000047 push eax 0x00000048 pushad 0x00000049 jbe 00007FD698C2C8ECh 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCDA27 second address: BCDA2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCDA2F second address: BAA88B instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD698C2C8E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FD698C2C8E8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 call dword ptr [ebp+122D253Dh] 0x0000002e jmp 00007FD698C2C8F3h 0x00000033 push eax 0x00000034 pushad 0x00000035 push esi 0x00000036 pop esi 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BAA88B second address: BAA893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0861F second address: C08623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08787 second address: C08793 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08793 second address: C08797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08BDC second address: C08BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C35535h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08DA6 second address: C08DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08DAC second address: C08DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C08DB6 second address: C08DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DBD4 second address: C0DBDD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0DBDD second address: C0DC01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD698C2C8EEh 0x0000000e jmp 00007FD698C2C8EDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E4AE second address: C0E4B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E4B6 second address: C0E4D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E665 second address: C0E66B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E66B second address: C0E66F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E66F second address: C0E673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E994 second address: C0E99E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FD698C2C8E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C11F92 second address: C11FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 ja 00007FD698C3552Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C171D8 second address: C171DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C171DE second address: C171E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C171E5 second address: C171EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C174C8 second address: C174E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jne 00007FD698C35526h 0x0000000e pop edx 0x0000000f ja 00007FD698C3552Ah 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C174E8 second address: C174EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C174EC second address: C174F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jns 00007FD698C35526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C177DD second address: C177E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C17952 second address: C1796C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jp 00007FD698C35526h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C17C25 second address: C17C4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jne 00007FD698C2C8E6h 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C17E9C second address: C17EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C185EC second address: C18631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop ecx 0x00000009 jl 00007FD698C2C918h 0x0000000f jmp 00007FD698C2C8F9h 0x00000014 jmp 00007FD698C2C8F9h 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C16E9D second address: C16EAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FD698C35528h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BC0E second address: C1BC2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD698C2C8F7h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BC2E second address: C1BC34 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BC34 second address: C1BC40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FD698C2C8E6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BC40 second address: C1BC4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FD698C35526h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B8EF second address: C1B8F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C221D6 second address: C22203 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C35534h 0x00000007 jmp 00007FD698C35531h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22203 second address: C22218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C22218 second address: C22239 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007FD698C35534h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26E36 second address: C26E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD698C2C8E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26E40 second address: C26E4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FD698C35526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26E4C second address: C26E60 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD698C2C8E8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FD698C2C8E6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26FBC second address: C26FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26FC2 second address: C26FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop eax 0x0000000d jl 00007FD698C2C8E8h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C26FDB second address: C26FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C273EB second address: C27413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F4h 0x00000009 popad 0x0000000a pushad 0x0000000b jbe 00007FD698C2C8E6h 0x00000011 jnl 00007FD698C2C8E6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27413 second address: C2741D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2741D second address: C27426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27426 second address: C27430 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD698C35526h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27430 second address: C27448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FD698C2C8EEh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27448 second address: C2744C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2744C second address: C2745B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8EBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCD4AF second address: BCD4B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCD4B3 second address: BCD4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCD4B9 second address: BCD520 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD698C3552Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov cx, 292Ch 0x00000011 push 00000004h 0x00000013 mov ecx, dword ptr [ebp+122D3A25h] 0x00000019 mov cx, 136Ah 0x0000001d nop 0x0000001e pushad 0x0000001f jno 00007FD698C35532h 0x00000025 pushad 0x00000026 jmp 00007FD698C3552Ah 0x0000002b jmp 00007FD698C35538h 0x00000030 popad 0x00000031 popad 0x00000032 push eax 0x00000033 jng 00007FD698C35530h 0x00000039 push eax 0x0000003a push edx 0x0000003b push edx 0x0000003c pop edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2772F second address: C27733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27733 second address: C27739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C2D7 second address: C2C2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C2DB second address: C2C2E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C2E1 second address: C2C304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FD698C2C8E6h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FD698C2C8F1h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C304 second address: C2C327 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD698C3553Dh 0x00000008 jmp 00007FD698C35537h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2C327 second address: C2C33D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD698C2C8EBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BB5A second address: C2BB64 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BB64 second address: C2BB6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BB6A second address: C2BB81 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FD698C3552Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BCB7 second address: C2BCBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34711 second address: C34715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34715 second address: C34730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD698C2C8E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FD698C2C8ECh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C34730 second address: C34735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7D2C9 second address: B7D2D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B7D2D0 second address: B7D2D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C32F79 second address: C32F7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3354E second address: C33570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007FD698C35526h 0x0000000c jc 00007FD698C35526h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c jng 00007FD698C35526h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C33570 second address: C33576 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C33E3C second address: C33E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C33E40 second address: C33E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C377E2 second address: C377F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD698C35526h 0x0000000a push edx 0x0000000b pop edx 0x0000000c jnc 00007FD698C35526h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C377F9 second address: C377FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C377FD second address: C37812 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Fh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C379A5 second address: C379CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8EEh 0x00000009 pop ebx 0x0000000a jmp 00007FD698C2C8F4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C37CC2 second address: C37CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C37CC6 second address: C37D2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F9h 0x00000007 jo 00007FD698C2C8E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jbe 00007FD698C2C8E6h 0x00000016 jmp 00007FD698C2C8F5h 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007FD698C2C8F8h 0x00000025 jne 00007FD698C2C8E6h 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e push edi 0x0000002f pushad 0x00000030 popad 0x00000031 pop edi 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C37D2F second address: C37D34 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C37D34 second address: C37D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3812B second address: C3812F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38295 second address: C3829A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3D021 second address: C3D027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3D027 second address: C3D04C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD698C2C8F7h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43F87 second address: C43FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FD698C35535h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43FA8 second address: C43FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C43FAC second address: C43FCD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD698C35531h 0x0000000d jng 00007FD698C35532h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4412D second address: C44133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44133 second address: C44137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C442A2 second address: C442B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FD698C2C8E6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C442B3 second address: C442B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C442B7 second address: C442BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C442BD second address: C442C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C442C2 second address: C442CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C442CA second address: C442D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C442D5 second address: C442D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C442D9 second address: C442DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44477 second address: C44489 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD698C2C8ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44489 second address: C4448D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4465B second address: C44670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8EBh 0x00000007 jns 00007FD698C2C8E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44670 second address: C44699 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FD698C35526h 0x00000009 jmp 00007FD698C35539h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44699 second address: C4469D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4482D second address: C4483F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FD698C3552Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C450E1 second address: C450EB instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD698C2C8ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4E9A1 second address: C4E9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4E9AA second address: C4E9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4E9BF second address: C4E9C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4E9C5 second address: C4E9D6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD698C2C8ECh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4EB6A second address: C4EB87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD698C35531h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5B18F second address: C5B193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5AC7C second address: C5AC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jl 00007FD698C35526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop esi 0x00000012 jp 00007FD698C3552Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E042 second address: C5E06E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FD698C2C8EBh 0x0000000a jmp 00007FD698C2C8EEh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edx 0x00000015 jng 00007FD698C2C8F2h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5E06E second address: C5E074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6590B second address: C65911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65911 second address: C65915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BF10 second address: C6BF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BF16 second address: C6BF2E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD698C35526h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FD698C3552Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BF2E second address: C6BF34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BF34 second address: C6BF46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jne 00007FD698C35526h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BDA3 second address: C6BDA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BDA9 second address: C6BDAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D674 second address: C6D67A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6D67A second address: C6D67E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7020C second address: C70227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jc 00007FD698C2C8F3h 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007FD698C2C8EBh 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C70227 second address: C7024A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d popad 0x0000000e jng 00007FD698C3553Ah 0x00000014 jbe 00007FD698C3552Ch 0x0000001a jo 00007FD698C35526h 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77B4A second address: C77B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jng 00007FD698C2C8E6h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD698C2C8EDh 0x00000017 jmp 00007FD698C2C8F0h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C77B79 second address: C77B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CDB0 second address: C7CDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CDB8 second address: C7CDC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jne 00007FD698C35526h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D353 second address: C7D359 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D359 second address: C7D35E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D4B0 second address: C7D4C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b jl 00007FD698C2C8EEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D76C second address: C7D78B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Bh 0x00000007 jmp 00007FD698C3552Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D78B second address: C7D7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 js 00007FD698C2C8FDh 0x0000000d jmp 00007FD698C2C8F7h 0x00000012 push edx 0x00000013 jnc 00007FD698C2C8E6h 0x00000019 pop edx 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C812E5 second address: C812FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 jnl 00007FD698C3552Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B68B second address: C9B6AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD698C2C8E6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007FD698C2C8F4h 0x00000011 popad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B34E second address: C9B356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9B356 second address: C9B35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA19D5 second address: CA19DF instructions: 0x00000000 rdtsc 0x00000002 js 00007FD698C35526h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA19DF second address: CA19E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA19E8 second address: CA19F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD698C35526h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1B2F second address: CA1B43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1CAD second address: CA1CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1F52 second address: CA1F90 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD698C2C8E6h 0x00000008 jne 00007FD698C2C8E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pushad 0x00000012 ja 00007FD698C2C8ECh 0x00000018 pushad 0x00000019 jmp 00007FD698C2C8F7h 0x0000001e jg 00007FD698C2C8E6h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1F90 second address: CA1FBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007FD698C35526h 0x0000000e jmp 00007FD698C35538h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA56C0 second address: CA5729 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FD698C2C8FCh 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD698C2C8F7h 0x0000001b jmp 00007FD698C2C8F2h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA7DA second address: CAA7DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAA7DF second address: CAA7FA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD698C2C8ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007FD698C2C8F9h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAC15A second address: CAC17D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FD698C35538h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAC17D second address: CAC18D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD698C2C8E6h 0x0000000a popad 0x0000000b pop esi 0x0000000c pushad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAC18D second address: CAC1A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FD698C35526h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAC1A0 second address: CAC1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAC1A4 second address: CAC1A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADE3C second address: CADE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD698C2C8E6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADE4C second address: CADE62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD698C35526h 0x0000000a pop edx 0x0000000b pushad 0x0000000c js 00007FD698C3552Eh 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADE62 second address: CADE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jo 00007FD698C2C8E6h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007FD698C2C8E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CADE78 second address: CADE7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF9A1 second address: CAF9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF9A7 second address: CAF9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF9AD second address: CAF9CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD698C2C8F8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF9CB second address: CAF9CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF9CF second address: CAF9F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD698C2C8ECh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF9F2 second address: CAF9F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5276 second address: CA5280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FD698C2C8E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA556E second address: CA557A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD698C35526h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A0DBA5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A0DB8F instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4DB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4F90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 6F90000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A101F9 rdtsc

0_2_00A101F9

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 4672

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BF3FD0 GetSystemInfo,VirtualAlloc,

0_2_00BF3FD0

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00A101F9 rdtsc

0_2_00A101F9

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: ,$Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BEE466 GetSystemTime,GetFileTime,

0_2_00BEE466

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\Desktop\file.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\Desktop\file.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Bypass User Account Control	261 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	261 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	24 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	56%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1533035
Start date and time:	2024-10-14 11:02:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, ctldl.windowsupdate.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtProtectVirtualMemory calls found.

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.935979192927846
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'772'544 bytes
MD5:	b98ffed8586d28233c812bd2e9c4f1f2
SHA1:	7198dfb80f47bb34c9f74a54454478dfc8cab2f8
SHA256:	d32cabe55f2ab4e97c167d948a9999e0a8f5ef3c49f9c3005240669e11a5cd75
SHA512:	a476d7f43718349452aab11e89ec15ef9cf5e178edab2399990dede4dd4262076d9ade7ae82bf4c689153eb9f6217f3bafe1256b036b5c63eee0eaeeda8aff94
SSDEEP:	49152:QBbrBRVWL3QLfqwPvwiDbI73LZEcdprAYJWrb:2br1WrQLfj1DQqcdQP
TLSH:	2585337E9BB324B6D20F11B17E27C707771449129D1D22C6ADB6362A82B1786F90CCF8
File Content Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............F.. ...`....@.. ........................F.....>.....`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x868000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:	0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FD6984CCE3Ah
pminsw mm3, qword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8055	0x69	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x59c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x81f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x2000	0x4000	0x1200	149be1ecbcba63e004c170b467b3d282	False	0.9275173611111112	data	7.7321523141435	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6000	0x59c	0x600	aae15e30898a02f09cc86ed48aa06b09	False	0.4140625	data	4.036947054771808	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x8000	0x2000	0x200	ec9cb51e8cb4ea49a56ee3cf434fb69e	False	0.1484375	data	0.9342685949460681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0xa000	0x2b0000	0x200	8ac7a7b7851a66aa124dd73a650761d7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
emyaprgj	0x2ba000	0x1ac000	0x1aaa00	e12c50df741af20082528b1f9112029b	False	0.9950791321784354	data	7.954214251652952	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
wiqpbsfr	0x466000	0x2000	0x400	de7b04d7e6e320ae1416fc153a870e67	False	0.732421875	data	5.695949164752082	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x468000	0x4000	0x2200	b7f9917cc4688ea1cc8fb3a87e5b9c7c	False	0.07709099264705882	DOS executable (COM)	1.012185976352068	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x6090	0x30c	data			0.42948717948717946
RT_MANIFEST	0x63ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
kernel32.dll	lstrcpy

Target ID:	0
Start time:	05:03:02
Start date:	14/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa00000
File size:	1'772'544 bytes
MD5 hash:	B98FFED8586D28233C812BD2E9C4F1F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	2.9%
Signature Coverage:	3.4%
Total number of Nodes:	409
Total number of Limit Nodes:	31

Executed Functions

Function 00BF3FD0 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,-118C5FEC), ref: 00BF3FDC
VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 00BF403D

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: 31e7fd8d2742c5cd8d4ae1f60b82b9c99aa4e34093050ba9fdcd8e1535e6dd59
Instruction ID: 9c74e526812bb4f40e549a209415daaca1023f58d6b1166de40b91f226565214
Opcode Fuzzy Hash: 31e7fd8d2742c5cd8d4ae1f60b82b9c99aa4e34093050ba9fdcd8e1535e6dd59
Instruction Fuzzy Hash: 404142B590020AABE769CF60CC45BE7BBECFB48740F1040A6A713DA582E77091D48FA0

Function 00BEB9EC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?), ref: 00BEBAFD
LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 00BEBB11

Strings

1002, xrefs: 00BEBAC7
.dll, xrefs: 00BEBA34
.exe, xrefs: 00BEBA58

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: .dll$.exe$1002
API String ID: 1029625771-847511843
Opcode ID: 6142f8629c1367b7c257adeb82a96a273d5ad40050d89e1b39e5727491232e5e
Instruction ID: aba016afd46ca202ca776480f2c2ebcae733032578abb6244a696a0059fd65e9
Opcode Fuzzy Hash: 6142f8629c1367b7c257adeb82a96a273d5ad40050d89e1b39e5727491232e5e
Instruction Fuzzy Hash: BB317F31500289FFCF25AF56D945EAE7BF5FF04340F1091A9F902961A1CB359AA0DBA1

Function 00BEBEF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00BEBE84,?,00000000,00000000), ref: 00BEBFAF
GetModuleHandleA.KERNEL32(00000000,?,?,?,00BEBE84,?,00000000,00000000), ref: 00BEBFBD

Strings

.dll, xrefs: 00BEBF25

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: HandleModule
String ID: .dll
API String ID: 4139908857-2738580789
Opcode ID: 26f3a9e14c90a249e154808ae90243e3c6994765d4789e08e5d65a2774adc093
Instruction ID: 929a317c671138cd18624894e92fbe2a7976093ab5b290c95676d565b9de5379
Opcode Fuzzy Hash: 26f3a9e14c90a249e154808ae90243e3c6994765d4789e08e5d65a2774adc093
Instruction Fuzzy Hash: 47115E34105685EFDB31EF52CC6CFAA76E4FF00345F1042A5A405548E1C77999E0DEE6

Function 00BEE84C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(009458DC,-118C5FEC), ref: 00BEE8C5
GetFileAttributesA.KERNEL32(00000000,-118C5FEC), ref: 00BEE8D3

Strings

@, xrefs: 00BEE878

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2726393805
Opcode ID: ee13c02a9cf646698b30d46a2e0c7e1688c4c4a4ea61453d4ea7945a259d2991
Instruction ID: 9a4f9d59f20812ae874cd649c0f5e9a64e7bfae42d70457f2c4cd698524a99ca
Opcode Fuzzy Hash: ee13c02a9cf646698b30d46a2e0c7e1688c4c4a4ea61453d4ea7945a259d2991
Instruction Fuzzy Hash: AB018C30504285FBEB21AF57C98979C7EF8EF00345F2181B0E013654E1C3B1EA91EB65

Function 00BEA8CC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddExtensionA.KERNELBASE(?,00000000), ref: 00BEA92E

Strings

\\?\, xrefs: 00BEA989

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: ExtensionPath
String ID: \\?\
API String ID: 158807944-4282027825
Opcode ID: 1914696bd62b871763af37ac747b452b40b8752e476948cda97690229e5c6988
Instruction ID: d01df95f0217fe9e4c37098f2045db974125299df79a79bfa5bab98745b30055
Opcode Fuzzy Hash: 1914696bd62b871763af37ac747b452b40b8752e476948cda97690229e5c6988
Instruction Fuzzy Hash: B1316A36600649BFDF21CF96CD49B9EB7F9FF08714F0010A1F901A50A0D372AAA1DB52

Function 00BEBFDB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BEA319: GetCurrentThreadId.KERNEL32 ref: 00BEA328
Part of subcall function 00BEA319: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00BEA36B

GetModuleHandleExA.KERNELBASE(?,?,?), ref: 00BEC03F

Strings

.dll, xrefs: 00BEBFFC

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentHandleModuleSleepThread
String ID: .dll
API String ID: 683542999-2738580789
Opcode ID: 5bf42a9334b31a6b3b255e268323f1c557324db9af27ffb93670db9523e4e174
Instruction ID: 10579ad3111137fc24f1ffbd399d707c55fdeea0b3d24f6f601d3a256ec321d5
Opcode Fuzzy Hash: 5bf42a9334b31a6b3b255e268323f1c557324db9af27ffb93670db9523e4e174
Instruction Fuzzy Hash: 2AF09071100285EFDF10AF5AC889AAD3FE4FF04344F1080A1FD0586093C335D4A2EA26

Function 00BEEA68 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(009458DC,?,?,-118C5FEC,?,?,?,-118C5FEC,?), ref: 00BEEB1A

Part of subcall function 00BEEA1A: IsBadWritePtr.KERNEL32(?,00000004), ref: 00BEEA28

CreateFileA.KERNEL32(?,?,?,-118C5FEC,?,?,?,-118C5FEC,?), ref: 00BEEB3A

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CreateFile$Write
String ID:
API String ID: 1125675974-0
Opcode ID: 81520953c984ec9a14c93267d334728b10cf1363397dfb19eab423a4b9fc909a
Instruction ID: 34a63fde2780178ac7d93630374dbea4bd7b8b0ac9f304081668570b7e98ae7a
Opcode Fuzzy Hash: 81520953c984ec9a14c93267d334728b10cf1363397dfb19eab423a4b9fc909a
Instruction Fuzzy Hash: 2D11F93200018AFBDF229F92CD49BAD7EB6BF04344F0491A9F922650A1D776C9A5EB51

Function 00BEE3D4 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BEA319: GetCurrentThreadId.KERNEL32 ref: 00BEA328
Part of subcall function 00BEA319: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00BEA36B

GetCurrentProcess.KERNEL32(-118C5FEC), ref: 00BEE3E1
DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00BEE447

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: Current$DuplicateHandleProcessSleepThread
String ID:
API String ID: 2846201637-0
Opcode ID: 9eba087ecba254b861a4e0a454fead80d626902697bef7db7e05d00a49bb4a5a
Instruction ID: b7ccdc3b994c3c3b177abc395c913b3dc1c5195235bf210da3467d19daf90d89
Opcode Fuzzy Hash: 9eba087ecba254b861a4e0a454fead80d626902697bef7db7e05d00a49bb4a5a
Instruction Fuzzy Hash: 0B01123210018AFB8F226FA6DC48C9E3FB9FF99354B144651F91191092C736E472EB62

Function 00BEA319 Relevance: 3.0, APIs: 2, Instructions: 33
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00BEA328
Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00BEA36B

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentSleepThread
String ID:
API String ID: 1164918020-0
Opcode ID: 206a902de71e11debb83ea52cdbf1fe365f3905dbdccf1040fc54c59edb6785b
Instruction ID: fa45ba930c209366ab52a22f05072bdfa2eca6b17844105969fed217ff034cb3
Opcode Fuzzy Hash: 206a902de71e11debb83ea52cdbf1fe365f3905dbdccf1040fc54c59edb6785b
Instruction Fuzzy Hash: 62F0B431101289EFDB219F66C44876EB2F8FF4131AF6002B9D10246541D7B17D89D686

