Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538060
MD5:	10eafe2a4f1e6519328fb587a645c8d7
SHA1:	d8e3d03dc810cb893f8941b1be93b673a9a54587
SHA256:	fb4f51a56080427ae003496f0203dba3ffdbb34922c6286f84af13891e88e114
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

AI detected suspicious sample

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Hides threads from debuggers

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Entry point lies outside standard sections

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 10EAFE2A4F1E6519328FB587A645C8D7)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00622D1F CryptVerifySignatureA,

0_2_00622D1F

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1693124521.0000000004C20000.00000004.00001000.00020000.00000000.sdmp

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F504D	0_2_004F504D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00466042	0_2_00466042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00526054	0_2_00526054
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AE042	0_2_004AE042
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DF045	0_2_004DF045
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051E05E	0_2_0051E05E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B205D	0_2_004B205D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046F05E	0_2_0046F05E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00503048	0_2_00503048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00598045	0_2_00598045
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052C04D	0_2_0052C04D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058307B	0_2_0058307B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050F074	0_2_0050F074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C706A	0_2_004C706A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050B078	0_2_0050B078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00534078	0_2_00534078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054B06C	0_2_0054B06C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8072	0_2_004F8072
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051106C	0_2_0051106C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045F005	0_2_0045F005
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00549015	0_2_00549015
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AD00C	0_2_004AD00C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053201D	0_2_0053201D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00580017	0_2_00580017
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00473016	0_2_00473016
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00537006	0_2_00537006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DD012	0_2_004DD012
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00458027	0_2_00458027
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049503F	0_2_0049503F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051F028	0_2_0051F028
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057302A	0_2_0057302A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056E0D2	0_2_0056E0D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C0D4	0_2_0045C0D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005890CD	0_2_005890CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005360CA	0_2_005360CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CF0ED	0_2_004CF0ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BE0ED	0_2_004BE0ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB0E2	0_2_004EB0E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A0EB	0_2_0046A0EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005620F8	0_2_005620F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CB0E3	0_2_004CB0E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005540EB	0_2_005540EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA0F1	0_2_004EA0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00471083	0_2_00471083
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058E095	0_2_0058E095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00467097	0_2_00467097
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C009E	0_2_004C009E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054A080	0_2_0054A080
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FB095	0_2_004FB095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056C089	0_2_0056C089
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E40AE	0_2_004E40AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004910AB	0_2_004910AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CA0A1	0_2_004CA0A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005520A1	0_2_005520A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B40B3	0_2_004B40B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004900B3	0_2_004900B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC0B4	0_2_004EC0B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052B150	0_2_0052B150
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A143	0_2_0048A143
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047D149	0_2_0047D149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D1143	0_2_004D1143
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058514D	0_2_0058514D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F4151	0_2_004F4151
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AB163	0_2_004AB163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00504179	0_2_00504179
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00456175	0_2_00456175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E817E	0_2_004E817E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051C163	0_2_0051C163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B717E	0_2_004B717E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00567161	0_2_00567161
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A716D	0_2_005A716D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053816A	0_2_0053816A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C9173	0_2_004C9173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA108	0_2_004AA108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057E112	0_2_0057E112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057B102	0_2_0057B102
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00525105	0_2_00525105
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00486112	0_2_00486112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057F108	0_2_0057F108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00591139	0_2_00591139
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00544138	0_2_00544138
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050C123	0_2_0050C123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481134	0_2_00481134
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00487136	0_2_00487136
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005811D8	0_2_005811D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A1CE	0_2_0045A1CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055F1D9	0_2_0055F1D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046B1C9	0_2_0046B1C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A11DA	0_2_004A11DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C71D9	0_2_004C71D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059B1CC	0_2_0059B1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EF1D4	0_2_004EF1D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005601FC	0_2_005601FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053E1E0	0_2_0053E1E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00506199	0_2_00506199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050819C	0_2_0050819C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00545199	0_2_00545199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00593184	0_2_00593184
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FD191	0_2_004FD191
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E71A6	0_2_004E71A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BC1BE	0_2_004BC1BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058625B	0_2_0058625B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C240	0_2_0048C240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0243	0_2_004A0243
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A9251	0_2_005A9251
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053925E	0_2_0053925E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056B244	0_2_0056B244
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B9250	0_2_004B9250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F2268	0_2_004F2268
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6262	0_2_004A6262
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00498262	0_2_00498262
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054927B	0_2_0054927B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D327C	0_2_004D327C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D827F	0_2_004D827F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004ED278	0_2_004ED278
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BB270	0_2_004BB270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052726E	0_2_0052726E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00542268	0_2_00542268
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00594265	0_2_00594265
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00572216	0_2_00572216
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054E218	0_2_0054E218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BC20B	0_2_005BC20B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053C205	0_2_0053C205
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053A204	0_2_0053A204
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00489211	0_2_00489211
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC211	0_2_004AC211
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046D220	0_2_0046D220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F3226	0_2_004F3226
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055923C	0_2_0055923C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D5222	0_2_004D5222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D9222	0_2_004D9222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B0239	0_2_004B0239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B2228	0_2_005B2228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058D22F	0_2_0058D22F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049A231	0_2_0049A231
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054D22D	0_2_0054D22D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A3223	0_2_005A3223
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056222A	0_2_0056222A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DB2C7	0_2_004DB2C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004622CB	0_2_004622CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047B2D6	0_2_0047B2D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051D2C3	0_2_0051D2C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004802DC	0_2_004802DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B62D4	0_2_004B62D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059F2C6	0_2_0059F2C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005002FA	0_2_005002FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057C2F9	0_2_0057C2F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C82F3	0_2_004C82F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054C29E	0_2_0054C29E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050E281	0_2_0050E281
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00578284	0_2_00578284
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00569282	0_2_00569282
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053128A	0_2_0053128A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B7285	0_2_005B7285
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F42AC	0_2_004F42AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005122B2	0_2_005122B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058A2BC	0_2_0058A2BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005462BE	0_2_005462BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C92B8	0_2_004C92B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005922A2	0_2_005922A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AC2A7	0_2_005AC2A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A2341	0_2_004A2341
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050235C	0_2_0050235C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00597355	0_2_00597355
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053C35E	0_2_0053C35E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C1352	0_2_005C1352
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00499346	0_2_00499346
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E035E	0_2_004E035E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00551344	0_2_00551344
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00595348	0_2_00595348
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047335D	0_2_0047335D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00547349	0_2_00547349
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A9354	0_2_004A9354
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00521373	0_2_00521373
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00563373	0_2_00563373
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052537C	0_2_0052537C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045E374	0_2_0045E374
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00557364	0_2_00557364
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058736A	0_2_0058736A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00470371	0_2_00470371
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00478379	0_2_00478379
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AA365	0_2_005AA365
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D431F	0_2_004D431F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CD310	0_2_004CD310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E632F	0_2_004E632F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00565331	0_2_00565331
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE322	0_2_004CE322
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00568326	0_2_00568326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045B33C	0_2_0045B33C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046133F	0_2_0046133F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052F328	0_2_0052F328
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056E32C	0_2_0056E32C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E333	0_2_0048E333
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C2331	0_2_004C2331
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FD330	0_2_004FD330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005553D5	0_2_005553D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005643D3	0_2_005643D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005523DF	0_2_005523DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056A3C6	0_2_0056A3C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A13CF	0_2_005A13CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004593D2	0_2_004593D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004773D8	0_2_004773D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA3EE	0_2_004EA3EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051E3F0	0_2_0051E3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BF3E9	0_2_004BF3E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C3E3	0_2_0047C3E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E93E8	0_2_004E93E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059C3FF	0_2_0059C3FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A83ED	0_2_004A83ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050F3F8	0_2_0050F3F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005013FA	0_2_005013FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004693EA	0_2_004693EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051A3FE	0_2_0051A3FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CF3FD	0_2_004CF3FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E73FB	0_2_004E73FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005773EB	0_2_005773EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D738F	0_2_004D738F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046F382	0_2_0046F382
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D2386	0_2_004D2386
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053A398	0_2_0053A398
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052839C	0_2_0052839C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00599397	0_2_00599397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474393	0_2_00474393
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047E390	0_2_0047E390
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00505388	0_2_00505388
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00493395	0_2_00493395
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004683A2	0_2_004683A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BD3AE	0_2_004BD3AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C13A4	0_2_004C13A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004793AA	0_2_004793AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AE3A7	0_2_004AE3A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059A3AC	0_2_0059A3AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053D3AC	0_2_0053D3AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D944D	0_2_004D944D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057D454	0_2_0057D454
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050D454	0_2_0050D454
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CB44A	0_2_004CB44A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B7440	0_2_004B7440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052245C	0_2_0052245C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00580449	0_2_00580449
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00568448	0_2_00568448
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054F44B	0_2_0054F44B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058447B	0_2_0058447B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052E47A	0_2_0052E47A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00542466	0_2_00542466
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B247F	0_2_004B247F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DB479	0_2_004DB479
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00471472	0_2_00471472
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00457472	0_2_00457472
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054A46E	0_2_0054A46E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A4461	0_2_005A4461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046B47B	0_2_0046B47B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047640F	0_2_0047640F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050841D	0_2_0050841D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F7401	0_2_004F7401
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00530401	0_2_00530401
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A0409	0_2_005A0409
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049541C	0_2_0049541C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00592436	0_2_00592436
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055A427	0_2_0055A427
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054042C	0_2_0054042C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A43D	0_2_0046A43D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050B42D	0_2_0050B42D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FB430	0_2_004FB430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005664DB	0_2_005664DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005584DA	0_2_005584DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F84D6	0_2_004F84D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005344CE	0_2_005344CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DF4D3	0_2_004DF4D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004754D8	0_2_004754D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055E4CA	0_2_0055E4CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005734F4	0_2_005734F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057E4F1	0_2_0057E4F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E54FD	0_2_004E54FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005334E4	0_2_005334E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D04F4	0_2_004D04F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049B4F3	0_2_0049B4F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AB4F7	0_2_004AB4F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005944E7	0_2_005944E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059848A	0_2_0059848A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F14A9	0_2_004F14A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058B4B6	0_2_0058B4B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051F4BE	0_2_0051F4BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA4B8	0_2_004AA4B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055D4A3	0_2_0055D4A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004664B1	0_2_004664B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005134AD	0_2_005134AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DA54C	0_2_004DA54C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047E544	0_2_0047E544
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F4548	0_2_004F4548
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E1542	0_2_004E1542
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058F556	0_2_0058F556
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464553	0_2_00464553
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A354F	0_2_005A354F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046555F	0_2_0046555F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481551	0_2_00481551
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AF557	0_2_004AF557
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054354A	0_2_0054354A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056E572	0_2_0056E572
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C5564	0_2_004C5564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E8567	0_2_004E8567
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00491567	0_2_00491567
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054457A	0_2_0054457A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00545567	0_2_00545567
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC579	0_2_004EC579
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055356D	0_2_0055356D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058E562	0_2_0058E562
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D1571	0_2_004D1571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A150F	0_2_004A150F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051451C	0_2_0051451C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057B51A	0_2_0057B51A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C2503	0_2_004C2503
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051751E	0_2_0051751E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00509501	0_2_00509501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052B503	0_2_0052B503
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046D515	0_2_0046D515
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058550C	0_2_0058550C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045851E	0_2_0045851E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048653D	0_2_0048653D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00503526	0_2_00503526
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056752F	0_2_0056752F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050452B	0_2_0050452B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005425DC	0_2_005425DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005745C3	0_2_005745C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B95D6	0_2_004B95D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A5E9	0_2_0048A5E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F95E5	0_2_004F95E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A55F4	0_2_005A55F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049E5F6	0_2_0049E5F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A959D	0_2_005A959D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046058C	0_2_0046058C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BE587	0_2_004BE587
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051159F	0_2_0051159F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004635AE	0_2_004635AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A75B0	0_2_005A75B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A25B1	0_2_005A25B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052A5A0	0_2_0052A5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054D5A7	0_2_0054D5A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C5B2	0_2_0045C5B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005355A8	0_2_005355A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BA65B	0_2_005BA65B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BA642	0_2_004BA642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B865A	0_2_004B865A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D565C	0_2_004D565C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC656	0_2_004EC656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BB66B	0_2_004BB66B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045566E	0_2_0045566E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058966C	0_2_0058966C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053666A	0_2_0053666A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048F673	0_2_0048F673
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB60C	0_2_004EB60C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00513616	0_2_00513616
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00483602	0_2_00483602
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046660A	0_2_0046660A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D8611	0_2_004D8611
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054E632	0_2_0054E632
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00569631	0_2_00569631
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049D622	0_2_0049D622
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050E620	0_2_0050E620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050A628	0_2_0050A628
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051B62C	0_2_0051B62C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056F628	0_2_0056F628
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC6CF	0_2_004CC6CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005916D2	0_2_005916D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C66C0	0_2_004C66C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005236CB	0_2_005236CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C96D2	0_2_004C96D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A06D5	0_2_004A06D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045E6E3	0_2_0045E6E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005796E0	0_2_005796E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055D6ED	0_2_0055D6ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005466EF	0_2_005466EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046E686	0_2_0046E686
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053169B	0_2_0053169B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A269A	0_2_004A269A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00514681	0_2_00514681
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E69F	0_2_0048E69F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DE695	0_2_004DE695
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050768F	0_2_0050768F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E16A9	0_2_004E16A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057A6BA	0_2_0057A6BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059B6B7	0_2_0059B6B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051C6A9	0_2_0051C6A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005546AC	0_2_005546AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A96B1	0_2_004A96B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004726BA	0_2_004726BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005066AD	0_2_005066AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005786AA	0_2_005786AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00512751	0_2_00512751
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DD743	0_2_004DD743
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00495746	0_2_00495746
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D675B	0_2_004D675B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C6745	0_2_005C6745
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00588745	0_2_00588745
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004ED76E	0_2_004ED76E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052E772	0_2_0052E772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AD777	0_2_005AD777
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A6768	0_2_005A6768
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00572760	0_2_00572760
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BF771	0_2_004BF771
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C775	0_2_0048C775
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4762	0_2_005C4762
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE772	0_2_004CE772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059571B	0_2_0059571B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00548717	0_2_00548717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053C703	0_2_0053C703
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00541702	0_2_00541702
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00519709	0_2_00519709
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D3713	0_2_004D3713
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00575735	0_2_00575735
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049272F	0_2_0049272F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8739	0_2_004A8739
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056C720	0_2_0056C720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D4732	0_2_004D4732
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004857C8	0_2_004857C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059A7D9	0_2_0059A7D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045F7C0	0_2_0045F7C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057D7DD	0_2_0057D7DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004777CA	0_2_004777CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AC7D7	0_2_005AC7D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A07CB	0_2_005A07CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005477CC	0_2_005477CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E37D4	0_2_004E37D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E67D5	0_2_004E67D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005977C4	0_2_005977C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005287F6	0_2_005287F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FD7E7	0_2_004FD7E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005407FC	0_2_005407FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004747F1	0_2_004747F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053E7E5	0_2_0053E7E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C97F0	0_2_004C97F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F57F0	0_2_004F57F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049378D	0_2_0049378D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0054A79E	0_2_0054A79E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058B795	0_2_0058B795
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EE796	0_2_004EE796
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005017B6	0_2_005017B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057F7A3	0_2_0057F7A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A47A3	0_2_005A47A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004947B3	0_2_004947B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057C7A9	0_2_0057C7A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058085A	0_2_0058085A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056A853	0_2_0056A853
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047D84B	0_2_0047D84B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4844	0_2_004B4844
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045B850	0_2_0045B850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00552840	0_2_00552840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047985F	0_2_0047985F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055F84B	0_2_0055F84B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051E84E	0_2_0051E84E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00510878	0_2_00510878
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055A866	0_2_0055A866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC87D	0_2_004AC87D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00489870	0_2_00489870
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051786B	0_2_0051786B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00526813	0_2_00526813
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00566814	0_2_00566814
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059081C	0_2_0059081C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048080F	0_2_0048080F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057681E	0_2_0057681E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059C813	0_2_0059C813
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00581813	0_2_00581813
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AA811	0_2_005AA811
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00557818	0_2_00557818
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6805	0_2_004A6805
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B581B	0_2_004B581B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B681B	0_2_004B681B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A380C	0_2_005A380C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00458812	0_2_00458812
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050280E	0_2_0050280E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FA82F	0_2_004FA82F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046A82C	0_2_0046A82C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046883E	0_2_0046883E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E8837	0_2_004E8837
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056282C	0_2_0056282C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052B829	0_2_0052B829
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A8826	0_2_005A8826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B3836	0_2_004B3836
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A1825	0_2_005A1825
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055E8DA	0_2_0055E8DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005888CA	0_2_005888CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B78DF	0_2_004B78DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005158C4	0_2_005158C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004628E3	0_2_004628E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005618F0	0_2_005618F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CB8EB	0_2_004CB8EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005558FC	0_2_005558FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005088FC	0_2_005088FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A78E8	0_2_005A78E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004708F2	0_2_004708F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F38F9	0_2_004F38F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051A8E7	0_2_0051A8E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C28F4	0_2_004C28F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A188B	0_2_004A188B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C688F	0_2_004C688F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049B886	0_2_0049B886
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00594889	0_2_00594889
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004868A9	0_2_004868A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005848B9	0_2_005848B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DA8A8	0_2_004DA8A8