Function 00BF49FC Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67716c64c5c4604de5f7d71c3ffc2fca6d79c28eee51e5d1a6f5595571725448
Instruction ID: b95595163e6265dee4f3871e84976452c82df440377f57600ef61615d4447dec
Opcode Fuzzy Hash: 67716c64c5c4604de5f7d71c3ffc2fca6d79c28eee51e5d1a6f5595571725448
Instruction Fuzzy Hash: 47415B7190020AEFEB20CF54C848BBB7BF5FB44314F2444D5EA02A7592D331AD99DB65

Function 00BECA53 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 00BECB08

Part of subcall function 00BEA3F7: RtlAllocateHeap.NTDLL(00000000,00000000,00BEA0A0,?,?,00BEA0A0,00000008), ref: 00BEA411

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateCreateFileHeap
String ID:
API String ID: 3125202945-0
Opcode ID: 7cd96611c3737173721cbadb76d7459c7badaca301d342aee968cc55fb07a264
Instruction ID: 5166a2840eafbce239f9a333ad6d725896a68f9e05234cde9c32c1e723aa07f4
Opcode Fuzzy Hash: 7cd96611c3737173721cbadb76d7459c7badaca301d342aee968cc55fb07a264
Instruction Fuzzy Hash: 96316F71900248FBDB209F66DC46F99BBF8FF04724F2082A9F515A61D1C772A952DB14

Function 00BEC26F Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00BEA3F7: RtlAllocateHeap.NTDLL(00000000,00000000,00BEA0A0,?,?,00BEA0A0,00000008), ref: 00BEA411

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 00BEC2F1

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateCreateFileHeap
String ID:
API String ID: 3125202945-0
Opcode ID: fee25f43555eec493514a8446d40355a9d346e21c367807805df280b368d8a7c
Instruction ID: d4d83b92ae7986480b38c36fdb8689bd5a7a3af967f7ea4ea52f09341da7c46f
Opcode Fuzzy Hash: fee25f43555eec493514a8446d40355a9d346e21c367807805df280b368d8a7c
Instruction Fuzzy Hash: 78319571540244BBEB309F69DC45F997BF8EB04724F2083A9F611AA0D2D3B2A582CB58

Function 00BF4749 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,?), ref: 00BF47F6

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: edbf5522e1dc467c0afac4e650481fece5b5680e6f87fb9e04006e4e9eb4170e
Instruction ID: ab04cd6a3876b89eb7af5381fca7961fd87e973aab8e7ee3932cf8a4f2fa921f
Opcode Fuzzy Hash: edbf5522e1dc467c0afac4e650481fece5b5680e6f87fb9e04006e4e9eb4170e
Instruction Fuzzy Hash: 87117F71A4126DDBFB309A048C48BBBB7ECEB45791F1080D5AA05A7441D7749E888AE1

Function 04DB0D41 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04DB0DCD

Memory Dump Source

Source File: 00000000.00000002.2253212015.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4db0000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 2d4c3e8e9772fbe0e2cb67766e1ba702ddcafd3995394c3c1f79d45348e9abe0
Instruction ID: 1f10075695f40a5ec60aca6c6cdf32d8314984e1c988b198291f76bad04eda7b
Opcode Fuzzy Hash: 2d4c3e8e9772fbe0e2cb67766e1ba702ddcafd3995394c3c1f79d45348e9abe0
Instruction Fuzzy Hash: 892149B6C01218DFCB10CF99D885ADEFBF0FF88320F14821AD909AB244C734A541CBA4

Function 04DB0D48 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04DB0DCD

Memory Dump Source

Source File: 00000000.00000002.2253212015.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4db0000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 707c54e082bfe8f3588114e0df8a274df601dddd53ecc6af2c8982db6e9074bb
Instruction ID: 9a87e2904cefc9454e76531d17c284a8d8734debf1fccba07bcc18943622a7cf
Opcode Fuzzy Hash: 707c54e082bfe8f3588114e0df8a274df601dddd53ecc6af2c8982db6e9074bb
Instruction Fuzzy Hash: E12124B6C01218DFCB50CF99D884ADEFBF4FF88720F14861AD909AB245D734A540CBA4

Function 04DB1509 Relevance: 1.6, APIs: 1, Instructions: 56serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04DB1580

Memory Dump Source

Source File: 00000000.00000002.2253212015.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4db0000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 6bc7c877bccb5788d42a1b846525554deaf12f4435aeb397e60781683ca2acfe
Instruction ID: 028ba1f98ddba5c74d13871ccb5e28fc8bfd0892e404b2896937eaae21317ea1
Opcode Fuzzy Hash: 6bc7c877bccb5788d42a1b846525554deaf12f4435aeb397e60781683ca2acfe
Instruction Fuzzy Hash: 432114B1900249DFDB10DF9AC488BDEFBF4FB48320F10842AE559A7240D378A645CFA5

Function 04DB1510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04DB1580

Memory Dump Source

Source File: 00000000.00000002.2253212015.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4db0000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 0fb737c24207b64a9b314e0a44873ac8edb4f22dd39ff15ae382728b174daf92
Instruction ID: a7eba8d1a27184a3abfa0aec9a7dfa7e60bfe9cb8e89ca5915ca7ab1e1c841ab
Opcode Fuzzy Hash: 0fb737c24207b64a9b314e0a44873ac8edb4f22dd39ff15ae382728b174daf92
Instruction Fuzzy Hash: 5111E4B1900249DFDB10CF9AC984BDEFBF4FB48320F148429E559A3250D378A644CFA5

Function 00BEF5A0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BEA319: GetCurrentThreadId.KERNEL32 ref: 00BEA328
Part of subcall function 00BEA319: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00BEA36B

MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-118C5FEC), ref: 00BEF627

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentFileSleepThreadView
String ID:
API String ID: 2270672837-0
Opcode ID: 7ff3ba37a2d5e0be1806dffbf2a2b0f029f99e466603af86f989552002fa002b
Instruction ID: fa24dd6ac74dba5844febd339bcb1db74644e829e2a62c2a9ca87f9f531d59fe
Opcode Fuzzy Hash: 7ff3ba37a2d5e0be1806dffbf2a2b0f029f99e466603af86f989552002fa002b
Instruction Fuzzy Hash: 8911E53250018BFFCF12AFA6DC49CAE3AA6FF55340B0045A1FA0155071C7369472EBA2

Function 00BEF388 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentSleepThread
String ID:
API String ID: 1164918020-0
Opcode ID: e904b4142a8ee43c53804bfdc493df83edbfc1b42c8c7ffb318ddebd5c91e434
Instruction ID: 621f2bde29c5eb95054b1036cb49932717e7c8194026aed0585c2834d767bb41
Opcode Fuzzy Hash: e904b4142a8ee43c53804bfdc493df83edbfc1b42c8c7ffb318ddebd5c91e434
Instruction Fuzzy Hash: 8211613210018AEBCF12AFA6CC09EAE7BF5EF45344F0081A1F901551A1C735DA62EB65

Function 04DB1301 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04DB1367

Memory Dump Source

Source File: 00000000.00000002.2253212015.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4db0000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 0f392c6d83cf0bd9f4659abe1ba2f9d2e1266cbd0d8fa14c5e1f7af84bb8292e
Instruction ID: 7f09361aa65a0c6907c19957c07d163020ed3444295a0c63b9e4aa7a93de4eb9
Opcode Fuzzy Hash: 0f392c6d83cf0bd9f4659abe1ba2f9d2e1266cbd0d8fa14c5e1f7af84bb8292e
Instruction Fuzzy Hash: F11125B1800249CFDB10CF9AD984BEEFBF4EF48320F24846AD599A3240D778A545CFA5

Function 04DB1308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04DB1367

Memory Dump Source

Source File: 00000000.00000002.2253212015.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4db0000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: ad4ecbc0c8ce84a305e5824c48a7b738f1b8db369f9ea6ef20e2a27ef969ae3c
Instruction ID: e95c6716c643738f4b8023cacde5ac4ac7ca8aea2386e7113b14d9c638eee10e
Opcode Fuzzy Hash: ad4ecbc0c8ce84a305e5824c48a7b738f1b8db369f9ea6ef20e2a27ef969ae3c
Instruction Fuzzy Hash: 0411F2B1800349CFDB10DF9AC945BEEBBF8EB48320F24846AD559A3650D778A944CBA5

Function 00BEEC6C Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00BEA319: GetCurrentThreadId.KERNEL32 ref: 00BEA328
Part of subcall function 00BEA319: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00BEA36B

ReadFile.KERNELBASE(?,00000000,?,00000400,?,-118C5FEC,?,?,00BEC99B,?,?,00000400,?,00000000,?,00000000), ref: 00BEECD8

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CurrentFileReadSleepThread
String ID:
API String ID: 1253362762-0
Opcode ID: dae3704608ac8649005b4dc0ee89c6b607e8ca5dfef6649bde8fdf6046dbe88a
Instruction ID: c997c1ef73651789fc2283111b34412d2f25b90876cc42d305bd9cd7a123701a
Opcode Fuzzy Hash: dae3704608ac8649005b4dc0ee89c6b607e8ca5dfef6649bde8fdf6046dbe88a
Instruction Fuzzy Hash: 95F03C3210008AFBCF129FAACC09D9E3FA6FF44344F144591F51185161C736D4B1EB62

Function 00BEA3F7 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000000,00BEA0A0,?,?,00BEA0A0,00000008), ref: 00BEA411

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 38f0cd804a6a2191d2052f5ddffd55a3c5e6f1cec2bec36206c1c02bc8f1946b
Instruction ID: 5cfd09032796c7dfc274fc6b1aeeb980479b67eb94c051ff475277c6176618fd
Opcode Fuzzy Hash: 38f0cd804a6a2191d2052f5ddffd55a3c5e6f1cec2bec36206c1c02bc8f1946b
Instruction Fuzzy Hash: B6D0C9B6200646B7CB205E5A9C09E9ABABCEB95A91F008221B50290095D766E05285B5

Function 00BEA4EA Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(?,?), ref: 00BEA54E

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: ccb9fa6f2fffb994dcbf94a3580e257dc9e0d5cc271d20acde905c509c098ee7
Instruction ID: 76bfb6cc123746d9bb58e2a589689b541191875c1e0997d2df41043a760b5b32
Opcode Fuzzy Hash: ccb9fa6f2fffb994dcbf94a3580e257dc9e0d5cc271d20acde905c509c098ee7
Instruction Fuzzy Hash: 70019635600549FFDF119FA6DC09D9EBBBAFF84B40F0441A5B405A41A0D732A662DB61

Function 00BF4373 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,00BF436F,?,?,00BF4075,?,?,00BF4075,?,?,00BF4075), ref: 00BF4393

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a32d378b7f9839ba5a63ab989217b025686683c2c5cf466273a6c3b2c4a3df75
Instruction ID: ebca4cbec52ca8928b93897aaa7bfefb592ccfa17df41b260358e681cca33235
Opcode Fuzzy Hash: a32d378b7f9839ba5a63ab989217b025686683c2c5cf466273a6c3b2c4a3df75
Instruction Fuzzy Hash: 7EF0D1B190020AEFD7208F14CE04BAABBE0FF44351F118469E64A9B190D3B098D09F50

Function 00A0E51F Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00A0E528

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7b3d8d99a583d2ec936987de37027be40b3b42554e77835c46c082b7dbe8ab8f
Instruction ID: 3f039829b83b2daad45b347aabd7dea3fa91eceb96303188ad4c28705225354b
Opcode Fuzzy Hash: 7b3d8d99a583d2ec936987de37027be40b3b42554e77835c46c082b7dbe8ab8f
Instruction Fuzzy Hash: BAF0A4B750C20A97DB406F38E84A26D7A74AA14320F390628B996CA6C5FA21C9119507

Function 00A0EF70 Relevance: 1.3, APIs: 1, Instructions: 28memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00A0EF70

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4f3cafc95753dbd81c9bfc03364698e43ff49e53154af2a79fd1b9ae3485899a
Instruction ID: 7e279332caf731d6a37102b2f506781970184e9e48bb6deb7ac263084a0234e3
Opcode Fuzzy Hash: 4f3cafc95753dbd81c9bfc03364698e43ff49e53154af2a79fd1b9ae3485899a
Instruction Fuzzy Hash: B4F0ECF510C509DFC7049F29EC9457E7BF9EB95390F25442DD48256B84E23545818663

Function 00BED06D Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 00BEA319: GetCurrentThreadId.KERNEL32 ref: 00BEA328
Part of subcall function 00BEA319: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00BEA36B

CloseHandle.KERNELBASE(00BECA30,-118C5FEC,?,?,00BECA30,?), ref: 00BED0AB

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseCurrentHandleSleepThread
String ID:
API String ID: 4003616898-0
Opcode ID: a71d484bcdcac390efb5950108bf9e980fe026ea9cb3ae5dbbcf7d6e2bfe883e
Instruction ID: 8b07469053a93cfa385e3ac8358766b0cca5ab4a58d4fcb9e2fddc1cd56709da
Opcode Fuzzy Hash: a71d484bcdcac390efb5950108bf9e980fe026ea9cb3ae5dbbcf7d6e2bfe883e
Instruction Fuzzy Hash: D5E04F62204585B6CE217B7BDC0DD4E2EED9F91344B0446A2F40195093CB6AE49396B7

Function 00BEC132 Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,00BEA1B8,?,?), ref: 00BEC138

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: dde8b0241331d27dcbad9c6ee5b88a87410bcab8ba5690b72da4b58e89108490
Instruction ID: a0a5f3f787fba981af041e4b7582d87dc3fda1a1affd5f62f18e29e22b98154d
Opcode Fuzzy Hash: dde8b0241331d27dcbad9c6ee5b88a87410bcab8ba5690b72da4b58e89108490
Instruction Fuzzy Hash: 18B09B31000108B7CF117F51DC05C4D7F65FF153557408111F91545063C776D56597D1

Non-executed Functions

Function 00B860CF Relevance: 10.5, Strings: 7, Instructions: 1708COMMON

Download Yara Rule

Strings

9ag, xrefs: 00B86E35
aw/, xrefs: 00B863D5
p0}, xrefs: 00B86A1D
?k>W, xrefs: 00B874E6
|]_, xrefs: 00B866F9
4?._, xrefs: 00B86EA5
k60*, xrefs: 00B872AC

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 4?._$9ag$?k>W$aw/$k60*$p0}$|]_
API String ID: 0-3084853200
Opcode ID: 9620baebe6352477b27d5b63d7db5995867e1e13e512eb55e6d2282fa9574bbd
Instruction ID: 102e2d45acd0c8bcb65eaba02a795802545f7e59fd7b4551fc984eff2ef951ad
Opcode Fuzzy Hash: 9620baebe6352477b27d5b63d7db5995867e1e13e512eb55e6d2282fa9574bbd
Instruction Fuzzy Hash: D7B23DF3A0C2049FE3046E2DEC8567AFBE9EF94720F16863DEAC5C3744E93558058696

Function 00B7F3B9 Relevance: 9.1, Strings: 6, Instructions: 1628COMMON

Download Yara Rule

Strings

~w, xrefs: 00B7F786
7'_, xrefs: 00B7FD8F
PQ[, xrefs: 00B80375
bL_, xrefs: 00B7FEEE
Yu~E, xrefs: 00B7FE36
"o=, xrefs: 00B80671

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 7'_$PQ[$Yu~E$bL_$ ~w$"o=
API String ID: 0-2855007540
Opcode ID: b87d22158c10577fe8fac14419d19df8e0b0d113975853da3b6e0288673cff98
Instruction ID: 75da2f5059441ae3169d7c456745b4e8690fb280c6fcd07a18ea4feaef78763c
Opcode Fuzzy Hash: b87d22158c10577fe8fac14419d19df8e0b0d113975853da3b6e0288673cff98
Instruction Fuzzy Hash: EFB2F6F360C2009FE304AE2DEC8567ABBE9EF94720F16453DEAC4C7744EA3598058697

Function 00B8B0A1 Relevance: 9.1, Strings: 6, Instructions: 1622COMMON

Download Yara Rule

Strings

6Gv-, xrefs: 00B8BAED
B(}, xrefs: 00B8BA9B
`):z, xrefs: 00B8B0F7
lI??, xrefs: 00B8C436
>5?:, xrefs: 00B8BC0B
;?M, xrefs: 00B8BD19

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 6Gv-$;?M$>5?:$B(}$`):z$lI??
API String ID: 0-1215618439
Opcode ID: 60fc5b064b166d938f796be7567ec9475f44a77a7069bac5d12ff48ce4e0551d
Instruction ID: f186486c9f6c75b954b1bbb58a42f6fbad54f8cfdd1738a5019a8f01c512158f
Opcode Fuzzy Hash: 60fc5b064b166d938f796be7567ec9475f44a77a7069bac5d12ff48ce4e0551d
Instruction Fuzzy Hash: 70B2D5F360C2049FE304AE2DEC8577ABBE9EF94720F16893DEAC483744E63558458697

Function 00A6811C Relevance: 6.7, Strings: 5, Instructions: 424COMMON

Download Yara Rule

Strings

o, xrefs: 00A6854A
q, xrefs: 00A6863D
6, xrefs: 00A68385
p, xrefs: 00A686F4
@, xrefs: 00A68796

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 6$@$o$p$q
API String ID: 0-2818696106
Opcode ID: d886a9da03754cded42f208fadb57e3675604c6fb512f9d2d9d66de08597e9e5
Instruction ID: 1dea9f4d59db8f152865622eabf6450b7ba2f05953a25601393dab51223399f9
Opcode Fuzzy Hash: d886a9da03754cded42f208fadb57e3675604c6fb512f9d2d9d66de08597e9e5
Instruction Fuzzy Hash: EFE13CE3F5151447FB684939CD293B61987C3E1321E2EC27D8B5A97BC9DC7E4C464248

Function 00B79069 Relevance: 3.3, Strings: 2, Instructions: 847COMMON

Download Yara Rule

Strings

W"?z, xrefs: 00B79326
7~, xrefs: 00B792D1

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 7~$W"?z
API String ID: 0-3549162767
Opcode ID: 11e63ee0a2eb2eed8a831318f0a5f3436e8f4c0a5049cf5b46cc85f5e2da80e5
Instruction ID: eb0cd2fffec1616a9c2aa8da86aa59b5dc0b670864633948d510799717158b8f
Opcode Fuzzy Hash: 11e63ee0a2eb2eed8a831318f0a5f3436e8f4c0a5049cf5b46cc85f5e2da80e5
Instruction Fuzzy Hash: A1424AF3A0C2149FE3046E2DEC8577AFBE9EF94260F1A463DEAC4C3744E97558048696

Function 00AAF36A Relevance: 3.0, Strings: 2, Instructions: 533COMMON

Download Yara Rule

Strings

aQw8, xrefs: 00AAF8B3
eQw8, xrefs: 00AAF8B8

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: aQw8$eQw8
API String ID: 0-3904930985
Opcode ID: d715413ff059f04b9b64939caab6564d58c55b67fa53eea0d994dcf84e29d8be
Instruction ID: 1dccf055d384c46f591b052323396666325622b6822356317993e191fc8a3116
Opcode Fuzzy Hash: d715413ff059f04b9b64939caab6564d58c55b67fa53eea0d994dcf84e29d8be
Instruction Fuzzy Hash: 1902CFF3F102254BF3545939DD98366B687DBD4320F2F82398E98A7BC5E87E5D064284

Function 00B7A1BD Relevance: 2.9, Strings: 1, Instructions: 1645COMMON

Download Yara Rule

Strings

wh?&, xrefs: 00B7B1C7

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: wh?&
API String ID: 0-465269344
Opcode ID: 73030553e3a501593ced6c93d20200b6403dd61ab1dd82a352adb7a4259d079a
Instruction ID: 135ff8aba65a5e3a8bafb38119d5ccf147d59a62ed28a0ee2c9c28cce201a911
Opcode Fuzzy Hash: 73030553e3a501593ced6c93d20200b6403dd61ab1dd82a352adb7a4259d079a
Instruction Fuzzy Hash: ACB239F3A0C2049FE3046E2DEC8567ABBE9EFD4760F16853DEAC4C3744EA3558058696