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 0061DD14 appears 35 times

Source: file.exe, 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: pjhuoolz ZLIB complexity 0.9949726608564269

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior

Source: file.exe

Static file information: File size 1761792 > 1048576

Source: file.exe

Static PE information: Raw size of pjhuoolz is bigger than: 0x100000 < 0x1a8000

Source:

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.440000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pjhuoolz:EW;qstkvopw:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1bd490 should be: 0x1b29a0

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: pjhuoolz
Source: file.exe	Static PE information: section name: qstkvopw
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00451918 push 68C78E2Eh; mov dword ptr [esp], esi	0_2_0045191D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00451918 push 50254DC0h; mov dword ptr [esp], ecx	0_2_0045193A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00451918 push esi; mov dword ptr [esp], edx	0_2_004548CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00526054 push 5E3A51B7h; mov dword ptr [esp], ecx	0_2_0052656A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00526054 push 29C0C32Bh; mov dword ptr [esp], ebp	0_2_005266BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00526054 push edi; mov dword ptr [esp], eax	0_2_005266D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067E06E push 76DC5282h; mov dword ptr [esp], edi	0_2_0067E0A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E065 push ebx; mov dword ptr [esp], ecx	0_2_0044EBD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E065 push 616757A7h; mov dword ptr [esp], edi	0_2_0044F332
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00452060 push edx; mov dword ptr [esp], 3FCF9D42h	0_2_00452F51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00450072 push ecx; mov dword ptr [esp], 77773319h	0_2_00453FA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064205B push edi; mov dword ptr [esp], esp	0_2_006420DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045F005 push eax; mov dword ptr [esp], 3A830399h	0_2_0045F49A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045F005 push edi; mov dword ptr [esp], eax	0_2_0045F4CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045F005 push ebp; mov dword ptr [esp], eax	0_2_0045F55F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045F005 push edx; mov dword ptr [esp], eax	0_2_0045F665
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045F005 push ebp; mov dword ptr [esp], eax	0_2_0045F6C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00638022 push 2CA7C34Bh; mov dword ptr [esp], edx	0_2_0063803B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044F02F push esi; mov dword ptr [esp], edx	0_2_0044F280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005540EB push eax; mov dword ptr [esp], 7FFE1000h	0_2_005543EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005540EB push esi; mov dword ptr [esp], ecx	0_2_0055442D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005540EB push 3B1AEC3Ah; mov dword ptr [esp], ebp	0_2_00554435
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005540EB push ebx; mov dword ptr [esp], 48098A94h	0_2_005544A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005540EB push 2A36583Fh; mov dword ptr [esp], ebx	0_2_005544BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005540EB push edi; mov dword ptr [esp], eax	0_2_00554522
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005540EB push ebp; mov dword ptr [esp], 3F3D5F00h	0_2_005545D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044D08A push eax; mov dword ptr [esp], ebp	0_2_0044D098
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00451091 push edx; mov dword ptr [esp], C1408A9Ch	0_2_00452B85
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E093 push ebx; mov dword ptr [esp], ecx	0_2_0044EBD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044E093 push 616757A7h; mov dword ptr [esp], edi	0_2_0044F332
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004500B5 push ecx; mov dword ptr [esp], 519F6A25h	0_2_00450188

Source: file.exe	Static PE information: section name: entropy: 7.793003233433282
Source: file.exe	Static PE information: section name: pjhuoolz entropy: 7.953486757782369