Function 00A460FE Relevance: 1.8, Strings: 1, Instructions: 514COMMON

Download Yara Rule

Strings

lsk, xrefs: 00A465BD

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: lsk
API String ID: 0-3034620375
Opcode ID: 5aba3075c7122cec4f6f268a4176392ac8ace48df114abc25967bec002d9e815
Instruction ID: c714e6284014e703fecbcc937e8b4d8e1d0297b714462ddf3162a190fe66a88b
Opcode Fuzzy Hash: 5aba3075c7122cec4f6f268a4176392ac8ace48df114abc25967bec002d9e815
Instruction Fuzzy Hash: 5BF1CFB3F152204BF3444929CC983A6B6D7EBD5320F2F863D9A98A77C4D97E5C064385

Function 00AB8062 Relevance: 1.6, Strings: 1, Instructions: 390COMMON

Download Yara Rule

Strings

1uno, xrefs: 00AB8540

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 1uno
API String ID: 0-496685187
Opcode ID: a86b93e09fecb764ca3577eb4d9b3516ca3c57f1c98a6906f1b5e69c48fd9852
Instruction ID: c781f63cac8fbd526af0d6bc33eaabce08645d992b6227119097d2b54bd1a7cc
Opcode Fuzzy Hash: a86b93e09fecb764ca3577eb4d9b3516ca3c57f1c98a6906f1b5e69c48fd9852
Instruction Fuzzy Hash: C9D1A0B3F112144BF3545E28CC983A67692EBD5310F2B863CCE885B7C9DA3E5D0A8785

Function 00A26269 Relevance: 1.6, Strings: 1, Instructions: 344COMMON

Download Yara Rule

Strings

3sv, xrefs: 00A264A7

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 3sv
API String ID: 0-2890615069
Opcode ID: 11f0665d3e7a5d389f5d71ea7e25c2c1505ec7695274d0da1ac4559aa3e15d67
Instruction ID: 5cbadeed8f26e10a7bcc2807682556ff642262bc82200c52afeea2bc9bf564b5
Opcode Fuzzy Hash: 11f0665d3e7a5d389f5d71ea7e25c2c1505ec7695274d0da1ac4559aa3e15d67
Instruction Fuzzy Hash: 10C1AEB3F1022547F3584939DCA83626683EBD5320F2F82388E99AB7C5DD7E5D0A5284

Function 00A6236C Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

{, xrefs: 00A6246A

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: f1cc3b0d462081f08badb8a47c2fb94042e34ebeb349c7e0eb9ec61a4a385fe0
Instruction ID: 1b289947d889c1f6634a32595fb6b0e8edd5306ab926feb2ad609a74b8094a1d
Opcode Fuzzy Hash: f1cc3b0d462081f08badb8a47c2fb94042e34ebeb349c7e0eb9ec61a4a385fe0
Instruction Fuzzy Hash: 4EB190B3F112254BF3444D78CC583A27693DB96311F2F82788E486BBC9D97E9D4A9384

Function 00B2E3E9 Relevance: 1.6, Strings: 1, Instructions: 312COMMON

Download Yara Rule

Strings

C, xrefs: 00B2E52A

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 59d3a5355bb93f5768386d0aaa1bb8f9382b6e3092f4cb81db4d324fd411bffc
Instruction ID: e6398e1f732afb9b5a8fcc6a92e999084d0304a612b544405ee6ed9ebd017960
Opcode Fuzzy Hash: 59d3a5355bb93f5768386d0aaa1bb8f9382b6e3092f4cb81db4d324fd411bffc
Instruction Fuzzy Hash: 41B15CB3F511264BF3584938CC683B56683EB95310F2F823C8E89AB7C5D97E5D495384

Function 00ACA008 Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

r]y3, xrefs: 00ACA05F

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: r]y3
API String ID: 0-3309021505
Opcode ID: 0e31607ad154fa81e9b02e583102885e526ee6269bc0e87d78cbb9b660a24e94
Instruction ID: 2e4cf3cb211465e0cb2e0bdf63e17ac9cd59f353f0dceb791f2f60041573fbc2
Opcode Fuzzy Hash: 0e31607ad154fa81e9b02e583102885e526ee6269bc0e87d78cbb9b660a24e94
Instruction Fuzzy Hash: 2BB1ADB7F102244BF3444978CD983627693EB95324F2F82788F986BBC5D9BE5C0A5384

Function 00A41212 Relevance: 1.5, Strings: 1, Instructions: 297COMMON

Download Yara Rule

Strings

4, xrefs: 00A41331

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 8761a8ffdb8455e52481ad02cc3bc61213f38b63d17bb5c029b48f06dd57e89e
Instruction ID: 52af355fc98ac2cf4bfbeca1f8eb1a92a4f52614beb9d6578b20f553672747a7
Opcode Fuzzy Hash: 8761a8ffdb8455e52481ad02cc3bc61213f38b63d17bb5c029b48f06dd57e89e
Instruction Fuzzy Hash: B2A15AB3F111254BF3544A28CC58361B692EBA5324F2F82788E9C6B7C5D97F5C0A97C4

Function 00ACC2BA Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

M, xrefs: 00ACC4D3

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: fec1a7621dafc2329a63118145de467469facc9faaaef197130bd1d51cf77bd6
Instruction ID: b649fc5bfac787f94cb2ad79b089c89fa0ddf045d8ef672b4a05771617a31bc2
Opcode Fuzzy Hash: fec1a7621dafc2329a63118145de467469facc9faaaef197130bd1d51cf77bd6
Instruction Fuzzy Hash: 26A16BB3F1162547F3544978CD683626683ABD1324F2F83388EA9AB7C5DD7E9C0A5384

Function 00B4C022 Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

), xrefs: 00B4C1D6

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 88ef993770e849d335538c3569609448379db18be14b75b4c805292cb6477090
Instruction ID: 43b0a639eab86f3418305b092926c45d204fa4231c26927c40f97c9c48f07136
Opcode Fuzzy Hash: 88ef993770e849d335538c3569609448379db18be14b75b4c805292cb6477090
Instruction Fuzzy Hash: 6CA16CB3F112254BF3544D79CC983627283DBD5320F2F82788E48AB7C5E97E9D0A9284

Function 00B6C1B2 Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

+, xrefs: 00B6C2D0

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: +
API String ID: 0-2126386893
Opcode ID: 1951012a93bba59c3760a861d7597a2be24aa05fc12b3854fd3a25cc56800f5d
Instruction ID: c24f3a8f1ac790c2244bdc2bfb68b02bf0ea9a84f95b83f6b9341451b1e30d7e
Opcode Fuzzy Hash: 1951012a93bba59c3760a861d7597a2be24aa05fc12b3854fd3a25cc56800f5d
Instruction Fuzzy Hash: 8DA19FB3F112254BF3044939DC983A17683DBDA314F2F82788E996B7C9DD7E5D0A9284

Function 00B4822F Relevance: 1.5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

Strings

b, xrefs: 00B48420

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: 5401adf529a2b39dd4ff8e319e69e63cb297e9406fbde0a876efeff020f8c743
Instruction ID: cb6896b4625c2c598824d8b46db694eed6c8a8fac92f77337e535bd18d0a24a7
Opcode Fuzzy Hash: 5401adf529a2b39dd4ff8e319e69e63cb297e9406fbde0a876efeff020f8c743
Instruction Fuzzy Hash: 8CA16DB3F5163547F3544974CC983A2A682A7A1324F2F82788E9C7B7C9D93E9D0A53C4

Function 00B5F142 Relevance: 1.5, Strings: 1, Instructions: 286COMMON

Download Yara Rule

Strings

E#i, xrefs: 00B5F223

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: E#i
API String ID: 0-2030354140
Opcode ID: 04e7bf5bb04c3507bb8f5aedaf361660086ef0c884b97a5414b66b4e12a88c03
Instruction ID: 7a533b1cd7d5403521edea89a720e2e61884105d3bea52c553ce808356e21151
Opcode Fuzzy Hash: 04e7bf5bb04c3507bb8f5aedaf361660086ef0c884b97a5414b66b4e12a88c03
Instruction Fuzzy Hash: 1EA146B7F1122547F3944939CC58362A683EBE5324F2F82788E986B7C9DD7E5C0A5384

Function 00BEF324 Relevance: 1.5, APIs: 1, Instructions: 24encryptionCOMMON

Download Yara Rule

APIs

CryptVerifySignatureA.ADVAPI32(?,?,?,?,?,?), ref: 00BEF36B

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID: CryptSignatureVerify
String ID:
API String ID: 1015439381-0
Opcode ID: 724dc5220d76f54db53458e495ec0746b25ef938465305398142f0650f6fe18a
Instruction ID: 0d81844e74439c401d63dfc1af877793dda161040b775fc01b433e6fec1e89b0
Opcode Fuzzy Hash: 724dc5220d76f54db53458e495ec0746b25ef938465305398142f0650f6fe18a
Instruction Fuzzy Hash: 44F0F83260124AEFCF01CFA5D94499D7BB2FF48314B14C269F91596251D37296A1EF84

Function 00AF8131 Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

;s#5, xrefs: 00AF832F

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: ;s#5
API String ID: 0-3099837943
Opcode ID: 0fcb91522744ba11b1f751c9a1cc95093b5adcb435e881df5bd42c67b91b2b34
Instruction ID: ce283d9a96cbe62bd5c3ae43619be2a634df3eaa05ed916883cf654b62ce28d5
Opcode Fuzzy Hash: 0fcb91522744ba11b1f751c9a1cc95093b5adcb435e881df5bd42c67b91b2b34
Instruction Fuzzy Hash: 67818CB3F102254BF3544E38CC983617693EB96320F2F827889886B7C5DE7E5D0A9780

Function 00A6B100 Relevance: 1.5, Strings: 1, Instructions: 229COMMON

Download Yara Rule

Strings

%=iE, xrefs: 00A6B27D

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: %=iE
API String ID: 0-680694562
Opcode ID: 669efbb2d274ed2fc3236a07a0ba27a951284d13cd64af138808735d174e08dd
Instruction ID: b04e9e130971e15686a822db3bac5a963100e33fbf4df9f0b52cae1e6cf38f94
Opcode Fuzzy Hash: 669efbb2d274ed2fc3236a07a0ba27a951284d13cd64af138808735d174e08dd
Instruction Fuzzy Hash: 55815CB3F502254BF3544939CC983627683DBD6324F2F82788E986BBC9D97E5D0A5384

Function 00A3809F Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

cHNu, xrefs: 00A38167

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: cHNu
API String ID: 0-952876209
Opcode ID: 04d9e7917a1d6efc08a542a30d1a091af64e36486a84f0aff1483db21eab6123
Instruction ID: 4d3b08480d227817f830166d9866b992ebfa46a4a6c7945304ce681562148431
Opcode Fuzzy Hash: 04d9e7917a1d6efc08a542a30d1a091af64e36486a84f0aff1483db21eab6123
Instruction Fuzzy Hash: 647112F3A0C2049FE304AA29EC45B3BB7E5EF94710F16893DE6C9C3744E97958418796

Function 00A52018 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

_+7I, xrefs: 00A52041

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: _+7I
API String ID: 0-422916329
Opcode ID: bdcfb88b3cacedc95710897564dcf912a542659d947824512e61cef2e30c9e4f
Instruction ID: 8305c0ede076e6beda366c9aa6c79343e601ead519aa67317eea21bf127569c1
Opcode Fuzzy Hash: bdcfb88b3cacedc95710897564dcf912a542659d947824512e61cef2e30c9e4f
Instruction Fuzzy Hash: AC716FB3F112254BF3544D39CD483617693ABA5314F2F81788E4CABBC6E97E5D0A5384

Function 00AE9315 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

\T"?, xrefs: 00AE944A

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: \T"?
API String ID: 0-3674112631
Opcode ID: ddc923009ca44ab2b5fa5863c3dfa3ee9e052c14b74ed181dc660a14818aaff9
Instruction ID: 4b85d2ff0bcb178c7db81e64cbcc81a643df171bdda3361083bc701286141419
Opcode Fuzzy Hash: ddc923009ca44ab2b5fa5863c3dfa3ee9e052c14b74ed181dc660a14818aaff9
Instruction Fuzzy Hash: 47617CB3F1162547F3544969CC883A26683A7D5320F2F82788F9C6B7CAE97E5D0653C4

Function 00AFB266 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

O, xrefs: 00AFB388

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: c9e16f249a14fe9d03a66fa9d93b815a5e767dab22e104375425601a6047ad68
Instruction ID: b83fbca6542835bc4c721272456131c3c4b01a6fa2746e258ee32db88d8294ef
Opcode Fuzzy Hash: c9e16f249a14fe9d03a66fa9d93b815a5e767dab22e104375425601a6047ad68
Instruction Fuzzy Hash: 6B5128B3F1122547F3644E29C8543627292EB95310F2F867C8E896B7C9D93F6C4A9385

Function 00A302A2 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

*, xrefs: 00A302FA

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: 8dc5d35709effc094c24f7a36ea39a7861798d2150be2b9fee11160fc3232fae
Instruction ID: 9dfc980a28e28773a05844c56a9851b38961acef85a3c6b20357d3f149945386
Opcode Fuzzy Hash: 8dc5d35709effc094c24f7a36ea39a7861798d2150be2b9fee11160fc3232fae
Instruction Fuzzy Hash: CC415EB3F112254BF3504E29CC583A17253DB96310F2F85788E885B7CAD97E6D09A384

Function 00A7927B Relevance: .6, Instructions: 570COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b744b8684b510f882f18b91c723225140f2a3522cd219a2e89ed25e95c6e941
Instruction ID: 19419a735c2fe9a66fc1b6b10316fdff5daa9aa6a5c6a307072825d832592144
Opcode Fuzzy Hash: 7b744b8684b510f882f18b91c723225140f2a3522cd219a2e89ed25e95c6e941
Instruction Fuzzy Hash: 1112BFB3F102154BF3445939DC98366B692EBD4320F2F823D9E88A77C4E97E9D064785

Function 00B122F7 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 146f93124326a52eeedd5a1502ab2a7ba99d4b4c6de56a1a0fe6f3884adc27d2
Instruction ID: 14f83036b337beed602e48dad73ccaeb24f70638776b0ad4b0dea06fdddc8c41
Opcode Fuzzy Hash: 146f93124326a52eeedd5a1502ab2a7ba99d4b4c6de56a1a0fe6f3884adc27d2
Instruction Fuzzy Hash: D91237B3F106554BF7640978DD983A21983D7A5324F2F82798F9CAB7C6D8BE4C864384

Function 00A2F0DE Relevance: .6, Instructions: 550COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bc2b3bee7e62bd64178c1b47b354ac1ba99a2139f20bf2abb7ba76ab414ce10
Instruction ID: ab4684e5bfd12347fd2f591e04e8f3d57cd9c8a0dcd40c05aa36cfe1e02e6014
Opcode Fuzzy Hash: 6bc2b3bee7e62bd64178c1b47b354ac1ba99a2139f20bf2abb7ba76ab414ce10
Instruction Fuzzy Hash: 5202CDB3F142104BF3488939DC593767693EBD4324F2B863C9A989B7C5ED7E980A4385

Function 00ABB3C6 Relevance: .6, Instructions: 550COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c018220112bbf4a46c0e2e71bd58469bf5b7539501c285d7bf0c642401f85f6a
Instruction ID: 8c935c0d6163789012ec6b8141fe81153d59297441c95bbbf0c5fa599cdab640
Opcode Fuzzy Hash: c018220112bbf4a46c0e2e71bd58469bf5b7539501c285d7bf0c642401f85f6a
Instruction Fuzzy Hash: FB02CEF3F102204BF3484929DC993A27696EBD4320F2F863D9E99AB3C5D97E5C064785

Function 00A2A212 Relevance: .5, Instructions: 500COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d64601445b4001446e28c0438a0fc90ebbe3fbca2e62f369952c0cbf82c8a12
Instruction ID: 8020faeda9069db6de5b6b6cdc416c7d97eba011808680bb71a9766b12e4696a
Opcode Fuzzy Hash: 5d64601445b4001446e28c0438a0fc90ebbe3fbca2e62f369952c0cbf82c8a12
Instruction Fuzzy Hash: BAF19BF3F112144BF3585939DC983667683EB95324F2F82388B999B7C5E93E9C068385

Function 00AB2368 Relevance: .5, Instructions: 496COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5005b530d8bf528a18a6320faa31cc2d6b796cf6c58a7747aa2b73751f8b1510
Instruction ID: f901194cd1f61d43d29588a43b8d3c47ff1c1d0c7d973faeca05b3edbdd4aa09
Opcode Fuzzy Hash: 5005b530d8bf528a18a6320faa31cc2d6b796cf6c58a7747aa2b73751f8b1510
Instruction Fuzzy Hash: 09F19AF3F112254BF3484929DC943A67683EBD4320F2F823D9B89A77C9E97E5D064285

Function 00AEC37D Relevance: .5, Instructions: 495COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74f8dbc3002938d00ae2e99abc417f3d04fb928a06685af97d1a3fce12c95f08
Instruction ID: 63c524ff183df8efd3d43616bfbf8869f07244e253111450193fd3abb53f606c
Opcode Fuzzy Hash: 74f8dbc3002938d00ae2e99abc417f3d04fb928a06685af97d1a3fce12c95f08
Instruction Fuzzy Hash: F9F1DFF3E142108BF3484A29CC58376B6D2EBD4320F2F823D9A88977C5D97E5C468785

Function 00AD0104 Relevance: .5, Instructions: 473COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ee35b22db61026fcc184bbcb9bd4710ccf640eb260adce0be126e732e1830d9
Instruction ID: 8eb6b2f658bc9e8af7137b62c153c78f8508be3e940433906d3b8d3203a9f6e5
Opcode Fuzzy Hash: 7ee35b22db61026fcc184bbcb9bd4710ccf640eb260adce0be126e732e1830d9
Instruction Fuzzy Hash: 04F19CF3F116114BF3444929DC593A67692EBE4310F2F823C8B89AB7C5E97E9D0A4285

Function 00B18184 Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78fed5dea5f4dd9c2baedfbe7e94e4a53ff0c55f8f76d1534d736fca1f48f704
Instruction ID: dda6897c91d48f9f9146a9717697a5ef454a457bc5f47d5091cdbf73447e19bd
Opcode Fuzzy Hash: 78fed5dea5f4dd9c2baedfbe7e94e4a53ff0c55f8f76d1534d736fca1f48f704
Instruction Fuzzy Hash: 5AD1AAB3F2112547F3584979CC583A266839BD2320F2F82788E9D6BBC9DC7E5D4A5384

Function 00A3F2E5 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb51c0586b647bb3515c2a2c2d4f21718e58d1806405f02dd9753409afe60820
Instruction ID: dafff2d21d3b57160157c88ea736ea85e5b0efe32e40202482f9a93c79722a8e
Opcode Fuzzy Hash: eb51c0586b647bb3515c2a2c2d4f21718e58d1806405f02dd9753409afe60820
Instruction Fuzzy Hash: 75D1D1B3E141208BF3145E29DC553A6B7D2EB95320F2F863CDA88973C0EA3A5D058786

Function 00A803AB Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b70646571bca29842d7a5acc5d845b74d190d322647f45841e2edf1443bd294
Instruction ID: 7ec69344ca92e25d34e45f322713b65f2887ca7fdb51796a68b9be743d8060fb
Opcode Fuzzy Hash: 9b70646571bca29842d7a5acc5d845b74d190d322647f45841e2edf1443bd294
Instruction Fuzzy Hash: CFD19FF3F115254BF3544939CC583A26683DBD2324F2F82788E58ABBC9D97E9D0A5384

Function 00ADF0A6 Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e16fc8d66032644c67207a5d05c666737117e4350f6ddc065429067e09be71b9
Instruction ID: 131e89c67990e8adfd962f680b09e6a042a7b55ba88003ab860bda43882fd5db
Opcode Fuzzy Hash: e16fc8d66032644c67207a5d05c666737117e4350f6ddc065429067e09be71b9
Instruction Fuzzy Hash: 4AC1C2B3E146148BF3405E29DC843A6B6D2EBD5720F2F853D9A88A77C4E97E5C068385

Function 00A8821E Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef7ece791f0ec8a5acbc74dbac54408243791a1b930fa440dd17891a10ea83ff
Instruction ID: 09657331aa40aefd0a47990c8a90d216e044c843c753482ff0d61187f0579594
Opcode Fuzzy Hash: ef7ece791f0ec8a5acbc74dbac54408243791a1b930fa440dd17891a10ea83ff
Instruction Fuzzy Hash: 73C17EB3F1112647F3484938CD683A26693EB95324F2F82398E59ABBC5DD3E5D0A53C4