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44E154 second address: 44E159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44E159 second address: 44E15E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D95C second address: 44D960 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B87D8 second address: 5B87F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC8D6278Bh 0x00000009 push edi 0x0000000a pop edi 0x0000000b js 00007F8BC8D62786h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB2F2 second address: 5CB2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB2F6 second address: 5CB30B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D6278Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB30B second address: 5CB311 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB311 second address: 5CB31B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB79E second address: 5CB7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8BC94A29D6h 0x0000000a jnp 00007F8BC94A29D6h 0x00000010 popad 0x00000011 push esi 0x00000012 jmp 00007F8BC94A29E1h 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CBC6B second address: 5CBC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CBC73 second address: 5CBC79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDFD3 second address: 5CDFEB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8BC8D62788h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B37B4 second address: 5B37C4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8BC94A29D6h 0x00000008 jno 00007F8BC94A29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B37C4 second address: 5B37CE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8BC8D62792h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B37CE second address: 5B37D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED453 second address: 5ED466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC8D6278Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED466 second address: 5ED46A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED46A second address: 5ED48E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8BC8D62792h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED48E second address: 5ED4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E7h 0x00000009 jmp 00007F8BC94A29DFh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED600 second address: 5ED60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED60C second address: 5ED626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8BC94A29D6h 0x0000000a popad 0x0000000b jnp 00007F8BC94A29E4h 0x00000011 push ecx 0x00000012 jbe 00007F8BC94A29D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA4A second address: 5EDA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA50 second address: 5EDA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA54 second address: 5EDA5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA5A second address: 5EDA5F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA5F second address: 5EDA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F8BC8D6278Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDB9C second address: 5EDBA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDD36 second address: 5EDD4A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8BC8D62786h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F8BC8D6278Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDD4A second address: 5EDD4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDD4E second address: 5EDD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62791h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007F8BC8D62788h 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDD6F second address: 5EDD89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8BC94A29D6h 0x0000000a pop esi 0x0000000b push ecx 0x0000000c jmp 00007F8BC94A29DCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EE547 second address: 5EE54D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EE54D second address: 5EE553 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EE553 second address: 5EE561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F8BC8D62786h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5E22 second address: 5E5E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5E26 second address: 5E5E2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5E2C second address: 5E5E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E5E30 second address: 5E5E34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EE69C second address: 5EE6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29DEh 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EEF02 second address: 5EEF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EEF06 second address: 5EEF0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EEF0A second address: 5EEF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jns 00007F8BC8D62792h 0x00000010 jl 00007F8BC8D6278Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF31B second address: 5EF32B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF32B second address: 5EF32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF32F second address: 5EF333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EF333 second address: 5EF339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C5E15 second address: 5C5E1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F4761 second address: 5F4768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F4768 second address: 5F4778 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB61A second address: 5FB637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC8D62797h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FABC6 second address: 5FABE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F8BC94A29E9h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FAD87 second address: 5FAD8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB299 second address: 5FB2D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F8BC94A29D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F8BC94A29E4h 0x00000014 jnp 00007F8BC94A29D6h 0x0000001a popad 0x0000001b js 00007F8BC94A29DAh 0x00000021 pushad 0x00000022 popad 0x00000023 push edx 0x00000024 pop edx 0x00000025 push esi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB44B second address: 5FB44F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FB44F second address: 5FB47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8BC94A29DEh 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEBB4 second address: 5FEBD6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8BC8D6278Bh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8BC8D6278Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FF39E second address: 5FF3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F8BC94A29D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFA03 second address: 5FFA07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFFA9 second address: 5FFFBB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BC94A29D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFFBB second address: 5FFFBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 600055 second address: 6000AE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jng 00007F8BC94A29D6h 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 push edi 0x00000011 push edx 0x00000012 jmp 00007F8BC94A29DFh 0x00000017 pop edx 0x00000018 pop edi 0x00000019 xchg eax, ebx 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F8BC94A29D8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000018h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 jmp 00007F8BC94A29DFh 0x00000039 nop 0x0000003a push eax 0x0000003b push edx 0x0000003c push ecx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6000AE second address: 6000B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 600237 second address: 600241 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BC94A29DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6014A1 second address: 6014A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6012CF second address: 6012D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6014A7 second address: 6014B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8BC8D62786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6025AC second address: 6025B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F8BC94A29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 602FFC second address: 603002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603002 second address: 603006 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603A2F second address: 603A34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 602CFB second address: 602D01 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603A34 second address: 603A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60450F second address: 604527 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604527 second address: 60452D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60452D second address: 604531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604F85 second address: 604FED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8BC8D62786h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F8BC8D62788h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007F8BC8D62788h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 mov dword ptr [ebp+122D28C4h], edi 0x0000004d push 00000000h 0x0000004f xor dword ptr [ebp+122D1AFDh], eax 0x00000055 xchg eax, ebx 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 push ecx 0x0000005a pop ecx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604D77 second address: 604D8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604FED second address: 604FF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604D8E second address: 604D95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 604D95 second address: 604DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F8BC8D6278Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6084F3 second address: 6084F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6084F7 second address: 608579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F8BC8D62788h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 jmp 00007F8BC8D6278Fh 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F8BC8D62788h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 mov di, FD93h 0x00000048 push 00000000h 0x0000004a xchg eax, esi 0x0000004b jnp 00007F8BC8D6278Eh 0x00000051 jnc 00007F8BC8D62788h 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F8BC8D62792h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609578 second address: 6095FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F8BC94A29D8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007F8BC94A29D8h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 00000015h 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push eax 0x00000046 call 00007F8BC94A29D8h 0x0000004b pop eax 0x0000004c mov dword ptr [esp+04h], eax 0x00000050 add dword ptr [esp+04h], 00000015h 0x00000058 inc eax 0x00000059 push eax 0x0000005a ret 0x0000005b pop eax 0x0000005c ret 0x0000005d mov dword ptr [ebp+122DB38Ah], ecx 0x00000063 xchg eax, esi 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F8BC94A29DFh 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6087A2 second address: 6087C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62796h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6095FB second address: 609612 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jbe 00007F8BC94A29D6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007F8BC94A29D6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6087C3 second address: 6087C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 609612 second address: 60961C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BC94A29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6087C7 second address: 6087CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60961C second address: 609632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BC94A29E1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6087CB second address: 6087D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60A5FD second address: 60A616 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007F8BC94A29E0h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60A82E second address: 60A849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8BC8D62792h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B6F0 second address: 60B786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F8BC94A29D8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 jg 00007F8BC94A29DCh 0x00000029 mov ebx, dword ptr [ebp+122D2798h] 0x0000002f push dword ptr fs:[00000000h] 0x00000036 mov dword ptr [ebp+122D1A71h], edx 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 add ebx, dword ptr [ebp+122D2553h] 0x00000049 push eax 0x0000004a pop ebx 0x0000004b mov eax, dword ptr [ebp+122D1091h] 0x00000051 jmp 00007F8BC94A29DCh 0x00000056 push FFFFFFFFh 0x00000058 call 00007F8BC94A29E1h 0x0000005d cmc 0x0000005e pop edi 0x0000005f nop 0x00000060 pushad 0x00000061 pushad 0x00000062 jmp 00007F8BC94A29DAh 0x00000067 push edi 0x00000068 pop edi 0x00000069 popad 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C542 second address: 60C546 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B786 second address: 60B78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C546 second address: 60C54C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E47B second address: 60E47F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D59E second address: 60D5BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8BC8D62795h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D684 second address: 60D688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60F3DF second address: 60F42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jns 00007F8BC8D62786h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jnc 00007F8BC8D627A0h 0x00000017 nop 0x00000018 and ebx, 5C057A93h 0x0000001e push 00000000h 0x00000020 mov dword ptr [ebp+122D2823h], eax 0x00000026 mov bx, 1521h 0x0000002a push 00000000h 0x0000002c xchg eax, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f push ebx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60F42B second address: 60F430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60F430 second address: 60F436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 611752 second address: 611756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 611756 second address: 61176D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8BC8D6278Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61176D second address: 611771 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6137AA second address: 6137B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 610781 second address: 610798 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8BC94A29DCh 0x00000008 ja 00007F8BC94A29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 610798 second address: 61079C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61079C second address: 6107A2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6138FE second address: 613918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8BC8D6278Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6107A2 second address: 6107B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC94A29DDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616523 second address: 616550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F8BC8D62798h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f jmp 00007F8BC8D6278Ah 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616550 second address: 61655A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8BC94A29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61655A second address: 61655E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6158E5 second address: 6158E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6158E9 second address: 6158F3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6158F3 second address: 6158F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617780 second address: 61779D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8BC8D62792h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628440 second address: 628444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627C5D second address: 627C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627C61 second address: 627C6E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 630E5E second address: 630E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6338C2 second address: 6338C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6378D2 second address: 6378EE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8BC8D62793h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6378EE second address: 6378F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6378F4 second address: 6378F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6378F9 second address: 637909 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC94A29DAh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 637EDC second address: 637EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 637EE2 second address: 637EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8BC94A29E0h 0x0000000c jnl 00007F8BC94A29D6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 637EFF second address: 637F05 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63805F second address: 638065 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 638065 second address: 63806F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 638348 second address: 63835F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63835F second address: 63837E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62795h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63837E second address: 6383A2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8BC94A29D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8BC94A29DEh 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63F5A1 second address: 63F5A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63F5A8 second address: 63F5C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F8BC94A29F4h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63F5C2 second address: 63F5C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C42B2 second address: 5C42BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8BC94A29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C42BC second address: 5C42C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C42C4 second address: 5C42C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63E99C second address: 63E9A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63DFEF second address: 63E002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F8BC94A29DEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63E002 second address: 63E00C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8BC8D6279Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63ECF2 second address: 63ED10 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8BC94A29D6h 0x00000008 jmp 00007F8BC94A29DEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63ED10 second address: 63ED35 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BC8D62786h 0x00000008 jo 00007F8BC8D62786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8BC8D62792h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FC605 second address: 5E5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnp 00007F8BC94A29DCh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F8BC94A29D8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 sbb cx, 0A68h 0x0000002e mov dx, 9A70h 0x00000032 call dword ptr [ebp+122D1ABDh] 0x00000038 push eax 0x00000039 push edx 0x0000003a jl 00007F8BC94A29DEh 0x00000040 pushad 0x00000041 popad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FCB20 second address: 5FCB26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FCB26 second address: 5FCB2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FCE18 second address: 5FCE45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], esi 0x00000008 mov edx, dword ptr [ebp+122D37B6h] 0x0000000e nop 0x0000000f pushad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F8BC8D62796h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FCF88 second address: 5FCF8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD0B0 second address: 5FD0BA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BC8D62786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD0BA second address: 5FD0F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BC94A29E0h 0x00000008 jmp 00007F8BC94A29E6h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 ja 00007F8BC94A29E2h 0x00000017 ja 00007F8BC94A29DCh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD7B8 second address: 5FD7CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BC8D6278Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD7CB second address: 5FD7D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ebx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD7D8 second address: 5FD7F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8BC8D6278Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD8C4 second address: 5FD8EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D274Eh], eax 0x00000010 lea eax, dword ptr [ebp+12482395h] 0x00000016 mov edx, dword ptr [ebp+122D374Ah] 0x0000001c push eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jbe 00007F8BC94A29D6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD8EA second address: 5FD90F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62799h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F8BC8D62786h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FC612 second address: 5E5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F8BC94A29D8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 sbb cx, 0A68h 0x00000027 mov dx, 9A70h 0x0000002b call dword ptr [ebp+122D1ABDh] 0x00000031 push eax 0x00000032 push edx 0x00000033 jl 00007F8BC94A29DEh 0x00000039 pushad 0x0000003a popad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64969C second address: 6496A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6496A0 second address: 6496B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6496B6 second address: 6496F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D6278Bh 0x00000007 jnl 00007F8BC8D6278Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jno 00007F8BC8D62797h 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F8BC8D62786h 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6496F1 second address: 649758 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E3h 0x00000007 jmp 00007F8BC94A29E8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8BC94A29E3h 0x00000014 jmp 00007F8BC94A29DEh 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F8BC94A29DFh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 649758 second address: 64975C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64975C second address: 649766 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8BC94A29D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6498D8 second address: 6498F1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnl 00007F8BC8D62786h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8BC8D6278Ah 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 649B26 second address: 649B2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 649C85 second address: 649CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F8BC8D62795h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 649DBB second address: 649DC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 649DC1 second address: 649DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 649DC7 second address: 649DE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E4h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FAAC second address: 64FAE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62799h 0x00000007 js 00007F8BC8D62786h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8BC8D62790h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FAE3 second address: 64FAE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FD66 second address: 64FD6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FD6B second address: 64FD9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E4h 0x00000007 jmp 00007F8BC94A29E7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FD9F second address: 64FDA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FDA3 second address: 64FDC7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jmp 00007F8BC94A29DFh 0x00000010 push edx 0x00000011 pop edx 0x00000012 jnl 00007F8BC94A29D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64FF0D second address: 64FF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007F8BC8D62799h 0x0000000b pop ebx 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F8BC8D62792h 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6501BA second address: 6501BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6501BE second address: 6501D0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8BC8D62786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F8BC8D62792h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6501D0 second address: 6501DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8BC94A29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6501DA second address: 6501F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC8D62790h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6501F0 second address: 650201 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650201 second address: 65021C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC8D62795h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6507E8 second address: 6507F4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8BC94A29D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653310 second address: 653316 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653316 second address: 65331B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65331B second address: 653329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653329 second address: 65332F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65332F second address: 653333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653333 second address: 653358 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BC94A29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8BC94A29E3h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B708 second address: 65B70E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ADAE second address: 65ADB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ADB4 second address: 65ADB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ADB8 second address: 65ADC6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8BC94A29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ADC6 second address: 65ADDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62792h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65ADDC second address: 65ADE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65AF12 second address: 65AF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B323 second address: 65B32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8BC94A29D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B32F second address: 65B338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B338 second address: 65B33E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65B33E second address: 65B342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EE88 second address: 65EE8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EE8C second address: 65EE90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EE90 second address: 65EE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F296 second address: 65F2B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC8D6278Bh 0x00000009 jng 00007F8BC8D62786h 0x0000000f popad 0x00000010 jbe 00007F8BC8D62788h 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F2B4 second address: 65F2C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC94A29E1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F2C9 second address: 65F2E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62793h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663E9F second address: 663ED1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BC94A29D8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnp 00007F8BC94A29F1h 0x00000010 jnl 00007F8BC94A29D6h 0x00000016 jmp 00007F8BC94A29E5h 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664029 second address: 66402D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66430C second address: 664311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664311 second address: 664332 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62798h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664332 second address: 66433F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 jl 00007F8BC94A29D6h 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66433F second address: 664344 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD2AA second address: 5FD2B0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD2B0 second address: 5FD30F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BC8D6278Ch 0x00000008 jnl 00007F8BC8D62786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 xor dword ptr [ebp+122D2726h], ecx 0x00000019 push 00000004h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F8BC8D62788h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000018h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 add dword ptr [ebp+122D273Ah], edx 0x0000003b nop 0x0000003c jne 00007F8BC8D62798h 0x00000042 push eax 0x00000043 push esi 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66AEAF second address: 66AEB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66AEB3 second address: 66AEB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66BA0A second address: 66BA18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66BA18 second address: 66BA1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66BD07 second address: 66BD12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8BC94A29D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66BD12 second address: 66BD18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66C589 second address: 66C594 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8BC94A29D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670E1F second address: 670E25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670FBE second address: 670FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670FC2 second address: 670FC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670FC8 second address: 670FCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670FCF second address: 670FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6716C1 second address: 6716D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67FBBE second address: 67FBCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8BC8D62786h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67DCFE second address: 67DD1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F8BC94A29DBh 0x0000000f popad 0x00000010 pushad 0x00000011 jnc 00007F8BC94A29D6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E3CA second address: 67E3D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E3D5 second address: 67E3D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E7FD second address: 67E803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E803 second address: 67E809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E912 second address: 67E916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E916 second address: 67E91C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EAA2 second address: 67EACB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62790h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8BC8D62791h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EACB second address: 67EAD5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8BC94A29D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67FA32 second address: 67FA5C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8BC8D62786h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8BC8D62793h 0x00000016 jg 00007F8BC8D62786h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67FA5C second address: 67FA66 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8BC94A29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67FA66 second address: 67FA7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62790h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67FA7E second address: 67FA82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67FA82 second address: 67FA86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67D880 second address: 67D885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 687A48 second address: 687A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 687A4E second address: 687A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 687A53 second address: 687A74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62792h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F8BC8D62786h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 687A74 second address: 687A80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 687A80 second address: 687A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 697CFD second address: 697D37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DFh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8BC94A29E7h 0x0000000e jmp 00007F8BC94A29E0h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6976D1 second address: 6976D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6976D5 second address: 6976E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F8BC94A29D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6976E5 second address: 6976E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69A52B second address: 69A531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69A531 second address: 69A535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69A535 second address: 69A558 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BC94A29D6h 0x00000008 jmp 00007F8BC94A29E9h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69A71B second address: 69A739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F8BC8D62799h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A0171 second address: 6A01A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DCh 0x00000007 je 00007F8BC94A29D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007F8BC94A29F4h 0x00000015 jmp 00007F8BC94A29E8h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A01A7 second address: 6A01AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A01AB second address: 6A01D3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 jnc 00007F8BC94A29DCh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8BC94A29E0h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A01D3 second address: 6A01D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3E9A second address: 6A3EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29DEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3EAC second address: 6A3EC8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8BC8D62792h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3EC8 second address: 6A3ED8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B104D second address: 6B105D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ebx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B166E second address: 6B1674 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B1674 second address: 6B1696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007F8BC8D62786h 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8BC8D62791h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B1696 second address: 6B16A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 jo 00007F8BC94A29E4h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B17F4 second address: 6B17F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B5779 second address: 6B5790 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8BC94A29DDh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B5790 second address: 6B57B7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8BC8D62786h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8BC8D6278Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007F8BC8D62786h 0x0000001c js 00007F8BC8D62786h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B77EF second address: 6B77F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B77F5 second address: 6B77F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B77F9 second address: 6B77FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B7384 second address: 6B7390 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B7390 second address: 6B73C9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8BC94A29D6h 0x00000008 jnc 00007F8BC94A29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F8BC94A29E3h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8BC94A29E3h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B7520 second address: 6B7524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B7524 second address: 6B7528 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEEAC second address: 6BEEB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEEB0 second address: 6BEEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F8BC94A29DEh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEEC9 second address: 6BEED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEED2 second address: 6BEED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C3ED7 second address: 6C3EDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0D95 second address: 6D0D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0D9B second address: 6D0DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8BC8D6278Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0DA7 second address: 6D0DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jno 00007F8BC94A29D6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0BF7 second address: 6D0BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0BFD second address: 6D0C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0C05 second address: 6D0C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007F8BC8D62786h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0C14 second address: 6D0C1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0C1A second address: 6D0C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D0C1E second address: 6D0C22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DACC4 second address: 6DACCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D9F21 second address: 6D9F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA325 second address: 6DA351 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BC8D62786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8BC8D62798h 0x00000010 jg 00007F8BC8D62786h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA351 second address: 6DA374 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8BC94A29E8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA374 second address: 6DA388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F8BC8D62792h 0x0000000c jo 00007F8BC8D62786h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA4E2 second address: 6DA4FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a jl 00007F8BC94A29D6h 0x00000010 jmp 00007F8BC94A29DAh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA4FE second address: 6DA506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA506 second address: 6DA51F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8BC94A29D6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007F8BC94A29D6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA51F second address: 6DA523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA523 second address: 6DA566 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007F8BC94A29E6h 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007F8BC94A29D6h 0x00000018 jl 00007F8BC94A29D6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA566 second address: 6DA56A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA56A second address: 6DA570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA6E7 second address: 6DA6ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DA988 second address: 6DA999 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8BC94A29D6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push ebx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0DDC second address: 6E0DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E07E9 second address: 6E082F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F8BC94A29DBh 0x00000011 push edi 0x00000012 pop edi 0x00000013 jnl 00007F8BC94A29D6h 0x00000019 popad 0x0000001a jmp 00007F8BC94A29E3h 0x0000001f push esi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E93D1 second address: 6E93D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E93D7 second address: 6E93E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E93E0 second address: 6E93E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E8FB8 second address: 6E8FBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E8FBC second address: 6E8FCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F8BC8D6278Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6EAFD6 second address: 6EAFDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6EAFDB second address: 6EB01B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62799h 0x00000007 jmp 00007F8BC8D62793h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 push eax 0x00000016 js 00007F8BC8D62786h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 44D8D5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 44D9D8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5F4950 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 68DDEF instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4E00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 5020000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4E00000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0044E065 rdtsc

0_2_0044E065

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7560

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00629EAE GetSystemInfo,VirtualAlloc,

0_2_00629EAE

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0044E065 rdtsc

0_2_0044E065

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0044B970 LdrInitializeThunk,

0_2_0044B970

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00621E61 GetSystemTime,GetFileTime,

0_2_00621E61

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\Desktop\file.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1	Jump to behavior

Disables Windows Defender Tamper protection

Source: C:\Users\user\Desktop\file.exe

Registry value created: TamperProtection 0

Jump to behavior

Modifies windows update settings

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	41 Disable or Modify Tools	LSASS Memory	641 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Bypass User Account Control	261 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	261 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	24 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Bypass User Account Control	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.XPACK.Gen
file.exe	100%	Joe Sandbox ML

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538060
Start date and time:	2024-10-20 07:38:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtProtectVirtualMemory calls found.

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.9339854721904075
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'761'792 bytes
MD5:	10eafe2a4f1e6519328fb587a645c8d7
SHA1:	d8e3d03dc810cb893f8941b1be93b673a9a54587
SHA256:	fb4f51a56080427ae003496f0203dba3ffdbb34922c6286f84af13891e88e114
SHA512:	dfe5d70e9fc214bdb42b47ca2aa0ab4b468ef54f9d91fe011a4d47e0f2f951153c624149a21cb54b9dcf24a3d8c12ea607813fd78022bd9add614feeffde148b
SSDEEP:	49152:taXgsZHHvsGOxLQE8VSMVR15tt0FZNSWs:gXxsBsH4E1NoZNSl
TLSH:	898533CBBAB38405C08BDA782AED77708838ED12E7CDF69A6555137E6C2B4424C63375
File Content Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............E.. ...`....@.. ....................... F...........`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x85e000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:	0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8BC8B5068Ah
xadd byte ptr [edx], bl
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [ecx], cl
or al, byte ptr [eax]
add byte ptr [edx], cl
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8055	0x69	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6000	0x59c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x81f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x2000	0x4000	0x1200	d00a2f5e9133b6f2048a25009c859d7d	False	0.9333767361111112	data	7.793003233433282	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6000	0x59c	0x600	aae15e30898a02f09cc86ed48aa06b09	False	0.4140625	data	4.036947054771808	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x8000	0x2000	0x200	ec9cb51e8cb4ea49a56ee3cf434fb69e	False	0.1484375	data	0.9342685949460681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0xa000	0x2aa000	0x200	511bdd3149e8e1d7304e3decd78c6a26	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
pjhuoolz	0x2b4000	0x1a8000	0x1a8000	1089144a9e008702fa9b1d11887f28e7	False	0.9949726608564269	data	7.953486757782369	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
qstkvopw	0x45c000	0x2000	0x400	5786ea4b03434e7b0154f72a8fad1644	False	0.7607421875	data	6.0345463394015	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x45e000	0x4000	0x2200	4db27f9ea0830f3a7063667e50dbdb9c	False	0.06307444852941177	DOS executable (COM)	0.7589166471292902	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x6090	0x30c	data			0.42948717948717946
RT_MANIFEST	0x63ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
kernel32.dll	lstrcpy

Target ID:	0
Start time:	01:38:58
Start date:	20/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x440000
File size:	1'761'792 bytes
MD5 hash:	10EAFE2A4F1E6519328FB587A645C8D7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	2.9%
Signature Coverage:	3.4%
Total number of Nodes:	412
Total number of Limit Nodes:	27

Executed Functions

Function 00629EAE Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE(?,-11E85FEC), ref: 00629EBA
VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 00629F1B

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: ad4e40d16a7371c0c6e3f533235499a237878415a3bc56bb8622613e77c6405c
Instruction ID: fc487b0b005eeb3586e7e8d1e703d2a24211dd40668214910acb3bfaf5dc1291
Opcode Fuzzy Hash: ad4e40d16a7371c0c6e3f533235499a237878415a3bc56bb8622613e77c6405c
Instruction Fuzzy Hash: 214121B5D00606ABD325DFA0D845FD6B7ACFF08740F11006AA607CD9C2E7B295D58FA5

Function 0061F3E7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,?), ref: 0061F4F8
LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 0061F50C

Strings

1002, xrefs: 0061F4C2
.exe, xrefs: 0061F453
.dll, xrefs: 0061F42F

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: .dll$.exe$1002
API String ID: 1029625771-847511843
Opcode ID: d5639ba77966015ac4395deeaa191c3ee268d1369fbaaffe1f4f3f6589367195
Instruction ID: 304911420fdafd66d6d3dfc6356186e66cdb9f17c4823f5a04f84bf7b50aef63
Opcode Fuzzy Hash: d5639ba77966015ac4395deeaa191c3ee268d1369fbaaffe1f4f3f6589367195
Instruction Fuzzy Hash: C2317A71904115AFCF25AF50E904AEE7BB7FF04340F188169F80296262CB719AE1EBA5

Function 0061F8ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,0061F87F,?,00000000,00000000), ref: 0061F9AA
GetModuleHandleA.KERNEL32(00000000,?,?,?,0061F87F,?,00000000,00000000), ref: 0061F9B8

Strings

.dll, xrefs: 0061F920

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: HandleModule
String ID: .dll
API String ID: 4139908857-2738580789
Opcode ID: 558eab593aa41c730683058aeaf0a2db935d791786083cd359098f14830d2289
Instruction ID: 49277452ddb0b4abda7abb0bc8544bec19d25c2e8409971fb1c5803159c2657e
Opcode Fuzzy Hash: 558eab593aa41c730683058aeaf0a2db935d791786083cd359098f14830d2289
Instruction Fuzzy Hash: A7113C31104606FEEB31EF24D908BDC7AB2FF50345F5C4639A802886D0DBB699D5DA91

Function 00622247 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(0106128C,-11E85FEC), ref: 006222C0
GetFileAttributesA.KERNEL32(00000000,-11E85FEC), ref: 006222CE

Strings

@, xrefs: 00622273

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AttributesFile
String ID: @
API String ID: 3188754299-2726393805
Opcode ID: 4dfb3b802ce36e57f238de37849ae512d3d9d478e3a4758936f803e95de69609
Instruction ID: ae45f37c2115d955d4106c4a723e7cea995ca159e4f7c8f7cd020f5c790de166
Opcode Fuzzy Hash: 4dfb3b802ce36e57f238de37849ae512d3d9d478e3a4758936f803e95de69609
Instruction Fuzzy Hash: 1D01D131906A27FAEB21DF54E929BDC7E72EF00304F244064E40265590C7B28BC2EF44

Function 0061E2C7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathAddExtensionA.KERNELBASE(?,00000000), ref: 0061E329

Strings

\\?\, xrefs: 0061E384

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: ExtensionPath
String ID: \\?\
API String ID: 158807944-4282027825
Opcode ID: 50c214a1e0b690fb4a8c59dd0ecaabe47a25fa7acee8f58ed01814dc9803b36a
Instruction ID: 78bc684ab7d41b41989f1d6823e8d47d65dd93f92a9486dfcb1fd1f8884a73c5
Opcode Fuzzy Hash: 50c214a1e0b690fb4a8c59dd0ecaabe47a25fa7acee8f58ed01814dc9803b36a
Instruction Fuzzy Hash: 45313E3590020ABFDF21DFA4C809BDEBBB6BF54704F084054F902951A0E7B2DAA1DB54

Function 0061F9D6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0061DD14: GetCurrentThreadId.KERNEL32 ref: 0061DD23

GetModuleHandleExA.KERNELBASE(?,?,?), ref: 0061FA3A

Strings

.dll, xrefs: 0061F9F7

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: CurrentHandleModuleThread
String ID: .dll
API String ID: 2752942033-2738580789
Opcode ID: fbd5d7e227241d90daba65895303e87875bb3ca796875e6afdf119951b25dedc
Instruction ID: e404e117c6b6b89ac566a4ea050bd46a6caf621bc50bd14713467f4519d700a5
Opcode Fuzzy Hash: fbd5d7e227241d90daba65895303e87875bb3ca796875e6afdf119951b25dedc
Instruction Fuzzy Hash: 4FF06D72200605EFDB10DF64D845BE93BB6FF14310F188064FE0989152CB36C5D1AB60