Function 00AFC01B Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05a43437874e3cd7f7d2b5fd6de93bbed207b83b99f6465b54cac4b352a39fcc
Instruction ID: 9e26b7b63c080cf2316ee9ce74ce9b58b2638c7543252df6bdcd56d213e5e194
Opcode Fuzzy Hash: 05a43437874e3cd7f7d2b5fd6de93bbed207b83b99f6465b54cac4b352a39fcc
Instruction Fuzzy Hash: 61C1AFB3F1122507F3584939CDA83A265839BD5324F2F827C8E9DAB7C9DC7E5D0A5284

Function 00A5D24C Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d4afd50f1da45372a8a64be00a80faa2ef01b38c79ba69fd257e440812f7670
Instruction ID: fb4d05f231c890d9308015ca39931de8b41035c998748641cd9f34bcce25a4ed
Opcode Fuzzy Hash: 9d4afd50f1da45372a8a64be00a80faa2ef01b38c79ba69fd257e440812f7670
Instruction Fuzzy Hash: 25C19CB3F616254BF3140938CC983A17643EB96324F2F42788F49AB7C6D97E5D0A9384

Function 00B1E034 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8aaa81dce75391305d15fdb8a52a6627db81c435c9a9f609446b12fcd237f45
Instruction ID: 4c354c510d358b0238873eb4f6348b8f92fd0563aa82ed5f7c9e55af41381581
Opcode Fuzzy Hash: b8aaa81dce75391305d15fdb8a52a6627db81c435c9a9f609446b12fcd237f45
Instruction Fuzzy Hash: BAC178B3F111214BF3984939CC683B26583ABD6324F2F82798E5A6B7C5DD7E5C0A5384

Function 00A421AF Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54dcf8cadfb50a1da0feb56c6a5efa449432ac5da1f6a4280e2d070d234ca16d
Instruction ID: 2d867ece1d9ce17c75df3f055ef3f9dd42692656796a17444f903ce324729e35
Opcode Fuzzy Hash: 54dcf8cadfb50a1da0feb56c6a5efa449432ac5da1f6a4280e2d070d234ca16d
Instruction Fuzzy Hash: 92C15BB3F1162547F3584978CC683A2A283AB91324F2F82788E9D6B7C5DD3E5C0953C4

Function 00A3D220 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b60495f0fa38e83e738702c714781882c81d4c4abeda9060e600ed52c9537c1
Instruction ID: 4621d975264207c2d819501d247452eb73650a8e4b20bd404f196771ae7f514e
Opcode Fuzzy Hash: 2b60495f0fa38e83e738702c714781882c81d4c4abeda9060e600ed52c9537c1
Instruction Fuzzy Hash: D6C158F7F1162147F3544929CC5836266839BE5325F2F82788E9C6BBCAE97E5C0A43C4

Function 00AC8163 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eafb3d6892def63828c7e5d1a7cd75754362e3c667343896b48e681f1eeab218
Instruction ID: 95a43c5367d8c5d8c9f82bd9851589cbad203a25f192ab96e56cfa168ab1b582
Opcode Fuzzy Hash: eafb3d6892def63828c7e5d1a7cd75754362e3c667343896b48e681f1eeab218
Instruction Fuzzy Hash: 7EC169B3F116254BF3584935CC983A26683ABD5324F2F82788E9C6BBC5D97E5C0A43C4

Function 00B580E6 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c559bf3cd6f97534abaff5998efd9c672e9546ead2db1052d1677c47764efee
Instruction ID: 84942f8916510ce57937cf35eb1f815b8b3df80af3590bcb3f71d3dbbbac228f
Opcode Fuzzy Hash: 3c559bf3cd6f97534abaff5998efd9c672e9546ead2db1052d1677c47764efee
Instruction Fuzzy Hash: 17C16DB3F6112547F3584938CD683626683EBD1324F2F86788E986BBC9DD3E5D0A5384

Function 00A38384 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8baeddfaf9fd08afbbf46353ff897704f180bf73c08058977cbaa8fb7edb3edc
Instruction ID: 429a9211d7538aa42cbdeb715b6ad1d1c2ed451b0d67e0071d70a74866ad5079
Opcode Fuzzy Hash: 8baeddfaf9fd08afbbf46353ff897704f180bf73c08058977cbaa8fb7edb3edc
Instruction Fuzzy Hash: 1AC18BB3F106214BF3484939CD583A26683EBD5324F2F82788E59AB7C9DC7E5D0A5384

Function 00A930B3 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba667ab5878057d6617d4bd7afe0152d7f638c3abe61c61add56b42d55873154
Instruction ID: 07abb9b4554d697c0adcf580529a45c2b169bd90a9da147ec6584b6d5b5da019
Opcode Fuzzy Hash: ba667ab5878057d6617d4bd7afe0152d7f638c3abe61c61add56b42d55873154
Instruction Fuzzy Hash: 8EC19EB3F5162547F3484924CCA83A26243E7D1324F2F827C8E9D6B7CAD97E5D0A5384

Function 00B0A0F0 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c36b06de923c6c7117adfe94d61ccbd80bcff1ee1de9770299db2fd0829c219
Instruction ID: 1b26da383f3e52a11ecaff2950965e8d2534a3adf21c488398fb12745ecefe49
Opcode Fuzzy Hash: 2c36b06de923c6c7117adfe94d61ccbd80bcff1ee1de9770299db2fd0829c219
Instruction Fuzzy Hash: 9AC18CB3F1162547F3544939CC983616683DBD5314F2F82788E8CABBC9D97E5D0A5384

Function 00B4D389 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0e2bfa8f52dd557a82c859a5669fde76e7321296f26e60ed7e78a80d284f2f
Instruction ID: 4ff7111b9a83ece545959799dcc1e2714bb9fa74844051330c85b4d899d5c610
Opcode Fuzzy Hash: 6d0e2bfa8f52dd557a82c859a5669fde76e7321296f26e60ed7e78a80d284f2f
Instruction Fuzzy Hash: F1B18AF3F1162547F3544928DCA83A26283DBA5320F2F82788F986B7C6D97E5C469384

Function 00AAA148 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d198b1e6dc1a7cdfcfaedcdbbbe23297554f510faab458426800ab18b4c38c09
Instruction ID: 0247ec2f19d654e345642df0441ff4fb0a655e8f568325d23f53356ae103a16e
Opcode Fuzzy Hash: d198b1e6dc1a7cdfcfaedcdbbbe23297554f510faab458426800ab18b4c38c09
Instruction Fuzzy Hash: 73B16BF3F1162547F3544929DCA83A226839BE5324F3F82788A9C9B7C9ED7E5C065384

Function 00A193BA Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f16bd7077aa5489a04c9f9d009ca5eb62b2c9e35a379b7d0c7924ff6e00fa184
Instruction ID: a9e21c978a6c2c0d56477fd1f45aa53d71206e053e6a73151133b2e47025f06b
Opcode Fuzzy Hash: f16bd7077aa5489a04c9f9d009ca5eb62b2c9e35a379b7d0c7924ff6e00fa184
Instruction Fuzzy Hash: 6CB146B3F1123107F3584939CD983A266929B95324F2F82788E9C7B7C9DD7E5D0A52C4

Function 00AAC1AF Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d9cb4879d05aa04d908695beddebf3ce2037845466c4f5e0caf32a20c515207
Instruction ID: 2d63515cc3471bfb2690d8a3ebcad7babd6bb38f037aebb0be2e1d62700411da
Opcode Fuzzy Hash: 9d9cb4879d05aa04d908695beddebf3ce2037845466c4f5e0caf32a20c515207
Instruction Fuzzy Hash: 67B18DB3F2152547F3484975CC583626283DBD5325F2FC2788B49ABBC9DD7E5C0A5284

Function 00A89033 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7cc4b92bf174c180ffa5d6ad0fe2c259c34ad440d4113d140213540102e0b90
Instruction ID: d31b0ee282497922f7f014a49bd81d9482abbbe1bfb1680d93358b7c6071ce64
Opcode Fuzzy Hash: d7cc4b92bf174c180ffa5d6ad0fe2c259c34ad440d4113d140213540102e0b90
Instruction Fuzzy Hash: 75B180B3F115150BF3944939CD583A22583EBE5320F2FC2788A99ABBC9DC7E5C0A5384

Function 00AD53DD Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69cba1335ea65186e52803412177571ec4540737fa94979c2653b78ae3148a34
Instruction ID: 830f22f97fa4e0e2548ef0fa6ed10dd2112e95f42047add31c5c2599b3a2549e
Opcode Fuzzy Hash: 69cba1335ea65186e52803412177571ec4540737fa94979c2653b78ae3148a34
Instruction Fuzzy Hash: 9FB159B3F215254BF3584939CD683A12683E7D5324F2F82788E8DAB7C5D87E9D0A5384

Function 00A2D2B5 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e957f62bae5fc47a326f5a25dc15ead8ae62b0b999b0f7259f6c0e782f07a336
Instruction ID: 0dc1589a48791c0d7ab0a16bf72c7067329e5932265a2391d736015986c184da
Opcode Fuzzy Hash: e957f62bae5fc47a326f5a25dc15ead8ae62b0b999b0f7259f6c0e782f07a336
Instruction Fuzzy Hash: B6B16EB3F1112147F3584939CD683A66683DBD1324F2F82388F996BBC9DD7E9D0A5284

Function 00AF104A Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48d51de353f1219672a6cacb2a2d1f80975d8febe56382e48da3ea7ec3727895
Instruction ID: 2e5f1507502146ce7ebb1bb8cf7a2e84cb7cf4f4584197e61fba940dfc0f2dd6
Opcode Fuzzy Hash: 48d51de353f1219672a6cacb2a2d1f80975d8febe56382e48da3ea7ec3727895
Instruction Fuzzy Hash: AEB157B3F1112547F3544978CDA83A265839BD1324F2F82388E9C6BBC9E97E5D0A53C4

Function 00B061DC Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d8095a7a5dbda0cd019e617a342f99a7327012c3495762fc47e7897b0948662
Instruction ID: 8cb77440f62ae36de3d0c3e60520cd284dd64e7254a9b9d3f9329568a58aa664
Opcode Fuzzy Hash: 1d8095a7a5dbda0cd019e617a342f99a7327012c3495762fc47e7897b0948662
Instruction Fuzzy Hash: 4DA149F3F2152147F7584838CD693A26583E791324F2F82788E99A77C6DC7E8D0A5384

Function 00A20149 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aef55414bb774a0f13b2a6863a0e4289eb1ba2e3b944411278bc02b1dcc497e8
Instruction ID: 8074601adb5a6bfef2903703f32a78305c202493a44861024a2635b9d45c2fdc
Opcode Fuzzy Hash: aef55414bb774a0f13b2a6863a0e4289eb1ba2e3b944411278bc02b1dcc497e8
Instruction Fuzzy Hash: DDB169F3F2162547F3584979CC5836265839BA1324F2F82388F5DABBCAD87E5D0A52C4

Function 00A71293 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 828a8dbd612be947334a5416a40c1f56b1ae5de0f2d460e96115d6772437753f
Instruction ID: c5c8f4370fb41ce0754df2b9ae271505b03765504d763e2b4dacc2b5f43b205a
Opcode Fuzzy Hash: 828a8dbd612be947334a5416a40c1f56b1ae5de0f2d460e96115d6772437753f
Instruction Fuzzy Hash: 58B14BB3F1122547F3584928CC683616683EBE1325F2F82788E9D6B7C9DD7E9D0A5384

Function 00A98153 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f241c2ff4d95ed67afc5ba33e1bf1d742973dc6942b6aa31eb084c5082c7cf0e
Instruction ID: 5b06e94e980b0f08a4d96a96fc5645d4764e72a86c942e9951e08dc6acb35c02
Opcode Fuzzy Hash: f241c2ff4d95ed67afc5ba33e1bf1d742973dc6942b6aa31eb084c5082c7cf0e
Instruction Fuzzy Hash: 27B15FB3F1122547F3544A38CC683A17693EBD6310F2F82788A896B7D9DD3E5D099384

Function 00B66375 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676cac8e03b95462a135db4037450c90e73937313036b9ab1bed951a188c12a3
Instruction ID: f896f84fa9fd31891b33e1a27b1a3a198c18795c752a959dc0ec82c46053c28c
Opcode Fuzzy Hash: 676cac8e03b95462a135db4037450c90e73937313036b9ab1bed951a188c12a3
Instruction Fuzzy Hash: 52B14DB7F1122547F3444979CC58362A683EBD1325F2F82788F58AB7CAD97E9D0A4384

Function 00A6938A Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fce93710268bd6cfac05cd4c4ed6655510c6b5b707666d53039729f11eb15cba
Instruction ID: 05ec7b790a9700b4e041dcd4c1c155d69caaa0a8b5f553c0b46e6e6c600a1b3f
Opcode Fuzzy Hash: fce93710268bd6cfac05cd4c4ed6655510c6b5b707666d53039729f11eb15cba
Instruction Fuzzy Hash: 9FB17AB3F1122547F3584D29CC683A26683EBD5320F2F82788E996B7C5D97E5D069388

Function 00A99024 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45d95e3167ee3c1117084774ae199252cdeff74bf6c17a694b9e9c6789a21064
Instruction ID: f61880fc9279d144108be3f7ae19819a59ebdc87f590b5d2304cd9658af7cf7f
Opcode Fuzzy Hash: 45d95e3167ee3c1117084774ae199252cdeff74bf6c17a694b9e9c6789a21064
Instruction Fuzzy Hash: 56A16DB3F112254BF3544979CC983A176839BD5320F2F82788E8CAB7C5D97E5D0A9384

Function 00AE8098 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffcd5279b20e514267634fda13c21bae524a2e4053a009efa2ac4d52db09deec
Instruction ID: 665190d3439374247894a53f713f261c00249da5f27638a0749a726becfda922
Opcode Fuzzy Hash: ffcd5279b20e514267634fda13c21bae524a2e4053a009efa2ac4d52db09deec
Instruction Fuzzy Hash: 8BA1AEF3F516214BF3544979CC983A26683DB95324F2F82788F58AB7CAD87E5C0A5384

Function 00AFA225 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f6e9d07f4b4d32cd3122acdd14e3c170195b07361b8f34b362375d1ea7fceb
Instruction ID: 177a014e367bfd97781580546541d25f39d58695e93f22b217485070b79e180b
Opcode Fuzzy Hash: e3f6e9d07f4b4d32cd3122acdd14e3c170195b07361b8f34b362375d1ea7fceb
Instruction Fuzzy Hash: B1A179B3F2162547F3584939CC983626683DBD6324F2F82788E886B7C9DD7E5D0A5384

Function 00A1A053 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ecfde128d541e5bb5e7b4dfd8753b048b5a869f15283de6e6317d68b789bc57
Instruction ID: 2483f2111e3c6b19034f5326046857a9b3924f7951a95f6d7dfaf5c5949e7aaf
Opcode Fuzzy Hash: 9ecfde128d541e5bb5e7b4dfd8753b048b5a869f15283de6e6317d68b789bc57
Instruction Fuzzy Hash: 70A180B3F1062547F3140879CD9836666839BD5325F2F82788F9CABBCAD97E5D0A42C4

Function 00B050BB Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e10fdf100f6cbb6b212df53f79becd0a037bb753f3ff1c27947c5a0d796db2b
Instruction ID: 53862d15b00224537a86ce2fa50aa0bf643b0815f6c4f9ea723b02e8e713127a
Opcode Fuzzy Hash: 3e10fdf100f6cbb6b212df53f79becd0a037bb753f3ff1c27947c5a0d796db2b
Instruction Fuzzy Hash: B6A159B3F1122547F3584939CD583626683EBD1324F2F82788B896BBCADD7E5D0A5384

Function 00A96294 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7079de1b6a9da1c1e8ddd68d90e280ab0cbaec443daf10ae2d027ca0c54a83f9
Instruction ID: a50d4f8ba0f2b6e047c0a2455d824d75175b810b12fa3f97c7fd00808914f825
Opcode Fuzzy Hash: 7079de1b6a9da1c1e8ddd68d90e280ab0cbaec443daf10ae2d027ca0c54a83f9
Instruction Fuzzy Hash: BBA18FB3F1122647F3584D78DD983626683EBD5314F2F82388E49AB7C5D97E9C0A9384

Function 00A2E3EB Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d0904d06b91e383dd2719fd89e407c49cc74f2d58574471723fe81dd06c5e47
Instruction ID: b167cd3b8e1169f994036f78c27b7b0430e903d67bd1659b48f66a9a3fbeaa12
Opcode Fuzzy Hash: 7d0904d06b91e383dd2719fd89e407c49cc74f2d58574471723fe81dd06c5e47
Instruction Fuzzy Hash: 56A148B3F116254BF3544938CC983626643ABD5324F2F82788E8D6B7CADD3E5D0A5384

Function 00AE5079 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd877102765443bab20bd2ab10b898966465eca4ca2b6206b758dc61ace0401e
Instruction ID: 48e174412cc652affaff618d69f9c3af85ce5f9b075dbcb00e0516116fcbd9d7
Opcode Fuzzy Hash: dd877102765443bab20bd2ab10b898966465eca4ca2b6206b758dc61ace0401e
Instruction Fuzzy Hash: A3A17FB3F6162547F3588939CC983A265839BD5320F2F82788E9CAB7C5DC7E5D0A5384

Function 00B4A14D Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd6e15e6d78b066d431b6f433d2a2b8b32bef684e40203520c85cd8749da875
Instruction ID: 80c5c00d083a8b791eced34a37aa135442c764af2fbbbd91acdf3bbe9a40d7bf
Opcode Fuzzy Hash: 9fd6e15e6d78b066d431b6f433d2a2b8b32bef684e40203520c85cd8749da875
Instruction Fuzzy Hash: 05A1ABF3F2152547F3544938CCA83A16282EB95324F2F82798E89AB7C9D97E5D0963C4

Function 00A9D195 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f237d63df74afeb6e35d3d22f7eeba24ef0d8fa24f48216798fa3359773b749
Instruction ID: dc878a5b71d95d50784f8484606e7be2fb3eef86e8fce7f70cbe08be54b6a0c6
Opcode Fuzzy Hash: 8f237d63df74afeb6e35d3d22f7eeba24ef0d8fa24f48216798fa3359773b749
Instruction Fuzzy Hash: F5A13AB7F101354BF3604E68CC583A1B6929B96324F2F42788E8C6B7C5DA7E6D4993C4

Function 00A372FC Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30f11fb393ca5e610a52efab65679aec70858989ccb2db675d753324296218a
Instruction ID: b9dbcde7562ccbb3b38648d39c4e48f546667b209c4c1917097d45a0b3c72d1b
Opcode Fuzzy Hash: a30f11fb393ca5e610a52efab65679aec70858989ccb2db675d753324296218a
Instruction Fuzzy Hash: 50A16CB3F1062547F3544978DCA83622183DBD5714F2F82388B89AB7C9ED7E9C469384

Function 00A5A3B3 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03759d14f8e19513b289c332e71893da5c952dcb62ad589ec76d0b05d0690506
Instruction ID: d700d4d10c31017778170746e2dca403f33c6d06d7aba9bb442937c8317c8a15
Opcode Fuzzy Hash: 03759d14f8e19513b289c332e71893da5c952dcb62ad589ec76d0b05d0690506
Instruction Fuzzy Hash: BDA17DB3F2062547F3584938CCA83726282EB96310F2F82798F996B7C5DD7E5D099385

Function 00AD8228 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ac481b4a0cb8d5c340e66b4f57fddec849148d6c5ae9fffa7ead0ecfd43f21
Instruction ID: 6e299bac47a1bd615c4e8f4609ebac9d5864078e43a7a02113cdb95530b9f911
Opcode Fuzzy Hash: 11ac481b4a0cb8d5c340e66b4f57fddec849148d6c5ae9fffa7ead0ecfd43f21
Instruction Fuzzy Hash: 6CA1BFB3F1122547F3544D24CC683B26283EBA5320F2F82788E996B7C5ED7E5D4A9384

Function 00A70039 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 721737b1cd4fe79cac863c10ebb8f6fb68d0d6a552d241a5e515af283d0b0812
Instruction ID: dc7397dcd3d8c8086e2264d186f49bcec9459e0f2257c5205182eebb19567aba
Opcode Fuzzy Hash: 721737b1cd4fe79cac863c10ebb8f6fb68d0d6a552d241a5e515af283d0b0812
Instruction Fuzzy Hash: A7A17DB7F1162547F3544E28CC983617653EBD6314F2F82788E886B7C5D93E9D0A9384