Function 006ABA04 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 006ABF69

Strings

V, xrefs: 006ABF3A

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID: V
API String ID: 544645111-1342839628
Opcode ID: b718c5c30d29b9b3714ad9a655360b0abc87bd4a8ebc10ceea35bc1a844820e3
Instruction ID: 9cf4137379c590479834b3d9ff93b0065d0e9913216c668d936b09406af20c7e
Opcode Fuzzy Hash: b718c5c30d29b9b3714ad9a655360b0abc87bd4a8ebc10ceea35bc1a844820e3
Instruction Fuzzy Hash: 44F054B100421EABEB12AF45DC41FAF7795EF1A300F844025AB5156992E6271E319E5E

Function 00622463 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(0106128C,?,?,-11E85FEC,?,?,?,-11E85FEC,?), ref: 00622515

Part of subcall function 00622415: IsBadWritePtr.KERNEL32(?,00000004), ref: 00622423

CreateFileA.KERNEL32(?,?,?,-11E85FEC,?,?,?,-11E85FEC,?), ref: 00622535

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: CreateFile$Write
String ID:
API String ID: 1125675974-0
Opcode ID: cfef12f5a19eafbfe725e0ad760de7aa02a7166c87fe6cde086842e6b50f3ab4
Instruction ID: 5993291c57b3cba6ae2446c9248a4d1a9f06fa7e788f439ccbe9e130b322a50f
Opcode Fuzzy Hash: cfef12f5a19eafbfe725e0ad760de7aa02a7166c87fe6cde086842e6b50f3ab4
Instruction Fuzzy Hash: 2411D63140496BFADF22AF90ED25BDE7EA3BF14344F148015BD0564160D7B689A1EF91

Function 00621DCF Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0061DD14: GetCurrentThreadId.KERNEL32 ref: 0061DD23

GetCurrentProcess.KERNEL32(-11E85FEC), ref: 00621DDC
DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00621E42

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: Current$DuplicateHandleProcessThread
String ID:
API String ID: 3748180921-0
Opcode ID: feeeb586c37d4330d9d0d6f67082802791116e87a20fe94bec373aafbc1df5f9
Instruction ID: c8271763d469e30c42a98d7d8b547dcdc8ced1d791ad67c0881c8d3fa792c112
Opcode Fuzzy Hash: feeeb586c37d4330d9d0d6f67082802791116e87a20fe94bec373aafbc1df5f9
Instruction Fuzzy Hash: C6014B3290445BFB8F12AFA4EC05CEE3B76FF6A354B098115FD4298010C732C0A2EB61

Function 0062A8DA Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e50f3ac298441974df153dfde79fa627d66869316f06036462c6323276952e2
Instruction ID: 943d59205fb91767de143153a2475c9e6123b47e0ffd15c8b1daa5690c4c3b84
Opcode Fuzzy Hash: 2e50f3ac298441974df153dfde79fa627d66869316f06036462c6323276952e2
Instruction Fuzzy Hash: ED416B72D04926EFDB25CF95E904BAA7BB2FF04710F258054E902AA681D3B1ADD1CF52

Function 0062044E Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 00620503

Part of subcall function 0061DDF2: RtlAllocateHeap.NTDLL(00000000,00000000,0061DA9B,?,?,0061DA9B,00000008), ref: 0061DE0C

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AllocateCreateFileHeap
String ID:
API String ID: 3125202945-0
Opcode ID: e76cf6c08984b9c3b9c9a2dcba4262cc7d24707516cbe24689a3fc207eb2479c
Instruction ID: f09900d6cc625c579965f4cf455f057f5be00660bbae7ec3d1dc560a562dbe30
Opcode Fuzzy Hash: e76cf6c08984b9c3b9c9a2dcba4262cc7d24707516cbe24689a3fc207eb2479c
Instruction Fuzzy Hash: 88319071900208FBEB20DF64ED45FDEBBB9EF04714F208169F905AA191C7719A92DF14

Function 0061FC6A Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0061DDF2: RtlAllocateHeap.NTDLL(00000000,00000000,0061DA9B,?,?,0061DA9B,00000008), ref: 0061DE0C

CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 0061FCEC

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AllocateCreateFileHeap
String ID:
API String ID: 3125202945-0
Opcode ID: 8c06eb0acb923ab1f322e904a9dda9ff590555beed8f36847f59f0e28101d95d
Instruction ID: d1e6b9363feed780f7bd19c85de32c377460fb624844a104a1b78a263cfb1df2
Opcode Fuzzy Hash: 8c06eb0acb923ab1f322e904a9dda9ff590555beed8f36847f59f0e28101d95d
Instruction Fuzzy Hash: 47319571A40204BEEB30DF64DC45FD9B7B9EF04724F244369FA15EA1D1C371A5829B54

Function 0062A627 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,?), ref: 0062A6D4

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: d4d37972cf365e9cc66413434a0f22ed6784689b7545c2f6c06e4adb63b0ce39
Instruction ID: eebe5fd571f1ade97ae7bf90de627606333c7d4eb3d94a7bface2c2eec9c97d8
Opcode Fuzzy Hash: d4d37972cf365e9cc66413434a0f22ed6784689b7545c2f6c06e4adb63b0ce39
Instruction Fuzzy Hash: 6011E979A05A349FEB308A44EC48BEA737DEF04750F1440D5E805A2240D7F59DC08EEB

Function 04FF0D48 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04FF0DCD

Memory Dump Source

Source File: 00000000.00000002.1828464946.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: e869c1d7d6e5f3de2b0d15c814698d2eeee7df7fcc22dcd0a08ed97d70d56ff3
Instruction ID: c64cad018cdeb6a43e7217427715086da1473594940d4568bc10c455dd1ac746
Opcode Fuzzy Hash: e869c1d7d6e5f3de2b0d15c814698d2eeee7df7fcc22dcd0a08ed97d70d56ff3
Instruction Fuzzy Hash: 492133B6C01218DFCB10CF99D884ADEFBF4EF88320F14812AD908AB215DB34A541CBA4

Function 04FF0D41 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 04FF0DCD

Memory Dump Source

Source File: 00000000.00000002.1828464946.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_file.jbxd

Similarity

API ID: ManagerOpen
String ID:
API String ID: 1889721586-0
Opcode ID: 52807923fd96622290f5241a4bebf6ea390344edb49a2ccf0e177170cdbf038a
Instruction ID: 37ddd8903c23549d0cc404edc8922d3c8769ecbac2a6cd1c0afd11d01700d584
Opcode Fuzzy Hash: 52807923fd96622290f5241a4bebf6ea390344edb49a2ccf0e177170cdbf038a
Instruction Fuzzy Hash: D82138B6D01209DFCB40CF99D9846DEFBF1EF88320F14812AD908AB215DB34A542CFA4

Function 04FF1510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04FF1580

Memory Dump Source

Source File: 00000000.00000002.1828464946.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 0c1f9a39a9fb333a38d2b05f329ea7d6be22941a313a2f79a0e3f673abe455cb
Instruction ID: 3cb0e1ee603137c0ef6b15e61a6d0618399f4bab6c8fbb3a18c468129bd38c2f
Opcode Fuzzy Hash: 0c1f9a39a9fb333a38d2b05f329ea7d6be22941a313a2f79a0e3f673abe455cb
Instruction Fuzzy Hash: E811E4B1D00249DFDB10CF9AC984BDEFBF4EB48324F148429E559A7250D378AA45CFA5

Function 00622F9B Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0061DD14: GetCurrentThreadId.KERNEL32 ref: 0061DD23

MapViewOfFileEx.KERNELBASE(?,?,?,?,?,?,-11E85FEC), ref: 00623022

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: CurrentFileThreadView
String ID:
API String ID: 1949693742-0
Opcode ID: 31043bc194fa414836fbcec695c348410d19d70be833ac4e24415eb71547f29d
Instruction ID: 423b4d87bfa4d618934b506de2bbdecd1d3378e502c7e9b973fdc9d1a8f418dc
Opcode Fuzzy Hash: 31043bc194fa414836fbcec695c348410d19d70be833ac4e24415eb71547f29d
Instruction Fuzzy Hash: 8A11E83250456AFACF12AFA4ED05DDE3A77EF54344B084415FA0255161C73AC5B2EF61

Function 04FF1509 Relevance: 1.6, APIs: 1, Instructions: 51serviceCOMMON

Download Yara Rule

APIs

ControlService.ADVAPI32(?,?,?), ref: 04FF1580

Memory Dump Source

Source File: 00000000.00000002.1828464946.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_file.jbxd

Similarity

API ID: ControlService
String ID:
API String ID: 253159669-0
Opcode ID: 31bb259f73418b56e5cf6e0a65502f11ce4fe4af0734b0f343edbbbc0f57ccc6
Instruction ID: 6e6d153255f9b2228dbfcf07fe24b0681f60cf47f4126ce97e56261bf8c63177
Opcode Fuzzy Hash: 31bb259f73418b56e5cf6e0a65502f11ce4fe4af0734b0f343edbbbc0f57ccc6
Instruction Fuzzy Hash: F61112B6D00209CFDB10CF9AC584BDEFBF0AB48320F14842AD959A7250D778AA45CFA5

Function 00622D83 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 6c78bd0d6a08c784f92d33336100b8c10f32a7df7b2362384e9bd08aa20d6397
Instruction ID: 0800a80ca218568e5bace4c9d3445827cb2dab74378646d09cdf9df6bbd443ac
Opcode Fuzzy Hash: 6c78bd0d6a08c784f92d33336100b8c10f32a7df7b2362384e9bd08aa20d6397
Instruction Fuzzy Hash: DA115B3250051AFADF12AFA4EC19EDE3B77BF44344F088818F94256161C776CAA2EF60

Function 04FF1301 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04FF1367

Memory Dump Source

Source File: 00000000.00000002.1828464946.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 59e86b16ff6dca57146eb5febd50102c385b04746a3bff8d67ebb959762c8d16
Instruction ID: e4699d631262cf2d8b9e63d9fb107fc573e774fe3b56749bfb0fc15bbeec4656
Opcode Fuzzy Hash: 59e86b16ff6dca57146eb5febd50102c385b04746a3bff8d67ebb959762c8d16
Instruction Fuzzy Hash: A31188B1800249CFDB10CFAAD985BDEFBF4EF48324F20842AD558A3250C778A945CFA5

Function 04FF1308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ImpersonateLoggedOnUser.KERNELBASE ref: 04FF1367

Memory Dump Source

Source File: 00000000.00000002.1828464946.0000000004FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4ff0000_file.jbxd

Similarity

API ID: ImpersonateLoggedUser
String ID:
API String ID: 2216092060-0
Opcode ID: 8f37aed405298e2a14d1684771dcfac17c04fd4e6d21e6f6b26e60398f1a1651
Instruction ID: f9216b759fd36ed0758ba1a678c41d644f566e4ae77f967283aa6068c489d677
Opcode Fuzzy Hash: 8f37aed405298e2a14d1684771dcfac17c04fd4e6d21e6f6b26e60398f1a1651
Instruction Fuzzy Hash: 901145B1800249CFDB10CF9AC944BDEFBF8EF48324F20842AD558A3250D778A984CFA5

Function 00622667 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0061DD14: GetCurrentThreadId.KERNEL32 ref: 0061DD23

ReadFile.KERNELBASE(?,00000000,?,00000400,?,-11E85FEC,?,?,00620396,?,?,00000400,?,00000000,?,00000000), ref: 006226D3

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: CurrentFileReadThread
String ID:
API String ID: 2348311434-0
Opcode ID: 910245874b188dfbcd59276778747d84fae150d6a441112bf187c34a480e3f9c
Instruction ID: c9dbb1ef5c849445da4202573182dbaea58326ed712eebe6dc23795ca5adbe57
Opcode Fuzzy Hash: 910245874b188dfbcd59276778747d84fae150d6a441112bf187c34a480e3f9c
Instruction Fuzzy Hash: 1BF0F63310045ABFCF129FA8EC15DDE3B27EF59340B188015F90255125CB32C4A2EB61

Function 0061DDF2 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000000,0061DA9B,?,?,0061DA9B,00000008), ref: 0061DE0C

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0e5ded26081351def0c435f87539f5ba8835383c49ef6a1e6320752708b7fe82
Instruction ID: 298751fd84d71b27353e487a63320c937f99579455f146a2e68d6a6ba346509f
Opcode Fuzzy Hash: 0e5ded26081351def0c435f87539f5ba8835383c49ef6a1e6320752708b7fe82
Instruction Fuzzy Hash: 8FD01272604205B7CA305F5ADC0EFDF7E7CEB95F91F000125F50295084E7A5E161C9B4