Function 00B6B0E9 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 374d945b0dd6e53c92139351a16fc727ab719a51844a0accb32fc5b32212e558
Instruction ID: a24ace048e0dedea1de0325092b7bb17a6831ada48279339e33eb474e2657715
Opcode Fuzzy Hash: 374d945b0dd6e53c92139351a16fc727ab719a51844a0accb32fc5b32212e558
Instruction Fuzzy Hash: C3A158B3F5022547F3584935CCA83A22183DB95324F2F82798F8A6B7C6DC7E5D0A5384

Function 00A8D253 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6100853123dc446fee32ea8771459da2c37b7d3b3337d6df0d8cb8029113ef8d
Instruction ID: d2b172db36e8272aa00b73fd344cd09c8152483abd8112f3246ea810f05d62eb
Opcode Fuzzy Hash: 6100853123dc446fee32ea8771459da2c37b7d3b3337d6df0d8cb8029113ef8d
Instruction Fuzzy Hash: 19A1A9F3F5062547F3484824DCA83A22583E7A5324F2F82798F9A6B7C6DC7E5D4A5384

Function 00A36398 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be551ccdcc28980f672f0d96614e4520865853faac4f6af9ec5c854f07868f98
Instruction ID: d373151f96a51896a2f087be3eba9dfca0bb4cea2147c28390e01f527b2de5b4
Opcode Fuzzy Hash: be551ccdcc28980f672f0d96614e4520865853faac4f6af9ec5c854f07868f98
Instruction Fuzzy Hash: 1BA125B3F1112547F3984939CD683A26683ABD1314F2F82388B5DAB7C5ED7E9D0A5284

Function 00A3308F Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 901f18178d730697b30aba65b4a5c66d94b52015f235e398471893274ab6238e
Instruction ID: c7830632b56f62322604b418fc446c6bd3ae14a0950419a4ccc8d7a474d701f6
Opcode Fuzzy Hash: 901f18178d730697b30aba65b4a5c66d94b52015f235e398471893274ab6238e
Instruction Fuzzy Hash: B2A15BB3F6162607F3584878CD593B22583D791324F2F82398F99AB7C9DC7E9D0A5284

Function 00B2730E Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5889f3b12b2bc76b794e1306a7a931d91dd3ff5d28e9f1e1183d5f225f859dc
Instruction ID: 24159954e79d2b14fa47d9b3e69ad136cd59bd6f658fe831b053d88061e08ad3
Opcode Fuzzy Hash: a5889f3b12b2bc76b794e1306a7a931d91dd3ff5d28e9f1e1183d5f225f859dc
Instruction Fuzzy Hash: C8A17BB3F502254BF3544D39DCA83626682DBA5324F2F82788E98AB7C6D97F5C058384

Function 00A402E8 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf9b0d12f1137f4cc3f5c9021a9302b1a9911e3a7bab828706023421ba315e8
Instruction ID: 6a36cba637965ca4b99a1de5a978fd508eaf7824c83bdc89bbcc8f36017e00ac
Opcode Fuzzy Hash: fdf9b0d12f1137f4cc3f5c9021a9302b1a9911e3a7bab828706023421ba315e8
Instruction Fuzzy Hash: C5A1B0B7F2162547F3444939CC583A26683D7D5324F2F82788E986BBCADD7E9D0A5380

Function 00AD111A Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0d8915ceb738a08ea7fbbe8e2a3b63674710d9031948afd5c3045f986e543cf
Instruction ID: 570d1920d4e92923eec3f1d48788157698582464ab1381df0a618efed4d844e6
Opcode Fuzzy Hash: f0d8915ceb738a08ea7fbbe8e2a3b63674710d9031948afd5c3045f986e543cf
Instruction Fuzzy Hash: B2A1BEB3F211254BF3544939CC983A27643EBE6314F2F82788A895B7C9DD7E5D0A9384

Function 00A870DD Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8867e7b61a1a79ec2cfd1117b47271c0700c3218922c3cb018d8975b724b969b
Instruction ID: 3f8d5cd8ce1a7377a2ba9a827b617bd730d2f183a3ee6121b455c79d6f106d5a
Opcode Fuzzy Hash: 8867e7b61a1a79ec2cfd1117b47271c0700c3218922c3cb018d8975b724b969b
Instruction Fuzzy Hash: C9917CB3F1122447F7544978DC983A12683DBD9324F2F82788E9C6B3C6E97E5D0A9384

Function 00AB02E8 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4eb96b3bd179d33e4b34de5f31c13953a344195df0fbdc21db34398881ce7fca
Instruction ID: b78fd508dd02d67aec44c269e6cd1bbf296ee1973331647bffa2af155c43efa8
Opcode Fuzzy Hash: 4eb96b3bd179d33e4b34de5f31c13953a344195df0fbdc21db34398881ce7fca
Instruction Fuzzy Hash: 7DA19DF3F216354BF3544968CC983A2B6929B95320F2F82388E5C6B7C6D97E5D0953C4

Function 00B1930B Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb1be33cbefe77153154ded58d4fddd2389d9695a0c9cc628e0d31ba8decff5d
Instruction ID: 26a110cd51a22737d6e513d88914bafbe19508109731a49eb7283c69c2b42d7d
Opcode Fuzzy Hash: cb1be33cbefe77153154ded58d4fddd2389d9695a0c9cc628e0d31ba8decff5d
Instruction Fuzzy Hash: 84A1ADB3F1162547F3544939CD583A26683ABE1320F2F82788E9CAB7C5ED7E5C0A5384

Function 00B3201D Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b20cb483138dbbe68f5027e016cd41780004f8f69d03f881923593452b0f05c
Instruction ID: 7d0983af0e5a927116f76f3b8878475bfe1fc49dd1a8689a0e75b6ddb505f027
Opcode Fuzzy Hash: 4b20cb483138dbbe68f5027e016cd41780004f8f69d03f881923593452b0f05c
Instruction Fuzzy Hash: 47A17BB3F1112547F3544A29CC583627693EBD5320F3F82788A986B7C9DD7E5D0A9384

Function 00A23011 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2a928908f4e008e822aa2073caf4f46d7fbd410025b6aededea5012d8127fc5
Instruction ID: 9b4ec24e9910a17c460380b53ff2be2a27bd0f9020168b88c31e57d4eb2e8eb3
Opcode Fuzzy Hash: a2a928908f4e008e822aa2073caf4f46d7fbd410025b6aededea5012d8127fc5
Instruction Fuzzy Hash: 0FA17CB3F5022547F3544D28CCA83A27682DBA5324F2F827C8E896B7C6D97E5D459384

Function 00AA51FC Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07075ad3b923fb7309d52f4e789ae607ccc6251d3da27364fe98d881da6dc89b
Instruction ID: 6e207d30c7aa9b69b5856942f17b74f07adbfdb19902822d808a1dbb0c4b1fd8
Opcode Fuzzy Hash: 07075ad3b923fb7309d52f4e789ae607ccc6251d3da27364fe98d881da6dc89b
Instruction Fuzzy Hash: 11A16CF3F116254BF3484978DC583A26683D7D1314F2F82788E986B7C9E97E5D498388

Function 00A92027 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dca1fb105d5a287bc3353ce67a94df5b58cadade3f9ed638e93ba2f158128ee
Instruction ID: 5dec8472691f03873f414f4de1bd4698b03f394c629aa9e2661c2ed14d840d24
Opcode Fuzzy Hash: 5dca1fb105d5a287bc3353ce67a94df5b58cadade3f9ed638e93ba2f158128ee
Instruction Fuzzy Hash: 61919AB3F512250BF3544979CC583A169839BD5324F2F82788F9C6BBC9DCBE5D0A5284

Function 00B39059 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52b21e04c18b0cb5b98e813312021f8670a13ca899a6ca99762ff4fc0875e97a
Instruction ID: 866f9952a73d7d07a82d9876add81525a395d7dea357a05b5a7e090688bdf1ed
Opcode Fuzzy Hash: 52b21e04c18b0cb5b98e813312021f8670a13ca899a6ca99762ff4fc0875e97a
Instruction Fuzzy Hash: 77A17CB3F1022547F3584D28CCA83B17682EB95315F2F81788B8A6B7C5D97E6D099385

Function 00A4F122 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4285816b8458e7de7d84e37b6bb3b37e61482d75fa0b6b6f52d8a1b8ab2aae88
Instruction ID: c8dac6faa29992773c9e396dfa730b2c2202eb8bd81ea5efd66d90d8f49b6ff6
Opcode Fuzzy Hash: 4285816b8458e7de7d84e37b6bb3b37e61482d75fa0b6b6f52d8a1b8ab2aae88
Instruction Fuzzy Hash: 8FA18BF3F112264BF3544978CC983A266939795320F2F82788F5C6BBCAE97E5C465384

Function 00A6E1BA Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d095ee585d0c024e0832f8c32130aba46858de03dd90f62df2cc7c15fef35c1
Instruction ID: c174d3a07a83dc2774ec72cbc2cee117a663ab5adacbd8bec45ee1424cef4208
Opcode Fuzzy Hash: 9d095ee585d0c024e0832f8c32130aba46858de03dd90f62df2cc7c15fef35c1
Instruction Fuzzy Hash: F8A14AF3F1222547F344493ACD583A26583A7D5321F2F82788A5C6BBCADC7E8D4A5384

Function 00A75208 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc4e1265dd312457401e952960285afe8f217731c8d49a5113dea4c78dd2242a
Instruction ID: 5f30c4abda23f820690e6b71d24d03dfa22cff77def714145926566f45056f29
Opcode Fuzzy Hash: bc4e1265dd312457401e952960285afe8f217731c8d49a5113dea4c78dd2242a
Instruction Fuzzy Hash: 21A158B3F112154BF3484938CC683726693EB96314F2F82788B896B7C9DD7E9D4A5384

Function 00A56287 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac420e217788c0c00993fd3294d969345a85a320d0501ea1b0f0ad93cd973f9a
Instruction ID: 61922d176cd08ad2969a787a28a1a5a05da5ca0b73dc70a156cb90bc488270f0
Opcode Fuzzy Hash: ac420e217788c0c00993fd3294d969345a85a320d0501ea1b0f0ad93cd973f9a
Instruction Fuzzy Hash: 71A14AB3F1122547F3544E29CC983627693EBD5324F2F82788E886B7C9D97E5D0A9384

Function 00A8124B Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 853b51da633a4e901f391a6e770c992bd6f29243ad3b9c2aa6af2159bd95bb46
Instruction ID: 407ad674ebafa35385323aac95ef35418fc2a51a9a549ad6c65161c0459f7249
Opcode Fuzzy Hash: 853b51da633a4e901f391a6e770c992bd6f29243ad3b9c2aa6af2159bd95bb46
Instruction Fuzzy Hash: 59917AB3F5162507F3584878DCA83A26583DBD5324F2F82788F5DAB7C6D87E5D064288

Function 00B550DB Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5df0b0fac0fe0d1601350c66421a6a8e0197daab858cfd50ef2ef38a6b1a52e
Instruction ID: f49354feedd5e0c05fcbb2c697526ccd09bdef5684e30d0d15508a490a8fdd5f
Opcode Fuzzy Hash: c5df0b0fac0fe0d1601350c66421a6a8e0197daab858cfd50ef2ef38a6b1a52e
Instruction Fuzzy Hash: 5391A0F3F5062547F3544834DDA83A26A82D791324F2F82788F8DAB7C5D87E4D0A5384

Function 00B54267 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 067ccd36fbe67095b44554ca208ebe193d03805a76f8e5e32476010955e7ae70
Instruction ID: f5cc798e971894bb8385652657c1898dda027bdc92ed5841307595cd0e2acbe5
Opcode Fuzzy Hash: 067ccd36fbe67095b44554ca208ebe193d03805a76f8e5e32476010955e7ae70
Instruction Fuzzy Hash: C1A15DB3F112254BF3444A29CCA83B17693EBD5314F2F81788E895B7C5E97E6D0A9384

Function 00AB7128 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83da09c634b8b3caa3861bdea1c4d388d45b435afe6e86bf2c89582c351ae584
Instruction ID: 8752dfe06effc51afabf3d1e9b3a44f9a54c7ee7b8e6f495478416fbb31af623
Opcode Fuzzy Hash: 83da09c634b8b3caa3861bdea1c4d388d45b435afe6e86bf2c89582c351ae584
Instruction Fuzzy Hash: 3C915BB3F512254BF3504D29CC983A17683EBD5320F2F82788E986B7C9D97E5D0A9784

Function 00ADB161 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c7fc5bc06f7190d1941b6af6df0e94ba15eb4cce445f24ec60ea519612e364b
Instruction ID: 3e2b3d5daab0b7bf8c29dba2795b5e225f733c93a0648c680ceb4fdd3044c38f
Opcode Fuzzy Hash: 2c7fc5bc06f7190d1941b6af6df0e94ba15eb4cce445f24ec60ea519612e364b
Instruction Fuzzy Hash: 99919CB3F106254BF3544968DC983617692EB95320F2F82788E8C6B7CAD97E5D0653C4

Function 00A7E10E Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0229049ef4d13bf41d19b0651315050ad235c6edd64c2e8a3e804b8892075cdf
Instruction ID: f910b0dcde840569183535a2aaed9693b334ee0e25d1d80a56cc5f6d92db7dd1
Opcode Fuzzy Hash: 0229049ef4d13bf41d19b0651315050ad235c6edd64c2e8a3e804b8892075cdf
Instruction Fuzzy Hash: 119155B3F1122547F3544879DDA83A2258397A5324F2F82788F9C6B7CAE87E5D0A5384

Function 00AC5397 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51718e73525be0605f8207e149b0a24ef51855fed203aff8dfb335ee621645f6
Instruction ID: 063a21841658066e1b0ac2232bd90a207ce5b612464fdafa52e16640fbecfa4b
Opcode Fuzzy Hash: 51718e73525be0605f8207e149b0a24ef51855fed203aff8dfb335ee621645f6
Instruction Fuzzy Hash: A8918DB3F512254BF3444928DC983627683DBD1324F2F82388E586B7CAED7E5C4A4384

Function 00A72186 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e0895bb5486d44a1e29d280960d727148082a7df468cf5b47ec2507c46711c
Instruction ID: 8e181e728bffcdbb67135de07ebaf8cb5af52eb37ff8002285e6d5f08a1283f1
Opcode Fuzzy Hash: 24e0895bb5486d44a1e29d280960d727148082a7df468cf5b47ec2507c46711c
Instruction Fuzzy Hash: BA916BB3F1122447F3544969CC943A26283E7D5321F2F82788F886BBC9DD7E6D0A9384

Function 00AED167 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f62a1136ceb6ead1363666603b8035d1756a47cb9d1f3750245f2a9bbafc106
Instruction ID: eae4396b1024fdc8901ac26c924af5585af75e3c24de49672c62b7e22ef81fb4
Opcode Fuzzy Hash: 3f62a1136ceb6ead1363666603b8035d1756a47cb9d1f3750245f2a9bbafc106
Instruction Fuzzy Hash: 31917CB3F106254BF3584978CDA83712682DB95324F2F82788F896B7C6E97E5D0993C4

Function 00A1F2F9 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f123942adc33b85a09cf7a91026e370d5e9a1993584569c4e74480a31f11c6
Instruction ID: 3c6a95be05c3b2b6941bce58c3fdcff3c328b685a5812eafd217f8965eeb166b
Opcode Fuzzy Hash: f5f123942adc33b85a09cf7a91026e370d5e9a1993584569c4e74480a31f11c6
Instruction Fuzzy Hash: ED91ACB3F112254BF3544975CC583A266839BD6320F2F82788F986B7C9D97E4D4A9384

Function 00AC92DB Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50f45b7f8fae65542fc35e286ce95e8b1b7a75ac18559c8df037bdf5430d5faa
Instruction ID: 29e8d9a84c04e71c38563aff9e2b9388cd33f257d3f5b66cec5776aa97a4136c
Opcode Fuzzy Hash: 50f45b7f8fae65542fc35e286ce95e8b1b7a75ac18559c8df037bdf5430d5faa
Instruction Fuzzy Hash: 6D9159B3F516254BF3444D29CCA43A26283EBE5324F2F82788E996B7C5DD7E5C0A5384

Function 00AF3301 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4b060c817aedfbe248e81b6c3a4acbe7dbe17900fc37ffc2b50932a2cde742c
Instruction ID: bf6e23d50a06a56c8856bc0d5646cf11d4a97d76d6d570af180d9d6c3db4c96d
Opcode Fuzzy Hash: f4b060c817aedfbe248e81b6c3a4acbe7dbe17900fc37ffc2b50932a2cde742c
Instruction Fuzzy Hash: 77917FB3F5122547F3544D28CCA43627683EBD5324F2F82788E99AB7C9D93E5D0A5384

Function 00A9F009 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae9bdbc1ff4731359878b066832246b29c6f95903bb714ecbad51dc6ef15682a
Instruction ID: 111b75ea41b9005cec0388f7e732c7ce2a0594963565792b7d323abea935c54a
Opcode Fuzzy Hash: ae9bdbc1ff4731359878b066832246b29c6f95903bb714ecbad51dc6ef15682a
Instruction Fuzzy Hash: 3091ABB3F206254BF3684D28CCA43B17683DB92324F2F82788E996B7C6D97E5C055384

Function 00AE2044 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc7ec64511dd0f4cdd09db1a7f98f3f7c470989997f517caaed5a18b53479ef3
Instruction ID: e4a340e56bcae099524f2fb8949816e4138d6c12f8907a51901cb8608cd0cdd6
Opcode Fuzzy Hash: bc7ec64511dd0f4cdd09db1a7f98f3f7c470989997f517caaed5a18b53479ef3
Instruction Fuzzy Hash: CB919AA3F2122507F3984879CD683B66583DBD1310F2F82398F99ABBC9DC7D5D0A5284

Function 00ACF3A4 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f3a8dd351c1e874d3890a9f084ae31f584431754792e913b43b8af2bb9b524f
Instruction ID: c9cbcee55b4d7b8d673b513e21a68e3bd56c7823c28dea69648a6cdaa09db439
Opcode Fuzzy Hash: 8f3a8dd351c1e874d3890a9f084ae31f584431754792e913b43b8af2bb9b524f
Instruction Fuzzy Hash: 7A916DB3F1162547F3584939CCA83A262839BD5324F2F82388E8D5B7C5ED7E5D0A5384

Function 00B6F0BA Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bdc5543447d90b4d638b93758413f6e0671ee79b7d5d30651d7272d8797f66e
Instruction ID: 2eb1c63b47ed655cf8edf72a6d181dc4044231eed896fae347cbfee62dada5df
Opcode Fuzzy Hash: 9bdc5543447d90b4d638b93758413f6e0671ee79b7d5d30651d7272d8797f66e
Instruction Fuzzy Hash: 3A916FB3F1122647F3544929CC583726693DBD6320F2F82788E8C6B7C5D97E9D4A9384

Function 00AC7155 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a631af59ade0831f0fb7fd35952dde7eb083cf6c92989b938867778e7b205f6b
Instruction ID: fd9774f3c59071b9b8f1b16b5fb645bf826048c91bbcf86765ad2a2ff56aa353
Opcode Fuzzy Hash: a631af59ade0831f0fb7fd35952dde7eb083cf6c92989b938867778e7b205f6b
Instruction Fuzzy Hash: BC91A0B3F2162547F3544D68CC983A17683EBD1314F2F82788E886B7C9D97E5D0A5384

Function 00B36009 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d880f86436eb287fa39d0eb84f2229b21429147bd04197015a7e0a363ee42c68
Instruction ID: 38a64c1c18d0e902dfafc53af0cf03e3cc2785f2f9159087aae297d621a59adf
Opcode Fuzzy Hash: d880f86436eb287fa39d0eb84f2229b21429147bd04197015a7e0a363ee42c68
Instruction Fuzzy Hash: 8891AEB3F5162107F3544978CCA83A16683EBD5324F2F82788E986B7C5D9BE5C4A53C0

Function 00B4B2B7 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2a4fcdda674bcaccaa09c38ada3c8976d00486a1e6426b69b8deb0c7846e4d5
Instruction ID: 8fe7fe642cc4d75d0abad2bd5dd05d241bf24757c03f68183fc99af0a446ab01
Opcode Fuzzy Hash: e2a4fcdda674bcaccaa09c38ada3c8976d00486a1e6426b69b8deb0c7846e4d5
Instruction Fuzzy Hash: F3917BB3F1112587F7540E28CC683A17653EBD6310F2F8178CA896B7C9DA7E9D4A9384

Function 00A9E1EB Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcdc041d3f7b5fa77a911e3247bc87b21407d2dabc9dc26644cbd3fdf72b88df
Instruction ID: fea97335cee1c486f086b1651698b3eb1233e4a076b5576a1a7a8478f9034d7b
Opcode Fuzzy Hash: fcdc041d3f7b5fa77a911e3247bc87b21407d2dabc9dc26644cbd3fdf72b88df
Instruction Fuzzy Hash: 07915FB3F1122647F3544E24CC583A27653EBD5314F2F82788E886BBC9D97E5D069784

Function 00B6D176 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e41054359a66324fcdcffd6abd5123f26a321f80585b21aa1020b237ddb23c31
Instruction ID: 072836e7120dbc975039aab9b88a9b65d21455049bed60cd1326922e93540cc8
Opcode Fuzzy Hash: e41054359a66324fcdcffd6abd5123f26a321f80585b21aa1020b237ddb23c31
Instruction Fuzzy Hash: AB916EB3F1112547F3544D29DC583A1B293ABD5320F2F82788E9C6B7C5D93E9D4A9384

Function 00B623D6 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 022048dd5eaa11118d3422258a264f8a7d948858a24c71e8817c907944842d82
Instruction ID: e58a23100373411abeeaff7bf530f6ccabcb2b564d4b7fc8d04ec328206e79fc
Opcode Fuzzy Hash: 022048dd5eaa11118d3422258a264f8a7d948858a24c71e8817c907944842d82
Instruction Fuzzy Hash: 4E918BB7F102254BF3544A29CCA83A27292EBD6310F2F8178CE886B7C5D97F5D069784

Function 00AAD329 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5e369231d84258615508ea45fc8cd45c50f99bf15eb6ee7a3b2ca9b9ebc7faf
Instruction ID: d0e507ef17d5bbe978c494f57afa05b41028b6d38fa6ce3290bf8c952505b124
Opcode Fuzzy Hash: b5e369231d84258615508ea45fc8cd45c50f99bf15eb6ee7a3b2ca9b9ebc7faf
Instruction Fuzzy Hash: B0914CB3F112254BF3584938CCA83717253EBD6314F2E81788A896BBC9D93E5D0A9785

Function 00A57021 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53f106951c02e16aa1348cabe13efe8db525d2c49afdb91b8413880248369050
Instruction ID: c622a2ca2a237bed17d0872611276f72304243d2e46fe112d75b81d9343d82bd
Opcode Fuzzy Hash: 53f106951c02e16aa1348cabe13efe8db525d2c49afdb91b8413880248369050
Instruction Fuzzy Hash: FB91CDB3F2062547F3544978CDA83B16283EBD2320F2F82798E996B7C9DD7E5C095284

Function 00A552CD Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16a22d4f3b55c105e146f474c9e432bc6d18e293330a14e3626a91132e062a32
Instruction ID: 3b6d3fcf57e30f9f41c69c5e685f69339e15329263189a5b8b444736356ab2b8
Opcode Fuzzy Hash: 16a22d4f3b55c105e146f474c9e432bc6d18e293330a14e3626a91132e062a32
Instruction Fuzzy Hash: 509181B3F112254BF3504E38CC983617653EB96311F2F82788E586B7C9DA3E6D099785

Function 00AC13E2 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ba6cad7bf255afc5902269b3736e9ca8a4213aa31aed911c5194dc59b039bb1
Instruction ID: 80e78895282f0e7bd707853e823b4e3b8d160df0bbf8a2d00438c5736ad7b646
Opcode Fuzzy Hash: 2ba6cad7bf255afc5902269b3736e9ca8a4213aa31aed911c5194dc59b039bb1
Instruction Fuzzy Hash: 50919DB3F112254BF3444979CC983627293EBD5314F2F82788E48AB7C9D97E6D0A9384

Function 00AD230F Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b95a4ee48406bbaa627f1c6956722e76249063ff92d6fdb38e4fc827b2c5bf3b
Instruction ID: b804fc4f6bbe831db8494763e46d3a135abd5f8e5ca5ea0b9dcc364a2646cb00
Opcode Fuzzy Hash: b95a4ee48406bbaa627f1c6956722e76249063ff92d6fdb38e4fc827b2c5bf3b
Instruction Fuzzy Hash: 66916CB3F5122547F3584939CC283A26583EBD5320F2F82388B99AB7C5DD7E9D0A5384

Function 00AB308E Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa00d8633f68116e0f417e5368033dcf6c52becd11ecc7052a862fdc0a0c4332
Instruction ID: a02a0214712e66e33004e753fce90a18027c70b1d37ee1a77120895dd3a7c99d
Opcode Fuzzy Hash: fa00d8633f68116e0f417e5368033dcf6c52becd11ecc7052a862fdc0a0c4332
Instruction Fuzzy Hash: 15917DB3F1162647F3544939CC88361B683EBE5315F2F82388E88A7BC5D97E5D0A9384

Function 00B420E3 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcb1262045782cffd5340416b3f8d21491c0a4ca0238a2c36b994c10a472056b
Instruction ID: 32d8ea270ce4c28d07521aa9f74bfbb3eec86149eb7806068f34168f7c09333d
Opcode Fuzzy Hash: fcb1262045782cffd5340416b3f8d21491c0a4ca0238a2c36b994c10a472056b
Instruction Fuzzy Hash: 639159B7F212254BF3440928DD583A27683EBD5324F2F81788E496B7C6DD7E9D0A5388

Function 00A6A172 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d192ec46ae668a6d8ed9ac9d516e4b5bc639ffcd559624a2ab86b875ac513c54
Instruction ID: 7242809ca3b21d97800ff7fa44750cd8f0012c901a28dd82d11a3712e30d199d
Opcode Fuzzy Hash: d192ec46ae668a6d8ed9ac9d516e4b5bc639ffcd559624a2ab86b875ac513c54
Instruction Fuzzy Hash: A79159B7F112254BF3544D35CC983A26283ABD5320F2F82398E886B7C9DD7E5D4A5384

Function 00A9A2BA Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5dbe5eac5dca41a71344a0feb20cf5fa5fdcf44ebb0a037b13cf2e1bb2a2c12
Instruction ID: 20edf485873754b874e40ff327ebbc66f5d30273c35fc0f9f35bf45987aee230
Opcode Fuzzy Hash: f5dbe5eac5dca41a71344a0feb20cf5fa5fdcf44ebb0a037b13cf2e1bb2a2c12
Instruction Fuzzy Hash: A1916CB3F2112547F7584D38CD583A22683EBD5314F2F82788B89AB7C6D93E9D0A5384

Function 00A67277 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d1cf8719ec95ec977eb851033eadf66ecfd0a2627e41461d4b50770c621d657
Instruction ID: 25351209bfbbb82a41d9b76dc77c0e28192a22ac8592570acc57f8a309b8ee4f
Opcode Fuzzy Hash: 9d1cf8719ec95ec977eb851033eadf66ecfd0a2627e41461d4b50770c621d657
Instruction Fuzzy Hash: CA9189B3F2052547F3444979CD993A26643A7D2324F2F82788E9CAB7C5CD7E9C0A9384

Function 00B59085 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f070e0143464c4ae4f5f7ca68ba2e8a1375209b67abc8d1ec7bfaaebe141536d
Instruction ID: 5ab36431e81696dd7b798dc297ab90d34efb47193307b7a35cf02681502554bf
Opcode Fuzzy Hash: f070e0143464c4ae4f5f7ca68ba2e8a1375209b67abc8d1ec7bfaaebe141536d
Instruction Fuzzy Hash: BB9149B3F5112547F3584D29CC683A13253EBD6324F2F827C8A895BBC5DD7E5C0A9684

Function 00B3A16D Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ee64e2083f7a85324a5d51208a0c27e42f068c6a229a12475103bb1ca73ef2a
Instruction ID: 56fedeb8526b09370616b79cc6e02069eeb20e21b6db89b9072b8c60c62b237a
Opcode Fuzzy Hash: 8ee64e2083f7a85324a5d51208a0c27e42f068c6a229a12475103bb1ca73ef2a
Instruction Fuzzy Hash: 2F917AB3F102254BF3584938CC693767A82EB95310F2F827D8E8AAB7C5D97E5D095384

Function 00B2909D Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7658c80b0b449a7ca2b7b3e28a2b4902ca22b2d982d4f73727585a9f8ff4d096
Instruction ID: ef33718f3b501e3bb776f71bb41989c82cd4b6a333e3c89b5f9e767e16bce3bb
Opcode Fuzzy Hash: 7658c80b0b449a7ca2b7b3e28a2b4902ca22b2d982d4f73727585a9f8ff4d096
Instruction Fuzzy Hash: 14918CB3F1112547F3580D29CC583A27693EBE5310F2F81798A896BBC9DD7E5D0A9384

Function 00A5E0EC Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5165ee5fd820a8bcb732fd9d4017f617e283297a5ee485f5fda5348348dd0f62
Instruction ID: 7c076ec93e19fc9afea9ce463d83c32ac07d44bb24742736d1f83d5a0428c64d
Opcode Fuzzy Hash: 5165ee5fd820a8bcb732fd9d4017f617e283297a5ee485f5fda5348348dd0f62
Instruction Fuzzy Hash: B6916BB3F102254BF7584939CC683B16683E795324F2F827C8E896B7C5D97E5D0A5384

Function 00B0101F Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9839c0bec575da859e90d24bf1d1c20dabd08bb42353290608dec1e14dbe14b3
Instruction ID: f582a0a3e229103ec6eb3f784f3da92dc76e1e0b9548634c8d83a23333ac78f4
Opcode Fuzzy Hash: 9839c0bec575da859e90d24bf1d1c20dabd08bb42353290608dec1e14dbe14b3
Instruction Fuzzy Hash: B4917CB3F112254BF3544979CC983626693EBD5314F2F82788E886BBC9DD7E5C0A5384

Function 00A9006A Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09fcad6777f6ff09b3df5393c03918841c4f14e7577fa92959bed6984e370509
Instruction ID: 312a51bb2529de5b28fca366c791f96ad10c9a89f340d9cee514f0d6d52cf1e0
Opcode Fuzzy Hash: 09fcad6777f6ff09b3df5393c03918841c4f14e7577fa92959bed6984e370509
Instruction Fuzzy Hash: 3D9169B3F1222547F3544929CCA83A27653ABD5320F3F82788E996B7C5D93E5D0A9384

Function 00B1A166 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f5031542ab3fafcd2378bcc74ac2424a0977d65801ee2b337e48afc345339ad
Instruction ID: 7389273e71b286405b428cf6a6097b5e67aedea76d51b3413483ac3f006e156f
Opcode Fuzzy Hash: 9f5031542ab3fafcd2378bcc74ac2424a0977d65801ee2b337e48afc345339ad
Instruction Fuzzy Hash: 68915AB3F1112547F3144E28C8543A1B693ABD6320F2F82788E9C6B7C9DA7E6C4693C5

Function 00AEB3BD Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acb1dcfeb0a2244cd5a35ebce404d0e21c92d35f89d0ffd84881a00e0765aa8d
Instruction ID: 537d909be97a39b472998674829044c500a50d66626e719b5d74aa04b540e9b8
Opcode Fuzzy Hash: acb1dcfeb0a2244cd5a35ebce404d0e21c92d35f89d0ffd84881a00e0765aa8d
Instruction Fuzzy Hash: DC91B2B3F102254BF3544E25DC983A17683EB96310F2F82788E886B7CAD97F5D499385

Function 00B14195 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9d454ff589e8aff35b01684d3f7bc8cce3b3bf62e1e5acfd596396477090ef
Instruction ID: 5085d63ca651ee9e77d38e57cc67b1361694f6b1c34fe0a803779fb9e358df7e
Opcode Fuzzy Hash: 5d9d454ff589e8aff35b01684d3f7bc8cce3b3bf62e1e5acfd596396477090ef
Instruction Fuzzy Hash: 5E816CB3F1122547F3544D29CC983A26283EBD5324F2F82788E986B7C9E97F5D469384

Function 00B3B195 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cebeb6bc4d4d7b2625d0f0f3b2b1b589df19c769dd6aae68ebf36cc691c4a7be
Instruction ID: 47a35495040897445768da2af412eb9bbb5cb58d1056fb08b77d5ab0e49b0e85
Opcode Fuzzy Hash: cebeb6bc4d4d7b2625d0f0f3b2b1b589df19c769dd6aae68ebf36cc691c4a7be
Instruction Fuzzy Hash: 47816DB3F1122547F3504938CC583A2A693ABD5320F2F82788E986B7C6DA7E6D0953C4

Function 00A392E6 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b96f9f638244a9aaca8ae184b56ba06f4a8deaec1b56b4036de42aaaef7368df
Instruction ID: 97a4b9550c5a79313be4631b9a3db379a55d1e2fb4fa7f0c8458a08410afabfd
Opcode Fuzzy Hash: b96f9f638244a9aaca8ae184b56ba06f4a8deaec1b56b4036de42aaaef7368df
Instruction Fuzzy Hash: 84916CB3F1062547F7544A38CC583A23292DB95324F2F82788E89AB7C5DD7E5D4A93C4

Function 00A5F1F9 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938e36881f6d9b46f4d1d6e1d8ac3225d1fe648826a8a3fab45c58ff92ea92d1
Instruction ID: 37cc1b89c80905fe60763edcbd56f6e01a6dc272ecb94f3b8d0972fa4f7a2e30
Opcode Fuzzy Hash: 938e36881f6d9b46f4d1d6e1d8ac3225d1fe648826a8a3fab45c58ff92ea92d1
Instruction Fuzzy Hash: 279189B3F1162547F3544939CCA83A26683DBD5324F2F82788F996B7CAD93E5C0A5384

Function 00B0B23B Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e3392a9bb318f5409b6b20651024020a0d1398a53895e4548bf9bf71eec62b2
Instruction ID: 74001655bd9f6c790a6e5b11b04289fd6e12ed601de89287753eee464c4d2f93
Opcode Fuzzy Hash: 4e3392a9bb318f5409b6b20651024020a0d1398a53895e4548bf9bf71eec62b2
Instruction Fuzzy Hash: D9818DB7F2162647F3540878CD58362A683EB95320F2F82398E98AB7C5DD7E9D095384

Function 00A851DC Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 759b0c213c899b0a65b83d7e182c89fd6e2f38c2d3affcb815dd35ee67631832
Instruction ID: 30ebc3b883840c9e4514eef0882c3f9aebfc5858dad23c63e0eb2aa034148e8a
Opcode Fuzzy Hash: 759b0c213c899b0a65b83d7e182c89fd6e2f38c2d3affcb815dd35ee67631832
Instruction Fuzzy Hash: 5A8170B3F2162107F3944978DD983A26683DBD5315F2F82388E88A77C9ED7E5D0A5384

Function 00B6A2D4 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c051a3dd9e3ac59b585d2a21757c9d904da09429dbf8f130f12146b513798fb
Instruction ID: f099461fd5a4dc291263dc437c2ac0383cc073eca3677062b65546990cb81161
Opcode Fuzzy Hash: 9c051a3dd9e3ac59b585d2a21757c9d904da09429dbf8f130f12146b513798fb
Instruction Fuzzy Hash: F98168B3F1162107F3584839CC993616683ABD5324F2F82798F9DAB7C5DC7E5D0A5284

Function 00A9C033 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 815cb5b864b0ec3909b47812e15694e149b1d80b833810c5a32a997be76663fa
Instruction ID: 05c402dbf1f6cb9700a70968c911c89f93b449970d12e3819c14a08ff8a8552d
Opcode Fuzzy Hash: 815cb5b864b0ec3909b47812e15694e149b1d80b833810c5a32a997be76663fa
Instruction Fuzzy Hash: 23818DB3F2162547F3544938CD583626682EBA5320F3F82388E99A77C5DD3E9D0A5384

Function 00B4717E Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea78ddaa8689384df201187306420bd2fda14479e49d4c5a216c676a3d75f18c
Instruction ID: f8dfcbb81ba6d1c2ebfa1316dd7d7e12df6ca3eddefe70b91aa83d5f7c9be251
Opcode Fuzzy Hash: ea78ddaa8689384df201187306420bd2fda14479e49d4c5a216c676a3d75f18c
Instruction Fuzzy Hash: E3818FB3F2122647F3544969CC983A17283DBD5321F2F82788E98AB7C6D97E9D065384

Function 00AD320B Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dd1c3f0fafdf9e5fd44d7c39bac872a84cecb717458a3cb0d1baf29a2e330cc
Instruction ID: d8fb6d87e69606cee696bc48741ca344a7fae61045b4205d8351efb89a442677
Opcode Fuzzy Hash: 5dd1c3f0fafdf9e5fd44d7c39bac872a84cecb717458a3cb0d1baf29a2e330cc
Instruction Fuzzy Hash: 9F815CB3F112254BF3584979CC983626683D795320F2F82388F59ABBC9DD7E9D0A5384

Function 00B22175 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3e928fd21ffe8577613f43cc1217984d4aaadd51898b5e479531bf7aadf4f5
Instruction ID: f14c22bf40815871311e6677f9df1d4fcdf9e21ee9e296ef6f7fd350a6b9c0ad
Opcode Fuzzy Hash: 1a3e928fd21ffe8577613f43cc1217984d4aaadd51898b5e479531bf7aadf4f5
Instruction Fuzzy Hash: 50819BB3F516254BF3444D29DC983627693ABD5320F2F82788E886B7C9DD7E1C0A9384

Function 00ADC0F9 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cb8bfe386b753b0278b91c7b6db48f015142de960c3667edc5b30169ad9e955
Instruction ID: 4e5a7391c8ae8f58d27afc52d89a03d3da64c6122ff18b311da97630b1715e7b
Opcode Fuzzy Hash: 0cb8bfe386b753b0278b91c7b6db48f015142de960c3667edc5b30169ad9e955
Instruction Fuzzy Hash: 46819EB3F116254BF3544928DC983B17683EB96310F2F82788E8D6B7CAD97E5D099384

Function 00A2E001 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c7bd081ad2a62d91ca075e0d575910409f56433bc91f014a17d8518bdaeaf0c
Instruction ID: 541797d36f04751b63b5e3bc59e5519e564705275403d691deb2acb3350cdef8
Opcode Fuzzy Hash: 1c7bd081ad2a62d91ca075e0d575910409f56433bc91f014a17d8518bdaeaf0c
Instruction Fuzzy Hash: A9819FB3F512258BF3484978CC983A23692DB92314F2F8278CF685B7D5D97E5D099384

Function 00AE705B Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1315b3b1a5635f2c5d92129a94b321518380eb1895674c6f5a6c826e6fdfaf0b
Instruction ID: e8adc39cf2d1e391cc1e3bc152503b538712ddcc15895be418b7e44d05283235
Opcode Fuzzy Hash: 1315b3b1a5635f2c5d92129a94b321518380eb1895674c6f5a6c826e6fdfaf0b
Instruction Fuzzy Hash: 51814CB3F2121647F3544D39CD983A27683EB95310F2F82788A989B7C9DC7E9D4A5384

Function 00AF9183 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3e6757691cc50a857bc9bba2a58472001be1f7c7dfcaa460e8423916117f8d0
Instruction ID: de9887d97b8bd5a83b909da8b9ea82f2cc19b9c720ab659f9ce6f4a058a4408d
Opcode Fuzzy Hash: c3e6757691cc50a857bc9bba2a58472001be1f7c7dfcaa460e8423916117f8d0
Instruction Fuzzy Hash: 06817FB3F5162607F3484978CCA83B66683D795314F2F82388F99AB7C6D97E9D055380

Function 00AC102A Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2086a895127197e73aa9916adbad9ddb4debe69eb1b3f08fb3d1947e89c69f88
Instruction ID: 0a1fa86f76c2f6d0a5972739f335bf85d73d5edd3e7716da04c0a5b880f3f13d
Opcode Fuzzy Hash: 2086a895127197e73aa9916adbad9ddb4debe69eb1b3f08fb3d1947e89c69f88
Instruction Fuzzy Hash: B0815AB7F2122647F3584D28CC583A26243AB95324F2F82788E896B7C5DD7E5C4A53C4

Function 00B60390 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ecf6bda680962a6cbc10e17251d965feeabe428f7837d5f907cdbde31213697
Instruction ID: ba27f14d46afac1fb15e2a6d755fd3001f63832b6f98d460be12c34a0f0e0c02
Opcode Fuzzy Hash: 2ecf6bda680962a6cbc10e17251d965feeabe428f7837d5f907cdbde31213697
Instruction Fuzzy Hash: B58198B3F5022547F3544939CC683A27693DB95324F2F827C8E89AB7C5D97EAC0A5384

Function 00A452E7 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b126dd72cacf2903f3fa068ce12669f1620a4fe781e381d406f5f3473ae6aaa2
Instruction ID: 5588c3f7d2121ebbd0604ec0b77bb8b334631e509ac9ebddea26c836920dccbe
Opcode Fuzzy Hash: b126dd72cacf2903f3fa068ce12669f1620a4fe781e381d406f5f3473ae6aaa2
Instruction Fuzzy Hash: 01817DB3F102254BF3544E38CC683A17692DB96314F2F82788E886B7C5E97F5D4A9384