Function 0061DEE5 Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

lstrcmpiA.KERNEL32(?,?), ref: 0061DF49

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: 3559a3702d78ea75c6e57d8fcccc5b573d88cc45776e83a045269787d31234eb
Instruction ID: 72be7797892aef8bde9cc9d1d126528538dc1951c3784b02b2f1ffc9e34ac2a6
Opcode Fuzzy Hash: 3559a3702d78ea75c6e57d8fcccc5b573d88cc45776e83a045269787d31234eb
Instruction Fuzzy Hash: FD011632A04209BFCF119FA4CC05DCEBB77EF48740F0440A5B802A5164E73296A2DF64

Function 0062A251 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,0062A24D,?,?,00629F53,?,?,00629F53,?,?,00629F53), ref: 0062A271

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7dfd3250894f689374be99b28b605a7cb3ff92e4a30a1c1d86f4ab591566c857
Instruction ID: cfbfd9a7173d7defc788196e304fc6db2e27806544d67bb9818b77f45a0e9f4a
Opcode Fuzzy Hash: 7dfd3250894f689374be99b28b605a7cb3ff92e4a30a1c1d86f4ab591566c857
Instruction Fuzzy Hash: 6AF0F4B1A00605EFD7208F44CC05B99BBB1FF44761F118029F54A9B290E3B298C0CF90

Function 00620A68 Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 0061DD14: GetCurrentThreadId.KERNEL32 ref: 0061DD23

CloseHandle.KERNELBASE(0062042B,-11E85FEC,?,?,0062042B,?), ref: 00620AA6

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: CloseCurrentHandleThread
String ID:
API String ID: 3305057742-0
Opcode ID: 50643399174a485b5e58a2ad32e35d20e261597fe6cea653c9c69885208cc47a
Instruction ID: 4d1e6cb1c8095928252b4470a0b18c466cf99ba9822daaf28e1c5acc44a89056
Opcode Fuzzy Hash: 50643399174a485b5e58a2ad32e35d20e261597fe6cea653c9c69885208cc47a
Instruction Fuzzy Hash: 9CE04F62604656A6DE50AB78E809DCE3A2BDF91744708812AB40386057DA66C0D6E764

Function 0044E2A1 Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 0044EFEF

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ee75854647c70c5537254c069b7023667ddcd4b62ae11f47d6b9627145e1c39f
Instruction ID: cc6bc0d28ce2abaee05c103152570c233f5bd000f6553dd20ea812a8d8f65319
Opcode Fuzzy Hash: ee75854647c70c5537254c069b7023667ddcd4b62ae11f47d6b9627145e1c39f
Instruction Fuzzy Hash: 98E0927510870D9BEB143F7984096AEBBA0FF14310F514619EAB282A90EB3559A4AA1B

Function 0044E469 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 0044E46E

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0dda27ed1d5ec2894c946a49ee070a52c3459b300c3310126767798af60ea46a
Instruction ID: 476b3cd753c9489c159654031396b0fbaa56481ad4b22f0d0193e21365195948
Opcode Fuzzy Hash: 0dda27ed1d5ec2894c946a49ee070a52c3459b300c3310126767798af60ea46a
Instruction Fuzzy Hash: 5EC012F04082098AFB003F3881093BEBAE0FB20300F21052ADA8651980E2354869DA0B

Function 0061FB2D Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,0061DBB3,?,?), ref: 0061FB33

Memory Dump Source

Source File: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 120e412e252f42c295dcccab36088a4344788dead6c435e5cf17964b4133f235
Instruction ID: 66b6458e5fcc24b774868f458d9e279449b5562469f6eec0384e372c7aa83d44
Opcode Fuzzy Hash: 120e412e252f42c295dcccab36088a4344788dead6c435e5cf17964b4133f235
Instruction Fuzzy Hash: FEB0923210010DBBCF51BFD1DC0688DBF6ABF11398B04C120F90A540319B76EAA1AB94

Non-executed Functions

Function 005C1352 Relevance: 14.1, Strings: 10, Instructions: 1646COMMON

Download Yara Rule

Strings

w&{}, xrefs: 005C13BD
7_S1, xrefs: 005C1F45
C], xrefs: 005C2229
wy, xrefs: 005C14FF
k1, xrefs: 005C1C3C
C], xrefs: 005C223D
A,=U, xrefs: 005C13A2
Cvv], xrefs: 005C151A
/', xrefs: 005C18D7
E/), xrefs: 005C2544

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 7_S1$A,=U$Cvv]$E/)$k1$w&{}$wy$C]$C]$/'
API String ID: 0-3410442161
Opcode ID: 158bbc62216eb74853504830731af07e93976b8d5f725c68e4bedefb869a209c
Instruction ID: f900bcbedcaee2d8ccfba13ad3254133cf4d7b9ad8bc26cd9101ece8caac02dc
Opcode Fuzzy Hash: 158bbc62216eb74853504830731af07e93976b8d5f725c68e4bedefb869a209c
Instruction Fuzzy Hash: 68B2FAF3A0C2109FE314AE2DEC8567AB7E9EF94720F16863DEAC4D3744E63558018796

Function 005BC20B Relevance: 10.4, Strings: 7, Instructions: 1605COMMON

Download Yara Rule

Strings

'~|>, xrefs: 005BC484
[3[_, xrefs: 005BD3EF
M.6E, xrefs: 005BD1C5
{4y6, xrefs: 005BD30E
2 i5, xrefs: 005BD1F4
[3[_, xrefs: 005BD394
0&, xrefs: 005BC675

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: '~|>$0&$2 i5$M.6E$[3[_$[3[_${4y6
API String ID: 0-4068904962
Opcode ID: 9f86cedb82cd0260f0420ef9289344b3373afec0aab46686817f99bd02aacff9
Instruction ID: 3bf858f2ec4cd979e5ddd24b5988feee3bbdac0a143670711912863b5e211057
Opcode Fuzzy Hash: 9f86cedb82cd0260f0420ef9289344b3373afec0aab46686817f99bd02aacff9
Instruction Fuzzy Hash: 95B227F390C304AFE3046E2DEC8567AFBE9EF94720F16863DE6C583744EA3558058696

Function 005B2228 Relevance: 10.3, Strings: 7, Instructions: 1549COMMON

Download Yara Rule

Strings

(w|, xrefs: 005B3145
Uyn, xrefs: 005B2AA0
rR-, xrefs: 005B24E7
bj?], xrefs: 005B2493
q?~_, xrefs: 005B2B7E
SQw, xrefs: 005B333D
:1o+, xrefs: 005B3362

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: (w|$:1o+$SQw$Uyn$bj?]$q?~_$rR-
API String ID: 0-2613299010
Opcode ID: 1f8ab5398f41666e7eb1b0926cafaf2d6f8407b64772c026bda2b6edaa950f9f
Instruction ID: 6267a6cd7dc3e7fbdf718932c4a32f4a4212d0116cf18e619f1673799f0a4dd6
Opcode Fuzzy Hash: 1f8ab5398f41666e7eb1b0926cafaf2d6f8407b64772c026bda2b6edaa950f9f
Instruction Fuzzy Hash: 32A2F5F36082009FE704AF29EC8567ABBE5EF94720F16893DE6C4C7344EA3598058697

Function 005B7285 Relevance: 2.9, Strings: 1, Instructions: 1650COMMON

Download Yara Rule

Strings

TG~k, xrefs: 005B7CBC

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: TG~k
API String ID: 0-2065838084
Opcode ID: f2e71d0f9f845771d019b6eab18a2c1e7803e8377f52e9a3cac01e6cf20211fd
Instruction ID: 1d1bf4a0fe4108ba83f09d8eddda24d8978737e2706eda50c3bd8778bc8101d1
Opcode Fuzzy Hash: f2e71d0f9f845771d019b6eab18a2c1e7803e8377f52e9a3cac01e6cf20211fd
Instruction Fuzzy Hash: F2B207F3A082049FE304AE2DDC8577ABBE9EF98720F16493DEAC4C3744E93558058697

Function 0045F005 Relevance: 1.8, Strings: 1, Instructions: 526COMMON

Download Yara Rule

Strings

r., xrefs: 0045F685

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: r.
API String ID: 0-17453456
Opcode ID: fd599c257f9d9820813010d8888aea9cb666823da1bdcf9e46d220c6e62cf1da
Instruction ID: a7e5b73ea56f21b1a8957503c5108084f8431ed50b9444a9fd8ac26d544b022e
Opcode Fuzzy Hash: fd599c257f9d9820813010d8888aea9cb666823da1bdcf9e46d220c6e62cf1da
Instruction Fuzzy Hash: 5302ACF3F142244BF3444969DC88366B6D2EBD5320F2B863C9B88A77C5D97E9C0A4385

Function 00593184 Relevance: 1.7, Strings: 1, Instructions: 490COMMON

Download Yara Rule

Strings

cS, xrefs: 005937EF

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: cS
API String ID: 0-1626245469
Opcode ID: 018e386ae3ef724778ea0db0f53d9df18dae330afe3b529b21ad4d240661ea73
Instruction ID: 7a11d49d2a2781771864aa5f77662492d042bf0a448dedb559a3e17facefa29b
Opcode Fuzzy Hash: 018e386ae3ef724778ea0db0f53d9df18dae330afe3b529b21ad4d240661ea73
Instruction Fuzzy Hash: DBF1C3B3F142108BF3548E29CC95366B6D2EB95324F2F863CDA88977C4D97E9C098785

Function 0054927B Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

LN, xrefs: 005496E7

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: LN
API String ID: 0-1386821167
Opcode ID: 2ea1459f39b059c4031658968709d14f598f8d544e09427e8561dae67f1c491d
Instruction ID: 278e61e0a0ad7ceb406eef280e2c3495406cc6d6ef7e69316266647cd5de3b42
Opcode Fuzzy Hash: 2ea1459f39b059c4031658968709d14f598f8d544e09427e8561dae67f1c491d
Instruction Fuzzy Hash: B2E1DEB3F112254BF3444D69DC84366B697EBD5324F2B82399A88E77C8DD7E9C0A4384

Function 00591139 Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

!N|~, xrefs: 00591571

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: !N|~
API String ID: 0-2012863820
Opcode ID: 70d5e139a3c511b51f0f30ace6001a4d07a552ceaa3db322d84098d6257aa135
Instruction ID: 4859fa97446173a1604a8ab6258ec8730c17582af37c69c2d1a4ae2fd85ac314
Opcode Fuzzy Hash: 70d5e139a3c511b51f0f30ace6001a4d07a552ceaa3db322d84098d6257aa135
Instruction Fuzzy Hash: 05D1D2F3E142148BF3485E29DC94366B6D2EB94310F2B853DDBC9973C4DA7E58098786

Function 004B62D4 Relevance: 1.6, Strings: 1, Instructions: 329COMMON

Download Yara Rule

Strings

G;,U, xrefs: 004B6654

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: G;,U
API String ID: 0-763984700
Opcode ID: c3df63f865e9fb9b79f6bbf942d42f142205f03a91dc3c3b14f50b55cdc2043a
Instruction ID: 6f07c2bcc16b7097758e74d6c0388b045041793c4f36bebccefd28ba978391ed
Opcode Fuzzy Hash: c3df63f865e9fb9b79f6bbf942d42f142205f03a91dc3c3b14f50b55cdc2043a
Instruction Fuzzy Hash: AEB17CB3F1122547F3444978CD983A266839BD4324F2F82788E5D6BBC9DD7E9D0A5384

Function 004EF1D4 Relevance: 1.6, Strings: 1, Instructions: 323COMMON

Download Yara Rule

Strings

^, xrefs: 004EF45B

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: ^
API String ID: 0-1590793086
Opcode ID: edc0d8efafc40b9c5802972594b0a038c47b178fe482dae284dddf1d0bc5c0c8
Instruction ID: 2c345d3461d178601c45cfa53a20d5c16b64b2c43b37ea2efd23308c1e75974a
Opcode Fuzzy Hash: edc0d8efafc40b9c5802972594b0a038c47b178fe482dae284dddf1d0bc5c0c8
Instruction Fuzzy Hash: B6B19CB3F216214BF3584939DC983626683EB95314F2F82788F48AB7C5DC7E9D0A5384

Function 004BF3E9 Relevance: 1.6, Strings: 1, Instructions: 319COMMON

Download Yara Rule

Strings

\[}4, xrefs: 004BF6BB

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: \[}4
API String ID: 0-2069060953
Opcode ID: bcade92adc52109ae4e36fe91298f4d3e1aeda307a9be823175cab333aa3dbf4
Instruction ID: 76d9ff2e75dff1bd62df08379e44b8cd426f97f6c142c5aca7e0fce3f00dd1d9
Opcode Fuzzy Hash: bcade92adc52109ae4e36fe91298f4d3e1aeda307a9be823175cab333aa3dbf4
Instruction Fuzzy Hash: F4B19FB3F1022547F3584D78CD983626642DB95324F2F82788F996BBC5DC7E9D0A5388