Function 00ADD1CB Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2dd22eabd5bf5c78b8d327b7ae09029809520458fbad4bff0057103acee0e7d
Instruction ID: 5a4ac8f9685b6534324654ce4e176b4b18bd13d93fd73ded38ca048101dfbd55
Opcode Fuzzy Hash: a2dd22eabd5bf5c78b8d327b7ae09029809520458fbad4bff0057103acee0e7d
Instruction Fuzzy Hash: 8C816BB3F1122547F3944928CC983A17693EBD5324F2F82788E8C6B7C9D97E5D0A9384

Function 00B171E5 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae93bb74a19caf55afa235ac79a4485650c02db9a3a515e3f687f9d6bce908c5
Instruction ID: 1042fb8c684174a0e3feb1b34bff7e6a74e771d1abaecbf137a80a406d3a34b0
Opcode Fuzzy Hash: ae93bb74a19caf55afa235ac79a4485650c02db9a3a515e3f687f9d6bce908c5
Instruction Fuzzy Hash: E3816AB3F106254BF3544939DC883617293AB95320F2F82789E9C6B7CAED7E5D069384

Function 00B252F8 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d58a3c0b75913e5329ff2f9cde7f5df5c89f8357b5399a851a10baf2a664b0c
Instruction ID: 6062ddaca3f4c9084b9b4931004296e396b8db96e68d056f5130d9501a64e2a6
Opcode Fuzzy Hash: 0d58a3c0b75913e5329ff2f9cde7f5df5c89f8357b5399a851a10baf2a664b0c
Instruction Fuzzy Hash: F8818CF3F1162547F3140928DC5436266939BE5328F2F82788F8C6B7CAE93E5C069388

Function 00B0E396 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ec6458c70a32ec71c23621bd8fd377a9b04ef6cb150a6177d31c5c9b047591
Instruction ID: 74171971c1bc1410a346261fe250ee6c96e8a6cc8d0be1c4d8f93bc9814d0062
Opcode Fuzzy Hash: 11ec6458c70a32ec71c23621bd8fd377a9b04ef6cb150a6177d31c5c9b047591
Instruction Fuzzy Hash: BC818DB3F5022547F3500969DCA83A27652EB91314F2F8278CE886BBCAD97E5D0A53C4

Function 00AE305D Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf1eb0b2f8e8c04092f9be1fe8c84ad0dd0c7b218556453cf4ff1f7841aaccc
Instruction ID: c5e4eabb7f65a3c212329761a2e8728bc55c314c8895670b79230d33ed9bef47
Opcode Fuzzy Hash: 5cf1eb0b2f8e8c04092f9be1fe8c84ad0dd0c7b218556453cf4ff1f7841aaccc
Instruction Fuzzy Hash: 498147B7F1122547F3544E28CC583A17292EB99324F2F81788E886B3C9D97F6D0A9784

Function 00AA9233 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621573c20619a34b94355277c56cac43fa22533f14765765007e8e36e18ae7aa
Instruction ID: f6e45eecd50a43f5900366e31b23a8ce14ba3a4cc1371d204afeff335df414b2
Opcode Fuzzy Hash: 621573c20619a34b94355277c56cac43fa22533f14765765007e8e36e18ae7aa
Instruction Fuzzy Hash: C3818DB3F5122547F3444974CCA93B27642EB95320F2E82388E9A6B7CADD7E5D095384

Function 00A2107C Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c22b142dfcd94e826304556eaaf78513634d2c9ecd0ee1d438a6bf18a54729d
Instruction ID: 9b577370c7d5fa38501a4157258b11121997b04011e69909327388d94cadce57
Opcode Fuzzy Hash: 4c22b142dfcd94e826304556eaaf78513634d2c9ecd0ee1d438a6bf18a54729d
Instruction Fuzzy Hash: C1815AB3F1123547F3544928CC943A16292DB96324F2F82B88E9CAB7C9DD7E5D0A83C4

Function 00AAB162 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f920e1f76d6e00e9ac52a26f725a13b98fa8d620c88e1e769035839f68e6d29
Instruction ID: 39cec9801d82c3952770dbd6c5ec8719e1db01fd3e385e4e22e69ab5217358fd
Opcode Fuzzy Hash: 2f920e1f76d6e00e9ac52a26f725a13b98fa8d620c88e1e769035839f68e6d29
Instruction Fuzzy Hash: 22815EB3F116254BF3544D39CC983617693EB95310F2F82788E886B7C9D93E5D0A9784

Function 00A66392 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b4b7d569cee27a673a59b82b252ceadb50a52cb8217d0ace1921aa8cc21f92d
Instruction ID: d643a8812cbb21ece7d3132b5c95a367ad75df9c57fc4e3c08627d7dc28a558f
Opcode Fuzzy Hash: 5b4b7d569cee27a673a59b82b252ceadb50a52cb8217d0ace1921aa8cc21f92d
Instruction Fuzzy Hash: FF818CB3F1122647F3544D64DC58362B692EB96320F2F82788E9CAB7C5D93E5D0A93C4

Function 00B4305A Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66b0d20d02d4f1b512c1863c36047bf63b2a8f7ba8419e60a68c8dd3acd82b3e
Instruction ID: 457908d7d383e4765ab4da5dce8b5072877e9183284d8dac53026359b4b3b67e
Opcode Fuzzy Hash: 66b0d20d02d4f1b512c1863c36047bf63b2a8f7ba8419e60a68c8dd3acd82b3e
Instruction Fuzzy Hash: EA818CB7F102254BF3504D79CD983617692EBA5320F2F42788E886B7C5EA7F6D099384

Function 00ABD05E Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69e9e8445264474dda26348558e4f5dec1c2e34b82336ff771250e73a6a1b2fe
Instruction ID: 2e3498e14d8d0aa6243c9c065b541a3dc631e053c0238b0d55602229ded62c2c
Opcode Fuzzy Hash: 69e9e8445264474dda26348558e4f5dec1c2e34b82336ff771250e73a6a1b2fe
Instruction Fuzzy Hash: FD8169B3F116254BF3504D38CC583A17693EBD5320F2F82788A889B7C9E97E5D0A9384

Function 00A53274 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6069b0eac9aebccd84bda2f9cc9579e3c4137b5b463cf6fd3f8d3ef5b383a403
Instruction ID: f0eb9d85efb3804432a6ec4bfe53b0244b8b504a5d6c83b7d952d51c45f29411
Opcode Fuzzy Hash: 6069b0eac9aebccd84bda2f9cc9579e3c4137b5b463cf6fd3f8d3ef5b383a403
Instruction Fuzzy Hash: 048159B3F5262547F3544929CC883A16283DBD5321F2F82788E9C6B7CADD7E5D0A5384

Function 00A7C248 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50a133d45ea69fc39a5b2d24aa81647cfb5090a32282c04fa08529c5ade3be41
Instruction ID: 32f6f19f3668d5d8812efa05b815227e5bd44b13801b03835a2819e8de089051
Opcode Fuzzy Hash: 50a133d45ea69fc39a5b2d24aa81647cfb5090a32282c04fa08529c5ade3be41
Instruction Fuzzy Hash: 587160B3F1112647F3544968CC943A1B293AB95324F2F82788E4CAB7C5E97E9D0A93C4

Function 00AFE18C Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fe390328b70eaa3b739eb617004d5b17ea56f897f7c3897a7b49ea7958dff11
Instruction ID: b8d03b2662e3f9deec1532792b3078c06393a3d74fdcc729f96bb5fd0f310736
Opcode Fuzzy Hash: 4fe390328b70eaa3b739eb617004d5b17ea56f897f7c3897a7b49ea7958dff11
Instruction Fuzzy Hash: 938139B3F111254BF3544E28CC583A17693EB95324F2F81788E886B7C9E97E5D0A97C4

Function 00ABA1B6 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5df7432db22a869d50fcc36f64677091f83a975ab45f09015bb9bf5bb5a0ec
Instruction ID: 02fd09dafb8c441f10755261e472eeb8a28c7e7970ed791fbf1ed8bef3175623
Opcode Fuzzy Hash: ca5df7432db22a869d50fcc36f64677091f83a975ab45f09015bb9bf5bb5a0ec
Instruction Fuzzy Hash: 85715AB3F616250BF3484979CCA83B26683EBD1314F2F82388E496B7C5DD7E5D0A5284

Function 00A823B2 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f16dd3e634e205727e4050d55fc693b8101ba51adb438db74c58acd4bb4680
Instruction ID: 7561e0a6de448e8e8bca6bb7abfc459feb8272b79bf2065e7940f5d8537c969b
Opcode Fuzzy Hash: 89f16dd3e634e205727e4050d55fc693b8101ba51adb438db74c58acd4bb4680
Instruction Fuzzy Hash: B4817AB3F116254BF3544E29CC983617283EBD5320F2F86788A886B7C6DD7E5D0A9384

Function 00B2619A Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac3d4518eed58fd3130d35dc56ef7c3bb3ca14bb7b816081ed68671b7b551109
Instruction ID: 8055694cda56223f4ee5799fdcc660ceafaf115686faf62977fcaea36cc6ce7f
Opcode Fuzzy Hash: ac3d4518eed58fd3130d35dc56ef7c3bb3ca14bb7b816081ed68671b7b551109
Instruction Fuzzy Hash: 317159B3E101254BF3644D29CC543A1B692AB95320F2F82788E9C6B7C5DE7E1D0697C4

Function 00B713E3 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3a4f333cc5dae50d9401a6bd5e4f3cf267d691b2b986fdd1c5f286d980f0e3a
Instruction ID: df9fb11bf801b82d150aab6c2bd65ac8ed30ac0fce6f9663f0b5a77c1b0fec09
Opcode Fuzzy Hash: f3a4f333cc5dae50d9401a6bd5e4f3cf267d691b2b986fdd1c5f286d980f0e3a
Instruction Fuzzy Hash: 4E717AB3F1122547F3588929CCA83756283EBD5320F2F827D8E899B7C5DD7E5D069284

Function 00AB920A Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a76f99e3da5eeaf199cb069af2bcd1cafada2ec8198d123c9369a6a103c83ff5
Instruction ID: 297ac1e021730121299e5d668d64a81927a6974281239bd4f1c578cf104baac3
Opcode Fuzzy Hash: a76f99e3da5eeaf199cb069af2bcd1cafada2ec8198d123c9369a6a103c83ff5
Instruction Fuzzy Hash: E77180B3F1112647F3440978CC643A1B693EBD5314F2F82788E596B7C9DA7E5D169380

Function 00A36041 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a480c6b43e7f4796462587f5e4e3f03438a63422b0a59ee2498b3fa14ac4f806
Instruction ID: c75f13c1b0e21844c5ae07f3ebbefd782f3d9cb28c9bdd840c5716e45408826d
Opcode Fuzzy Hash: a480c6b43e7f4796462587f5e4e3f03438a63422b0a59ee2498b3fa14ac4f806
Instruction Fuzzy Hash: 97718CB3F2121547F3480D39CC583617283EBD6321F2E82399A959B7C9DD7E9D0A9384

Function 00A8C171 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2dea2cda55583d22727e82505f604b11b82c695d788b37f15c7ec4febf9bb0a
Instruction ID: 0585ee45988f7ff51614adbe71780f87661cb8fd7ab16184c67106bd5255db11
Opcode Fuzzy Hash: f2dea2cda55583d22727e82505f604b11b82c695d788b37f15c7ec4febf9bb0a
Instruction Fuzzy Hash: AD7199F7F2162547F3544938CC583626683ABE5324F2F82788E5C6BBCAE97E1D095384

Function 00B702E1 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c2dfe289a9cb510386171544a82c976e482632272e811a2add9f864d4e3a63c
Instruction ID: 20a026d8e7e675115d27e0463e4e165ada70e3376ab53e8e900de24005cbaa56
Opcode Fuzzy Hash: 0c2dfe289a9cb510386171544a82c976e482632272e811a2add9f864d4e3a63c
Instruction Fuzzy Hash: D8717AB3F2122547F3584929CD683B16643DBD1320F2F42398F99AB7C5D97EAD0A5284

Function 00B53029 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 433d06b353e0019c5382adf9ca44619ab78a405f2a3df7f555b87ed97ba8afa3
Instruction ID: 1b628c609ad050e87fcc6de64c9a1e9b6bdd9e0c8b06095d17aa042c3b38ffd1
Opcode Fuzzy Hash: 433d06b353e0019c5382adf9ca44619ab78a405f2a3df7f555b87ed97ba8afa3
Instruction Fuzzy Hash: 1B713CB3F102254BF3504D38DD983627692DB95324F2F82788F986B7CAD93E5D0A92C4

Function 00B2E0A4 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3551ce98acb6c3f6ca1b5fe17abcd83b27b733566ea3f2c5ae9b7721e768f625
Instruction ID: 3acbd16ba514921fec20d202ec5896264e9877cf5ebbe48ce62884f4b74ddd98
Opcode Fuzzy Hash: 3551ce98acb6c3f6ca1b5fe17abcd83b27b733566ea3f2c5ae9b7721e768f625
Instruction Fuzzy Hash: 5B718BB3F211254BF3444D29CC983A17253EBD5314F2F86788A889B7C9DD7EAD0A9384

Function 00B2B0DF Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6231e4247e66a777e88c4e549abb9b1b2baa052e90ff1067f28e59c008e2d46
Instruction ID: 31498ff24067221005dc15e8d658e3b3ae1821e45134ba28016c847448a94e6a
Opcode Fuzzy Hash: f6231e4247e66a777e88c4e549abb9b1b2baa052e90ff1067f28e59c008e2d46
Instruction Fuzzy Hash: A4717CB3F2122547F3544E29CC983A17653EB95320F2F867C8D886B7C5DA3E6D069784

Function 00A5238E Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84e221bdb6b6621cac9a58195383d0baf5cb9901ac8277c4f6ef23f325671b52
Instruction ID: 528358455e9ea4c3b9eeceb92a4db572cd7bc20c1d507ba737182ce3684bd6b8
Opcode Fuzzy Hash: 84e221bdb6b6621cac9a58195383d0baf5cb9901ac8277c4f6ef23f325671b52
Instruction Fuzzy Hash: 3B718DF3F1162547F3544979CC883A26643A7D5324F2F82788F9CAB7C6D97E8D0A5284

Function 00A4E317 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ac201a81806bca6551e2aef7cae5cf492161af80e8c45ef0af52bcf9ae75b1b
Instruction ID: ff37c669c6d739cf311311a64f4918c824450ca5b6cf18be01c4eb8c4a14b62b
Opcode Fuzzy Hash: 4ac201a81806bca6551e2aef7cae5cf492161af80e8c45ef0af52bcf9ae75b1b
Instruction Fuzzy Hash: 6971BFB3F506254BF3540D28DCA83717282EB99310F2F81788F896B7C5D97E5C0A9384

Function 00A4B132 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 661755a2f4b3737abd4c198547e5d5a5b31937dea8b42ede4698f11791bf7f45
Instruction ID: 992b8036ee53d8794da3ea0b6199b6d94c088848c460209da05888c4fb1e112a
Opcode Fuzzy Hash: 661755a2f4b3737abd4c198547e5d5a5b31937dea8b42ede4698f11791bf7f45
Instruction Fuzzy Hash: E76148B3F1122547F3584929CC683617683ABD1324F2F827C8E896B7C9D97E5D069784

Function 00B1639C Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ac840cfd6071af932f044e51fa0577d128e6e931848f762da7fb7c013dec7d6
Instruction ID: 41f7b0ec2b937fe2344ec9869dd5f6865dadb7e9e6d1ee46b794fedbfe0781f3
Opcode Fuzzy Hash: 5ac840cfd6071af932f044e51fa0577d128e6e931848f762da7fb7c013dec7d6
Instruction Fuzzy Hash: 866137B3F5162547F3544879CD683A26543ABE1324F2F82788E8C6BBC9DD7E5C0A5284

Function 00B51233 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8219fe2eac690441e730e8fcb1a469ee38c42bc9bc3289d9cf98909dcfac084c
Instruction ID: 9663a407631e0db13a10f14f3884c7a4c063d8c6dbc0b2c1b24afe3a3722337c
Opcode Fuzzy Hash: 8219fe2eac690441e730e8fcb1a469ee38c42bc9bc3289d9cf98909dcfac084c
Instruction Fuzzy Hash: 6F616BB3F502254BF3544D69DC983A17282EBA5320F1F82788F986B7C5DD7E5D0A9384

Function 00A6004A Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e184206491983f4b1e0ca8afc39da871a29c31e64fba7397280e0da393fb337d
Instruction ID: a92d155c589f926e807755c5d096f6f93eb5f300ec2d8ecb4359385378c6995b
Opcode Fuzzy Hash: e184206491983f4b1e0ca8afc39da871a29c31e64fba7397280e0da393fb337d
Instruction Fuzzy Hash: 84613AB3F116254BF3544E28CC543A17293EBD5314F2F82788E896B7C5E93E6D0A9788

Function 00B442E0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a32e9b1c2014d8ffca936aa95d056d4bc6ea06ce58c5f471abed4e310885c9
Instruction ID: c969d2e8fb6c112f2d00e8894fe37872dca861b3c85d0db7922a0e24e8e224cb
Opcode Fuzzy Hash: a0a32e9b1c2014d8ffca936aa95d056d4bc6ea06ce58c5f471abed4e310885c9
Instruction Fuzzy Hash: 6B619EB3F116244BF3544929CC883617283EBE5325F2F82788E58AB7C9DD7E5D0A5384

Function 00B3710F Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d935420e14ef2e8f87d5e4696291319454549cd6e02e2e0b0e213445403b68e
Instruction ID: e6b4517696672237f09433e5ed2b4e5b3f222ad5fb7a785be4370ecd66bbce26
Opcode Fuzzy Hash: 9d935420e14ef2e8f87d5e4696291319454549cd6e02e2e0b0e213445403b68e
Instruction Fuzzy Hash: A06179F7F5062507F3544928CC983A16643EBA1324F2F82788F896B7C9D97E5D4A53C4

Function 00ABF147 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3506dfa5cb47b1714f406a0b43ba4128d360f7bef3597716c9525e5e4275783
Instruction ID: 72328714aa7e17256c1040a31ebc24a8a20805f35643a29e83fe4e3f0617dea8
Opcode Fuzzy Hash: d3506dfa5cb47b1714f406a0b43ba4128d360f7bef3597716c9525e5e4275783
Instruction Fuzzy Hash: 9D6191B7F5162547F3544968CC943A16283EBE5324F2F82788E9D9B7C6DD3E5C0A5380

Function 00A37011 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da8708d1b766600ff0f129bbb351924ebe249ad4a5b239ef07cd4282d0e0a18
Instruction ID: 412b1244a5fe34b5739dae292a69a28de1fe2a558aa09a8404252b120c1e34ce
Opcode Fuzzy Hash: 8da8708d1b766600ff0f129bbb351924ebe249ad4a5b239ef07cd4282d0e0a18
Instruction Fuzzy Hash: B7516FB3F102254BF7484939CCA83623653EBD6314F2A82788F995B7C9D97E5D0A9384

Function 00A492C2 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2dedfcb56debb08d6dfe2655be44677314d40e8adf0b100bdf2688e6637527
Instruction ID: 5c0b0f066d7f8492e8659ec929997a3502885130f3f0db1c57b30b5200953b21
Opcode Fuzzy Hash: fb2dedfcb56debb08d6dfe2655be44677314d40e8adf0b100bdf2688e6637527
Instruction Fuzzy Hash: 1D5190B3F1112647F3544938CD583B16693DBD5320F2F82788A499BBC9DD7E5D0A5380

Function 00B5E2AC Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06fa19dae7272296e7cc65c17d11eba1ead9b81a3cbdc99c35687636803bd58e
Instruction ID: 0243e45ac168596cbb6901e77dab7c2be6279d20a31af5a424add4737008c03b
Opcode Fuzzy Hash: 06fa19dae7272296e7cc65c17d11eba1ead9b81a3cbdc99c35687636803bd58e
Instruction Fuzzy Hash: A3516BB3F112254BF3544D29CC593617293EB95320F2F82798E89AB7C9DD3E6D099384

Function 00A4E020 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e119aa7661e2c00b5226082136e39d4d4c9a1c271d3b455ff93c28cfc8bbf14
Instruction ID: f82e41193aff15637a8af5e67aa3b1a735711f50142fbf3ad179a537af2ba2d5
Opcode Fuzzy Hash: 0e119aa7661e2c00b5226082136e39d4d4c9a1c271d3b455ff93c28cfc8bbf14
Instruction Fuzzy Hash: 33517FB3F1122687F3544E68DC983627692DBC1310F2F82388E496B7C5DA7F5D1A9385