Function 0056A3C6 Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

^, xrefs: 0056A4A5

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: ^
API String ID: 0-1590793086
Opcode ID: 1b7c8c08afd0771ac190db56ed0d98c060d815666b9cf0ff06d3fa1bda684b56
Instruction ID: 99f16d24b89f62f8f92a01c4d5c17c655513fa02327e74d16525caeaa1d3b889
Opcode Fuzzy Hash: 1b7c8c08afd0771ac190db56ed0d98c060d815666b9cf0ff06d3fa1bda684b56
Instruction Fuzzy Hash: E7A16DB3F112244BF3984929CC593627693EBD5310F2EC2788E49AB7D8CC7E5D4A5788

Function 004ED278 Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

i, xrefs: 004ED414

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: i
API String ID: 0-3865851505
Opcode ID: 322fb78ecf35dcd7d09d49d31c5f32556333a53410ccb037675de8ad12310305
Instruction ID: 28af483edf586dbe3fcb99a24ff0f02b64b52917bb0e181e83a090513d6a0ae0
Opcode Fuzzy Hash: 322fb78ecf35dcd7d09d49d31c5f32556333a53410ccb037675de8ad12310305
Instruction Fuzzy Hash: 74A1AEB3F1163547F3544968CC68362A583AB91324F2F82788E9DAB7C5DD7E9C0943C4

Function 00569282 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

a, xrefs: 0056944C

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: 6f983be9117b1dd212dcaf748a6171561c5a464e147a287fb174b5f7aa41b4b4
Instruction ID: abd7439ca1927bd25e365cf6dc8f8504c0d9e0bdac83075a1b7cb16417e69209
Opcode Fuzzy Hash: 6f983be9117b1dd212dcaf748a6171561c5a464e147a287fb174b5f7aa41b4b4
Instruction Fuzzy Hash: 3A815BB3F1122587F7844929CC983A17683ABD5320F2F81788E8D6B7D5DD7E6D0A9384

Function 00487136 Relevance: 1.5, Strings: 1, Instructions: 206COMMON

Download Yara Rule

Strings

0_G*, xrefs: 004872F5

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: 0_G*
API String ID: 0-3524025892
Opcode ID: f30d41d9a6bfd682bf7343dc8cbae7fca0b714c28ec6619ad6787f1e158e2ba8
Instruction ID: 59a3b724cbc83fe5812b8fab6e6353806456cbc9ae8ca7c1bc91025f7c53771b
Opcode Fuzzy Hash: f30d41d9a6bfd682bf7343dc8cbae7fca0b714c28ec6619ad6787f1e158e2ba8
Instruction Fuzzy Hash: 426190F3F6063547F3580938CC943A66682DBA5320F2F82794E69AB7C5D97E9C0953C4

Function 004EA0F1 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

v, xrefs: 004EA19D

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: v
API String ID: 0-1801730948
Opcode ID: d05b2498bde1fa4d9c8c72c37316a54ed363f0098e1b162cb0d9f73f80436a71
Instruction ID: 79041b98b4c91ed0ef45ef550c1c19c6befa481a0522f70335a50124ba0ccb56
Opcode Fuzzy Hash: d05b2498bde1fa4d9c8c72c37316a54ed363f0098e1b162cb0d9f73f80436a71
Instruction Fuzzy Hash: E2617EB3F112258BF3504E69CC44361B293AB95721F2F82788E8C6B7C5E97E6D1993C4

Function 0044E065 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

V, xrefs: 0044E214

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 9a615b6c5999890156d522d6addb70ff9c5ab03c1820b48ad772439712b32142
Instruction ID: d3eb0056fa5974c41997e50ca59227c7b3d6018418c638f5c3196ae8c27ab16b
Opcode Fuzzy Hash: 9a615b6c5999890156d522d6addb70ff9c5ab03c1820b48ad772439712b32142
Instruction Fuzzy Hash: 535178B210C2499FF7029F2AC9411FF7BE5FF96320F24446FD98287A02E2394D16975A

Function 004C9173 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

pn, xrefs: 004C91A7

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID: pn
API String ID: 0-2217640427
Opcode ID: 7870069a3f2e9f68e5f19b3366a44817ffc52e00bbbf59e8173ec9bbc5e3c9eb
Instruction ID: a8943607111f603e4d7a2f0f590d49c69bf0aaef12c031f1bbf00b793cadcbfd
Opcode Fuzzy Hash: 7870069a3f2e9f68e5f19b3366a44817ffc52e00bbbf59e8173ec9bbc5e3c9eb
Instruction Fuzzy Hash: 443128B3E182145BF3489969DCC5766B7DAEB99320F27463C9A99E73C0EC781C014292

Function 004693EA Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a73f56ad1e8ffea47406e3055487b646c488dec57f7e4ec3956ac9223b37ec2
Instruction ID: 1c5061d4d346bbd5187c23cebf8ed7e22b814053217ba347c8129033a22d1312
Opcode Fuzzy Hash: 8a73f56ad1e8ffea47406e3055487b646c488dec57f7e4ec3956ac9223b37ec2
Instruction Fuzzy Hash: 2702B0F7E156204BF3544E28DC98366B6D2EB94324F2B823D8E88A77C5D97E5C0983C5

Function 00526054 Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5dc4876ca9d675859a3cf3e58d77ee28a8bb5c97eba7819b076810c9b45ea26
Instruction ID: 381e7ac1bc4d407028fce71faf72582aeea03b80d8a93c5ca145d5341f676250
Opcode Fuzzy Hash: e5dc4876ca9d675859a3cf3e58d77ee28a8bb5c97eba7819b076810c9b45ea26
Instruction Fuzzy Hash: CD02AFB7F106204BF7484939DD983666682EBD5324F2F823C9E99AB7C9DC7D5C0A4284

Function 00478379 Relevance: .5, Instructions: 496COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d7aa68ca70c591a9084a91ac89d78c9eadc3e016d3c64eba1734d9f4596418e
Instruction ID: 93cc524e0414da51005d21151bebc8d7707bfafb14ae33e419800a12a133a129
Opcode Fuzzy Hash: 5d7aa68ca70c591a9084a91ac89d78c9eadc3e016d3c64eba1734d9f4596418e
Instruction Fuzzy Hash: 10F1AFB3F116208BF3545A29DC843A6B693EBD4320F2F853C9E88977C4E97E5C469385

Function 005002FA Relevance: .5, Instructions: 491COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3d3c317d00f522b8f3cf047e66b590110415f190156a8c9fa87171cfe0b341f
Instruction ID: 506eefb4620bdfe656de0bf14afaf5f4a132577762a072aed50d6f8e0926c84e
Opcode Fuzzy Hash: c3d3c317d00f522b8f3cf047e66b590110415f190156a8c9fa87171cfe0b341f
Instruction Fuzzy Hash: E7F1ABF3E146244BF3544979DC99366B682EB94320F2F823C9E98A77C5EC7E9D094384

Function 004622CB Relevance: .4, Instructions: 438COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5143f9ddb6c5559e9abf237a2d3921bcf6202cfdfdf17042ce4bd09420e05c36
Instruction ID: dc6e69ab6b7b3afaadd0baff247b172f636a148fcdf949d40486352772af16a2
Opcode Fuzzy Hash: 5143f9ddb6c5559e9abf237a2d3921bcf6202cfdfdf17042ce4bd09420e05c36
Instruction Fuzzy Hash: C4E104F3F142148BF3445E28DC84366B7D6EB94720F2A853DDA88A77C4DA7E9C058785

Function 0047C3E3 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69808c96d1c31ace3680df49c6f1511611ed3d4d7eec754d9f7e08eb16c5b8cf
Instruction ID: b0baa4f659b79b5faa345b7646fc69d77291313d2de014c3ca627d04aa217d2a
Opcode Fuzzy Hash: 69808c96d1c31ace3680df49c6f1511611ed3d4d7eec754d9f7e08eb16c5b8cf
Instruction Fuzzy Hash: 59E1F1F3E042104BF3509E29DC84366B696EBD4321F2B863DDA98E77C4D97E9C068785

Function 00599397 Relevance: .4, Instructions: 434COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32f0d610bb820d07e107b0591ccab2c4e14d17739e343aad115f07fb98dde465
Instruction ID: 36b5511872e91d40a34812a0ea6cc7b1b0d55fdc523a28f3dcb04207cb39cb02
Opcode Fuzzy Hash: 32f0d610bb820d07e107b0591ccab2c4e14d17739e343aad115f07fb98dde465
Instruction Fuzzy Hash: 79E19DB3F142204BF3584978DC94366B692EB94324F2B823C9F88A77C5E97E5D0A4385

Function 005540EB Relevance: .4, Instructions: 427COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18863e2203169998ef365e2d121dc1139e45408eb5516581fc2fb2ab658ea25a
Instruction ID: b1849258b2f89e5f3dae121b36d4bf53fa539b9a3eeaafbef1a07beb296a94a1
Opcode Fuzzy Hash: 18863e2203169998ef365e2d121dc1139e45408eb5516581fc2fb2ab658ea25a
Instruction Fuzzy Hash: 01D1CDB3F142148BF3449E29CC94376B796EBD4720F2B823DDA89977C4D93A98098785

Function 0047B2D6 Relevance: .4, Instructions: 427COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 747e5a6d5965a51ffc4632b4cba2d0098fa87b9c597db48cde526bf60446b946
Instruction ID: 09ee5f99d1d9f916f7f2ac24ef61008d92b277a9e98e0c8c6c981f8327299cb8
Opcode Fuzzy Hash: 747e5a6d5965a51ffc4632b4cba2d0098fa87b9c597db48cde526bf60446b946
Instruction Fuzzy Hash: 66E1B2F3E142248BF3445E29DC94366B7E2EB95320F2B453CDB88973D4EA3A5C098785

Function 0055F1D9 Relevance: .4, Instructions: 398COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb22d673cd5d4ff8ffef080eb0c9ab1a3e2c0a5637b010468363bcea148e815a
Instruction ID: 442131d21554e05c5558a60ca5484980521590a31a878c85a2119d3c5a6d0ce1
Opcode Fuzzy Hash: fb22d673cd5d4ff8ffef080eb0c9ab1a3e2c0a5637b010468363bcea148e815a
Instruction Fuzzy Hash: 7DD19DF3F5122587F3544928CC983A26683EBD5325F2F82788F586B7C9E97E5C0A5384

Function 00547349 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aff30845e5710c0f18a2b07d999510d1aa8af3d9ba21d0a348cbe5c34241e10
Instruction ID: c2157d36b1dd157d4c182804ad37185dd2cecb250aa57e87834e6165d83c1931
Opcode Fuzzy Hash: 1aff30845e5710c0f18a2b07d999510d1aa8af3d9ba21d0a348cbe5c34241e10
Instruction Fuzzy Hash: FFD19FB3F512254BF3484928CCA53A22683EB95314F2F823C8F9A6B7C9DC7E5D495384

Function 005553D5 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e5a9ba7daf5874fb91fe9e5362e6ce3bf156451eced95ce0773804e62a5e08
Instruction ID: 26694307ff79e8a95651cffe468b3e02a1aa021b2ef47c17499d17ab9323ec77
Opcode Fuzzy Hash: 48e5a9ba7daf5874fb91fe9e5362e6ce3bf156451eced95ce0773804e62a5e08
Instruction Fuzzy Hash: 80D18BB3F106254BF3944968CC993626683EB94324F2F82788F5DAB7C5DC7E9C4A5384

Function 0053E1E0 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c834eb9ae654aa90421b7abc742a2fb7e05c5d5bba3389ed234d561484ac9f9b
Instruction ID: 7eae52b2a1ea30842dbdff438bf19b033ec4061c1c1153972f1f9f4f5834d709
Opcode Fuzzy Hash: c834eb9ae654aa90421b7abc742a2fb7e05c5d5bba3389ed234d561484ac9f9b
Instruction Fuzzy Hash: B9C15AB3F5162147F3944879CD983A26583DBD5324F2F82388E58ABBC9DC7E9D0A5384

Function 0056222A Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e3fd2e1131157555ba4d472feafcf5d20a03ce92f504048226f72ff87dbf773
Instruction ID: 18d4641fec70a31e65088a71af23f884a71cd5895d1d095c6b71d02a87b31d50
Opcode Fuzzy Hash: 4e3fd2e1131157555ba4d472feafcf5d20a03ce92f504048226f72ff87dbf773
Instruction Fuzzy Hash: D4C159B3F512254BF3484939CD683A26583ABD5324F2F82388B5DABBC5DC7E5C0A5384

Function 00466042 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3094bf9a793ac4b728409c5f1ca31f9d1cf91303d32c3e7f01bb1a4f02675edd
Instruction ID: 8f8275d154f9524fb54b644132aaff95b01a427a454fb01a0257dac5001eb5d2
Opcode Fuzzy Hash: 3094bf9a793ac4b728409c5f1ca31f9d1cf91303d32c3e7f01bb1a4f02675edd
Instruction Fuzzy Hash: D7C17BB3F111258BF3944978CD583A26683EBD5310F2F82788E58AB7C5DD7E9C4A5384

Function 004A6262 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9315a498203a46a7cd8ea1715d3f7a35e58a445ef37a0561206c6e861adbdbd7
Instruction ID: b37da77d40b2af3772cf2df45ea453bf62b76b57e35f5cbfe3f9db6179e0f7ed
Opcode Fuzzy Hash: 9315a498203a46a7cd8ea1715d3f7a35e58a445ef37a0561206c6e861adbdbd7
Instruction Fuzzy Hash: 7BC17BF3F1162447F3544D29CC943A26683ABE4724F2F82788B9DAB7C5D97E9C0A4384

Function 00489211 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96fb36f2367d8c059e97b98d3f404624fc5f57a9e64972f02639351e2e85793c
Instruction ID: acb107036bad3b173d1e2a0bb4dca4524c1677177e56898f77eb7cbf500ce576
Opcode Fuzzy Hash: 96fb36f2367d8c059e97b98d3f404624fc5f57a9e64972f02639351e2e85793c
Instruction Fuzzy Hash: BAC149F3F115254BF3944929CC583A16683ABE5324F2F82788B9C6B7C9DD3E5D0A9384

Function 0049A231 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5659ed13b05a44e1e2706032f5b86e56332a7de34ff25b8f5eab36eec44f0d6
Instruction ID: c4399c80a6965c94b603141ea3081b10d18aaaf3729c61324f45ff52fd5fe809
Opcode Fuzzy Hash: d5659ed13b05a44e1e2706032f5b86e56332a7de34ff25b8f5eab36eec44f0d6
Instruction Fuzzy Hash: AEC159B3F112254BF3544929DD9836266839BD1324F2F82788F9CAB7C5DC7E9D0A4384

Function 005890CD Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b479ba6ef8379f6a702ebdc2a180b0e44b1cdc7a9694eb6b3208e56f0bc70f
Instruction ID: 1f7d1bd71d28b496294c587f3f73254597c1aa0c19ba54c1adb6186b70c8317e
Opcode Fuzzy Hash: 61b479ba6ef8379f6a702ebdc2a180b0e44b1cdc7a9694eb6b3208e56f0bc70f
Instruction Fuzzy Hash: E9C168B3F6162447F3944869CC983A2A683A7D5325F2F82788E5C6B7C5DCBE5C0A53C4

Function 005360CA Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e480ca6995723969b6f6c42f8a195cc71d6d9519d993a3817a09265f85451fa1
Instruction ID: ef0d4cddd4e7e885b33922a51d9bb6637b163391627b572f9b64af6bb3d2c585
Opcode Fuzzy Hash: e480ca6995723969b6f6c42f8a195cc71d6d9519d993a3817a09265f85451fa1
Instruction Fuzzy Hash: 3EC18DB3F116214BF3544968CC983A26683EBD5324F2F82788F9CAB7C5D97E9D094384

Function 0053816A Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1995489b9150b9270cccdd7291db07803489a180ae1bbe85c2003b098fcecb0
Instruction ID: 2590f4cdd9eadb2de888c6c1a8eff5eca6010d36c9753d4c5b0aff0487296e6c
Opcode Fuzzy Hash: a1995489b9150b9270cccdd7291db07803489a180ae1bbe85c2003b098fcecb0
Instruction Fuzzy Hash: ECC17AF3F5162547F3544978CC943A26682DB95324F2F82388F98AB7C9EC7E9D0A5384

Function 00551344 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dd8da8a8c8cc4570c856112760295ae7ec5e452b523b89ed872f8be8d7c1dca
Instruction ID: 22eb6ea92749ee1d44b92128c431b98e52d32cad842d48857f6d520ec7b90fa9
Opcode Fuzzy Hash: 6dd8da8a8c8cc4570c856112760295ae7ec5e452b523b89ed872f8be8d7c1dca
Instruction Fuzzy Hash: 16C16DB3F1162147F3984979CC983626683DB95320F2F82788F59AB7C5DD7E9C0A5384

Function 0052726E Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7375e49def3039165f969a8cda73694ea8df882e553383500581279c362634b
Instruction ID: c54b034178f88a26280e602a1f6004e3936c2d16683f5da566106711b52b2ddb
Opcode Fuzzy Hash: d7375e49def3039165f969a8cda73694ea8df882e553383500581279c362634b
Instruction Fuzzy Hash: FCC15BB3F5163447F3544969CC983A26682AB95324F2F82788F4CAB7C5DDBE5C0A43C8

Function 004AD00C Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a7b29e509b0f0dc1c373a00f366af25173f50b888ea3b9972e8331b292d2491
Instruction ID: 7fb14fb3eb00d252c7bf1a98779813b72e1d663a5acd03c862559e7c7aea097a
Opcode Fuzzy Hash: 8a7b29e509b0f0dc1c373a00f366af25173f50b888ea3b9972e8331b292d2491
Instruction Fuzzy Hash: 39C16CF3F1162147F3584938CDA83A625839B95324F2F82788F8DAB7C5D8BE5D4A5384

Function 0054E218 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72e0957d1a35149f09e8b1a03fd386e1f9e330a3252e30a64adf89fdc6617a6c
Instruction ID: 2322b05c496cde6804b251e7fecb7ef11d9f89d14f20681b16d55b2fc3f348c4
Opcode Fuzzy Hash: 72e0957d1a35149f09e8b1a03fd386e1f9e330a3252e30a64adf89fdc6617a6c
Instruction Fuzzy Hash: 8EC188F3F5162047F3844838DD983A265839BE4324F2F82788F696B7C9DC7E4D0A5288

Function 004F504D Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a944bda1ebbab25f2824cec8fe1813040b766ae9e41e39a427f597f680da1b7c
Instruction ID: 558b352abb7d4b990b615e9ed3567460f397c495c68ad7e99a6cd03014caf988
Opcode Fuzzy Hash: a944bda1ebbab25f2824cec8fe1813040b766ae9e41e39a427f597f680da1b7c
Instruction Fuzzy Hash: ECC17AF3F1162447F3544928CCA83666683ABD5324F2F82788F9D6BBC6D87E5C0A5384

Function 00537006 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bda22e6fb3ded0ecb95b50e53b273b24d8f0de33ab694b66768d092d3ca453a6
Instruction ID: cda7ad107ea1211494cb6ff4fc86edf0869039816ed9d1430091a668720f22a4
Opcode Fuzzy Hash: bda22e6fb3ded0ecb95b50e53b273b24d8f0de33ab694b66768d092d3ca453a6
Instruction Fuzzy Hash: 52B15EB3F5122547F3544939CD583A26583ABD5320F2F82788E9CABBC9DC7E9D0A5384

Function 004773D8 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e33cb980e0d6b2e3130e6ccfab5a495e18c3d6db85070e774e2cd8df44cd20
Instruction ID: 5e956c0425109e75ae7eb4f44737217666af2e5aa54e6eeb80c2acce9aff87a4
Opcode Fuzzy Hash: 52e33cb980e0d6b2e3130e6ccfab5a495e18c3d6db85070e774e2cd8df44cd20
Instruction Fuzzy Hash: DBB17CF3F6162547F3584829CC5836166839BE4324F2F82788F5DABBC6D87E9D0A5384

Function 0051106C Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ddaf7210476195ea0882e279e1cb10cdfff35da75a089a21132624bdde0e31
Instruction ID: 858cc54e5616e84c3390f827bc0560376c06a6a71f73dc3c18e36475fc1790a1
Opcode Fuzzy Hash: 70ddaf7210476195ea0882e279e1cb10cdfff35da75a089a21132624bdde0e31
Instruction Fuzzy Hash: 20B17DB3F1122587F3844929CC583A27283EB95324F2F82788E59AB7C5DD7E9C1A5384

Function 005AC2A7 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d72f27cfe630c460c9e0d548db6db9f45fa6fe90d3143c18b0d858267ca2854d
Instruction ID: a1737819ef000d530206f64c66de25df35daa2b0b3e345930c4a6e888f87eec9
Opcode Fuzzy Hash: d72f27cfe630c460c9e0d548db6db9f45fa6fe90d3143c18b0d858267ca2854d
Instruction Fuzzy Hash: CCB17AB3F112214BF3544939CD583617683EBE5724F2F82788A989B7C9DD7E9C0A5384

Function 005601FC Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a5410d5680247a2af1be3f279f22dc41a3a1af2703382e063d30734463b6939
Instruction ID: 671553d2e86367ac41ac2146aaa6781ca764d796fafcfb7648254b6dd78e2690
Opcode Fuzzy Hash: 2a5410d5680247a2af1be3f279f22dc41a3a1af2703382e063d30734463b6939
Instruction Fuzzy Hash: 0DB149B3F5162547F3544869DC983A26583ABD4324F2F82788F5CABBCADC7E5C0A5384

Function 00506199 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c1d7e2ab184acc6bd88fbf523c2efff1944536db753699762f2175ea555572
Instruction ID: e678a7c4ea54b52ed7162b966ab4fe27c01cb71f8b611a116598c120874435ee
Opcode Fuzzy Hash: b2c1d7e2ab184acc6bd88fbf523c2efff1944536db753699762f2175ea555572
Instruction Fuzzy Hash: CEB126F3E1162547F3984829CD58365658397E5324F2F82788F9DAB7C9DC7E5C0A4384

Function 00521373 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ddad91cd13d89dc6b30649971f910811aa6ec968e555af1486d76421e1d907e
Instruction ID: 2f70a9d3472c9b037a6021a38ffdfc6e5e550ea36d2807faaa43ec6a9e0c1a17
Opcode Fuzzy Hash: 5ddad91cd13d89dc6b30649971f910811aa6ec968e555af1486d76421e1d907e
Instruction Fuzzy Hash: E3B19CB3F1122547F3844979DC983626683ABD5324F2F82788E5CAB7C5DD7E5C0A5384

Function 004802DC Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c97484ee6efb122090dee8c276cfade475a926f93303c7f6de18d38ad70c180c
Instruction ID: d60ec81569096bae0809995b0f52ffcafd16afd4a66cd6770b0f13d07d439650
Opcode Fuzzy Hash: c97484ee6efb122090dee8c276cfade475a926f93303c7f6de18d38ad70c180c
Instruction Fuzzy Hash: 7EB17EB3F516154BF3544938CD583A26683EBD1324F2F82788E88ABBC9DD7E5D0A5384

Function 0048E333 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0024988fb42154ed52f8f6b6f56e86d5e637f65533d75359118aba7497e32b08
Instruction ID: 85c98871566f5024446d32ebab2897f43e5a09d45f4b9551034c068b93490b16
Opcode Fuzzy Hash: 0024988fb42154ed52f8f6b6f56e86d5e637f65533d75359118aba7497e32b08
Instruction Fuzzy Hash: 25B14BB3F5122547F3844939CD583626683ABE5314F2F81788B8D6B7C9ED7E5C0A5384

Function 0055923C Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 136b7ac68318578ec8accea7ed46b1d225f6be80d8f3e579134eed4552d51feb
Instruction ID: a25b1f6db12e2a8cddce2c63ccf1c3732e3913fb947bb9bdb45e4f6eafcb5669
Opcode Fuzzy Hash: 136b7ac68318578ec8accea7ed46b1d225f6be80d8f3e579134eed4552d51feb
Instruction Fuzzy Hash: A0B15CB3F1122647F3544969CD983626683DBE5720F3F82788E489B7CADD7E9C0A5384

Function 0052F328 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57fac369c6c168225d09ed1c1c1ad22fe114ee4431aff7527b38954f88a015f5
Instruction ID: f55ef56c689b3b0203ffa268b0b8eb82c57cf13154717cef12836b53ef0dc24f
Opcode Fuzzy Hash: 57fac369c6