Function 00B68136 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bdcf24ae4b6378d161d0b5f066a440fe84921adb72dc75fb56dc1ed65ad95a8
Instruction ID: 62743b849eb83e250d365b417a8bf427a47419b2f4b7f3642de210a64122201a
Opcode Fuzzy Hash: 7bdcf24ae4b6378d161d0b5f066a440fe84921adb72dc75fb56dc1ed65ad95a8
Instruction Fuzzy Hash: 1A5189B3F1012547F3544965CC943B2B692EB86314F2B827C8E896BBC9DD7E2D0A93C4

Function 00A4A239 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 538484d82ca1acce3ea273b860b5ab414d3e9bbc350806cac2e5e90694a3886d
Instruction ID: 1f22e9c2c9e40a2f9bb6b96f5398e39bcbea40b3b593ea123b3196cb9feba707
Opcode Fuzzy Hash: 538484d82ca1acce3ea273b860b5ab414d3e9bbc350806cac2e5e90694a3886d
Instruction Fuzzy Hash: 4B5126B3F5112547F3544D28CC543A2B243ABD5324F2F82788E886B7C9D97EAD4A5384

Function 00B6E1D0 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa4fb8676f377bc6b2cbb29911474be1944c565be6bd97796657597768fd7013
Instruction ID: 911b74efd02cdfbf277fc867b3359e6b32328e8df770dabbfd2ca6bf2210ec29
Opcode Fuzzy Hash: fa4fb8676f377bc6b2cbb29911474be1944c565be6bd97796657597768fd7013
Instruction Fuzzy Hash: ED517EB3F1122547F3500D28CC58362B693EBE6314F2F82788E986B7D9D97E9D099384

Function 00B5A23C Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ee7e917f3d19e262dcd0880fab238d9d97a1a857880eab096ecae95b7e98962
Instruction ID: 302bfdee2ab9aaf11bddb281719fa77c5515b2e72abc5d361c70a89db882ec08
Opcode Fuzzy Hash: 3ee7e917f3d19e262dcd0880fab238d9d97a1a857880eab096ecae95b7e98962
Instruction Fuzzy Hash: 78516BB3F2162547F3644D29CC983717683AB95320F2F82788E8C6B7C5D97E2D0A9384

Function 00AA418A Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9cef0459e687c6b872e3b5b80c5cb984e8a420f3d2489f0e844405f4f0a160c
Instruction ID: 5db129223142bf87b8bae9c9fe90eae9ddb83cf9aeb9cc3f01a75501efc93d4d
Opcode Fuzzy Hash: a9cef0459e687c6b872e3b5b80c5cb984e8a420f3d2489f0e844405f4f0a160c
Instruction Fuzzy Hash: 0C518FB3F102254BF3544D38CD983A26693EBD5314F2B82388E885BBC9DD7E9D4A5384

Function 00AE1190 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7731e1012243ae79aa230c5e0d970cbaa169208bfbba4ef09dd878c98179a610
Instruction ID: 8a5de90e7977077154fdf1ef83bea9b96d4f1fa5eed5a1451d019563cf9abec9
Opcode Fuzzy Hash: 7731e1012243ae79aa230c5e0d970cbaa169208bfbba4ef09dd878c98179a610
Instruction Fuzzy Hash: 865170F3F6113543F3580938CD98361669297A1324F2F427C8E98AB7C9DD7E9D0A5384

Function 00ACB21F Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295546b7ab72df87aba85e4fd2ac59fbcef55102b5bb0fd0972ff7ae39ad9640
Instruction ID: f93e0e1d852f96db6d6f93f2e70ffa234620b6cc1632ba354cce96ea3f1310b6
Opcode Fuzzy Hash: 295546b7ab72df87aba85e4fd2ac59fbcef55102b5bb0fd0972ff7ae39ad9640
Instruction Fuzzy Hash: 5B514B77F112254BF3544E68CC983A17293EB85310F2F81788E886B7C5DA7F6D1A9788

Function 00ABD3F6 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4a99f952bc2863aeeb484b0242cf8092f8aa70c294895f6f5e03c8fb46814fc
Instruction ID: 09e3b80d3b9d1298bc5402d59a911c555a153c04d8e6eb45e00dd7f2500d1ce1
Opcode Fuzzy Hash: c4a99f952bc2863aeeb484b0242cf8092f8aa70c294895f6f5e03c8fb46814fc
Instruction Fuzzy Hash: A8515DB3F5112547F3548D29CCA43A26643EBD6325F2F82788E886B7C9DD7E5C0A9384

Function 00B72082 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 662f4e8fa2363f10f62807603160e34e70e55eeae15c8ab11d6ce7636f1eb4b9
Instruction ID: 34c1b3a2c2c6b0122f7a7d288f76c8dabbc619f4bba8db7d4b4f4cf9d2f3bb3f
Opcode Fuzzy Hash: 662f4e8fa2363f10f62807603160e34e70e55eeae15c8ab11d6ce7636f1eb4b9
Instruction Fuzzy Hash: A2519CB3F115254BF3944928CC193A27283EBE5310F1F81798E89AB7C5ED7E9D09A384

Function 00B15288 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de674c88638483c56ebcb7a2b2029d98e109e5551a22f7b848f9acd638c2db20
Instruction ID: d08ac4cfe81cba44fbc9cbadb3287cd458cfcce1326ab6a70d7d928c85a14ec0
Opcode Fuzzy Hash: de674c88638483c56ebcb7a2b2029d98e109e5551a22f7b848f9acd638c2db20
Instruction Fuzzy Hash: 4D516AB3F111254BF3584E38CC653717682AB95320F2F827C8E99AB3C5ED7E5D099284

Function 00B611FB Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3541821f63ccd2477f21a48824fadef218a8dd43532e5fb887f5c4d578470b
Instruction ID: cf25e0744b3195c635194bdfe505afea98d7c479489115396c5fc159e2407df7
Opcode Fuzzy Hash: 1a3541821f63ccd2477f21a48824fadef218a8dd43532e5fb887f5c4d578470b
Instruction Fuzzy Hash: AA5178B3F112158BF3584E28CCA43617393EB86310F2E807CCA895B3D4DA3E6C559789

Function 00B092E7 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b201d36e3cc9801d2070b24781f7a131ca23f8bf6e0f1fb4e21e20c8ddafab
Instruction ID: 891395c5f56fd6980f18623057a3d562d4784ecde2126d899fcbc08b69d37b08
Opcode Fuzzy Hash: b2b201d36e3cc9801d2070b24781f7a131ca23f8bf6e0f1fb4e21e20c8ddafab
Instruction Fuzzy Hash: 14517BB3F2162647F3444929CC883A1A683E7E5325F3F82788E98677CADD7E5D065284

Function 00B2F2E8 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82ce764e47d4319e6706e8e1e654df9c82d975cb83aba1f4b2b67d1e7c3c665d
Instruction ID: 6f0c0de1df42aae4ad15d6c1d7cb4e279cd891ed96f257489a1b475a06a3f1f6
Opcode Fuzzy Hash: 82ce764e47d4319e6706e8e1e654df9c82d975cb83aba1f4b2b67d1e7c3c665d
Instruction Fuzzy Hash: 295159B3F1152647F3144928CD18362A6939BD5725F2F82788E9CAB7C9DE3E9C0652C8

Function 00B331B8 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b43bfd068047c71e103aff0d1f55ef30e5e804fb047fc0bb4e4557b18dd4c24
Instruction ID: 3b65c8d2322c88cf3ba9e0e1de4f4ff2a8fa7c90066f447e0b02d27a2b5c7461
Opcode Fuzzy Hash: 6b43bfd068047c71e103aff0d1f55ef30e5e804fb047fc0bb4e4557b18dd4c24
Instruction Fuzzy Hash: 19517D73F202254BF3544979CD583667693EBD6310F2B82788E989BBC9CD7D5D0A9380

Function 00A47049 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d65c93be0558aa39619b650f6289aad3eaba83d78cef821144bfce147e0ce3fd
Instruction ID: 993e8173199723357fe337ef6ab1268616df1363a4d5c7283f98b14d54b9a942
Opcode Fuzzy Hash: d65c93be0558aa39619b650f6289aad3eaba83d78cef821144bfce147e0ce3fd
Instruction Fuzzy Hash: BD517033F112654BF3154E24CC54372B692EBE2332F2F827889985B3E5CA7B5D4A9784

Function 00ABB1E4 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f067c94042c41d54eb1042a72f89b74a0f18eb35d07b8ac279ab2862cb44ed
Instruction ID: 7dba5329250bbb0496082b478979ac9abccbbb129492c550449a2c03dc1abace
Opcode Fuzzy Hash: b6f067c94042c41d54eb1042a72f89b74a0f18eb35d07b8ac279ab2862cb44ed
Instruction Fuzzy Hash: FA4168F3E142245BF3186E29DD1473BB79AEBD0720F2A823DE98553788DE3A5D0482C4

Function 00B49331 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aee0282c5038ed40fea3b6b78ab48bd2447c676b440db10009afc796af17ddd
Instruction ID: a007c3396141b45661a5811f32efffb1a63e851ff4748ef70a857ff5ebfe0075
Opcode Fuzzy Hash: 6aee0282c5038ed40fea3b6b78ab48bd2447c676b440db10009afc796af17ddd
Instruction Fuzzy Hash: D2415073F5112647F3508E25CC983B17253EBC6310F2E81788E945B7C9DD7E6E4AA688

Function 00B161C1 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b23fb47457c068bc96e0a42c8109ad2ffe7bb251cf86c2b3ec34486bb39e8d
Instruction ID: 7e179d72e32eb027f3acb5ed1a0fab3ab20a77a5aac050068eab467e10f9d3cd
Opcode Fuzzy Hash: 26b23fb47457c068bc96e0a42c8109ad2ffe7bb251cf86c2b3ec34486bb39e8d
Instruction Fuzzy Hash: 9A4159B7E6163147F39449B8CD58362A6829795320F2F83788E9CBBBC9DC7E4D0942C4

Function 00A8E10C Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3972c8af3965cb9e5f0cc09277b6afb1f4db35707a5d287174e06cb2d481b7da
Instruction ID: cf80a86310d79a239366810c8437a895c710d26e8968337b6b86be050bee8e14
Opcode Fuzzy Hash: 3972c8af3965cb9e5f0cc09277b6afb1f4db35707a5d287174e06cb2d481b7da
Instruction Fuzzy Hash: AA419CB3F216254BF3544938CDA83626682EB96320F2F8278CF5D6B7C5C93E5D0A5385

Function 00B3C077 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77ea44ae0567fc616187750fb393b5fcf5f5923a45cfc4d9c926c3f52e5ef0f5
Instruction ID: b4941b45c85e6d456aa39a1382eacb2f4e99d56b2f02730fd730701417b0cf15
Opcode Fuzzy Hash: 77ea44ae0567fc616187750fb393b5fcf5f5923a45cfc4d9c926c3f52e5ef0f5
Instruction Fuzzy Hash: F83181B3F1162607F3984879CD693B2658397D6314F2F82398F4A6B7CADCBD0D0A1284

Function 00AF6317 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfa6095c9484a186e4499bd60d13943c5bf36d05c7d77c70fb33e568728b765f
Instruction ID: 33a793621f0f7bbc8126263a90c2173c5032c54115a4395c9ce104ebd6ab7fc2
Opcode Fuzzy Hash: dfa6095c9484a186e4499bd60d13943c5bf36d05c7d77c70fb33e568728b765f
Instruction Fuzzy Hash: EB3105B7F116214BF3584879CC983626183A7D5324F2F82798E9C6B7C6ED7E5D0A42C4

Function 00A18179 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e27ecb93450a0c7256d12392d1c7c3a4cb916efd371bad024930fc51c991e9
Instruction ID: cb68da3f512424121a3c596f78dd84b0df458a039d908a89373b2fd16ee347df
Opcode Fuzzy Hash: d4e27ecb93450a0c7256d12392d1c7c3a4cb916efd371bad024930fc51c991e9
Instruction Fuzzy Hash: 82314BB3F6162147F3584879CD583A2258397D2324F2F83788E6C6BBC9DC7E4C4A5284

Function 00A7914D Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e28a1ac742e190c9ecf7623941bc37ad24a963a4b60bc346239d5a125c2b3d8
Instruction ID: 579742b5d8491c44980e6b4a377753f2c02f59be6dba9bae3b9c5a0167ba0e29
Opcode Fuzzy Hash: 8e28a1ac742e190c9ecf7623941bc37ad24a963a4b60bc346239d5a125c2b3d8
Instruction Fuzzy Hash: 5021E4F394C2106FF304A969EC457677796DB80720F2A863EEA809B788ED799D0142D6

Function 00AEA158 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24653a9cdaf10e8270f6c8628386866bf8f8214e31dd9d9d2fc55e7e14e950e4
Instruction ID: f1326bdba13f4f30e23213ef91a52a815752163abd2689a71eca8cea02bf214a
Opcode Fuzzy Hash: 24653a9cdaf10e8270f6c8628386866bf8f8214e31dd9d9d2fc55e7e14e950e4
Instruction Fuzzy Hash: 1B312AB7F216210BF3884838CD983616582EB95324F2F8138DF8DAB7D5D97E9D0A5284

Function 00B07222 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d56e15db0f74dd159e35424275048720e543a80bed58b566200c24ae51b97958
Instruction ID: f6d2788e8b6450e572e9c8eb3c60d6c70d25061134a9eaf25e99ce8bf8e6ac87
Opcode Fuzzy Hash: d56e15db0f74dd159e35424275048720e543a80bed58b566200c24ae51b97958
Instruction Fuzzy Hash: 703180B7F1122507F3544839CC683B26583DBE1324F2F82798E896BBC9D9BE5C4A5380

Function 00AA60C5 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f29a37a4589f6d20892949aae7f5105dd5dd91ab202da28c907f0eb7539cd732
Instruction ID: f466e697319004c8be2c5b531dbbddc464665142e637b5427db45e8e6758257e
Opcode Fuzzy Hash: f29a37a4589f6d20892949aae7f5105dd5dd91ab202da28c907f0eb7539cd732
Instruction Fuzzy Hash: DA3177B3F6052107F758482ACC693A65583A7D5324F2F82388F5DAB7C5CCBE9C070284

Function 00AFF275 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 094cf0efa8f3d9ec1ce15d03af370cf942a9fe5283ed7ba6f5c513e535c0868c
Instruction ID: 1d64a9bd8f8ed0ce118c6695e30394b2681bdd2f7a509a72717395045b094b0c
Opcode Fuzzy Hash: 094cf0efa8f3d9ec1ce15d03af370cf942a9fe5283ed7ba6f5c513e535c0868c
Instruction Fuzzy Hash: F93139E7F1162207F3A44879CD9832250839BE6324F2F83788F5C6BBCAD83D5D0A5284

Function 00AD3090 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 599d89f528d587b9a84cb8822e585f92624f319ced71fb1d278c607ed6d483e8
Instruction ID: 131ae0195972c2a07d8a5716b9a646ce3cf42a4859decbac75994001474f097e
Opcode Fuzzy Hash: 599d89f528d587b9a84cb8822e585f92624f319ced71fb1d278c607ed6d483e8
Instruction Fuzzy Hash: A521AFF3F9162547F3504875DD883A159839795320F2F83388E6C6B7C9DCBE4D4A5284

Function 00A99387 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154741ba5a14f52651384da24002f65be6d95394365fb20103c378b25e18ea12
Instruction ID: 02de67a4e449f4dc1aeeaabd5e1416f44b788d5c5eb7a30a32cf56ae30077b9e
Opcode Fuzzy Hash: 154741ba5a14f52651384da24002f65be6d95394365fb20103c378b25e18ea12
Instruction Fuzzy Hash: 56211DB3F1123947F3944879C9583A295839BE5320F2F82798E9CAB7C6E97E5C0553C0

Function 00A43192 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198a4674ccb74c19bba755674da8ba639c7c73eeb7f23c8872f8368afb0f9dad
Instruction ID: 1302bfef142bd717d25ff41aa0c3a29ca097cfa850344531e323fe4f94b677f8
Opcode Fuzzy Hash: 198a4674ccb74c19bba755674da8ba639c7c73eeb7f23c8872f8368afb0f9dad
Instruction Fuzzy Hash: 1A213AF7E1162547F3984875DC68362218397E5324F2F82398FA96B7CAEC7E5C060284

Function 00B491C4 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ec75260293883d5f965f7a060d9914cd28f464e1dee82ee28f9d11282dfa68a
Instruction ID: 3640988dba2abccde02244e5712ae4036ce49e8e0f64064319ce177f62931fc9
Opcode Fuzzy Hash: 9ec75260293883d5f965f7a060d9914cd28f464e1dee82ee28f9d11282dfa68a
Instruction Fuzzy Hash: 952147B7F5112107F3548479DD583A224438BD1324F2F82388E5C6BBCAD8BE5C4A0384

Function 00AB220A Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91455daf6bed62597fb6fbd9555487c681b8d4a8ad9ad9842fc4fedb9b6b065d
Instruction ID: 4366443abcad3f93f8911693b678f075f7183ef499d43eeab94ae4f9bfedf9b4
Opcode Fuzzy Hash: 91455daf6bed62597fb6fbd9555487c681b8d4a8ad9ad9842fc4fedb9b6b065d
Instruction Fuzzy Hash: E921ECA3F4152547F350887ACD5835255839BD5324F2FC3388A9C6B7D9D8BE5D474284

Function 00A40181 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d06c0c4b7167a9729a188e4ef7369dd918cfb99ab7c3a8d63c0c161f54c923d
Instruction ID: 8236ab984c52f316a154143b3018102ba5d5c650fb82b234d53efe4579aad18a
Opcode Fuzzy Hash: 5d06c0c4b7167a9729a188e4ef7369dd918cfb99ab7c3a8d63c0c161f54c923d
Instruction Fuzzy Hash: 2021E2B7F5162547F3584839DD68362A543A7A1324F2F82388FAA2BBC5DC3E5C065289

Function 00B68300 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8001efe9848ba519ae77851c9c9afcf4b1d667ab70b38d6cd17852a07d2dc396
Instruction ID: 8ae61c1221136c8c119f9a0a13b186cb616f201ce6a4244271af5b920129a6a4
Opcode Fuzzy Hash: 8001efe9848ba519ae77851c9c9afcf4b1d667ab70b38d6cd17852a07d2dc396
Instruction Fuzzy Hash: 292179B3F512214BF3588822DC943726243EBD5310F2AC17C8A859BBCACD7E4D0A9784

Function 00A8D103 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3af8f73c9ff3eb5242f4bbbd50aea10031ebaa0fc9061af99a9ccad7bc13e7a
Instruction ID: 6562d1ef7119b0e15aca09e21a2c1dd29b98e022a0e94849b62ae2ca95ad10fb
Opcode Fuzzy Hash: c3af8f73c9ff3eb5242f4bbbd50aea10031ebaa0fc9061af99a9ccad7bc13e7a
Instruction Fuzzy Hash: 3D1106B3F5162507F3684876CC543A26583E7D5320F2BC2788E9CABBC9D97E4D0A52C4

Function 00A101F9 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2251770618.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true

Associated: 00000000.00000002.2251717095.0000000000A00000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CAA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251770618.0000000000CBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2251992853.0000000000CBB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252095463.0000000000E66000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2252107988.0000000000E68000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecd1147456302b9fbac71db6f097cebf5e89a205586503c5237ee6c79256ef72
Instruction ID: ff3e1e9e76d6cc79204a551ac0380a66a2b2c81b94465869111c4e878f80dd35
Opcode Fuzzy Hash: ecd1147456302b9fbac71db6f097cebf5e89a205586503c5237ee6c79256ef72
Instruction Fuzzy Hash: D2112AB221C7009FE344AE6CD995BBAB7F4EB08710F16482C92C6C7740EA3068808B5B

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: file.exePID: 1684, Parent PID: 1028

General

Chronological Activities

Disassembly

Analysis Process: file.exePID: 1684, Parent PID: 1028COMMON

Execution Graph

Graph

Windows Analysis Report
file.exe

Function 00BF3FD0 Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Function 00BEB9EC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Function 00BEBEF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Function 00BEE84C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Function 00BEA8CC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Function 00BEBFDB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Function 00BEEA68 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Function 00BEE3D4 Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Function 00BEA319 Relevance: 3.0, APIs: 2, Instructions: 33
sleepthreadCOMMON

Function 00BF49FC Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Function 00BECA53 Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Function 00BEC26F Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Function 00BF4749 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON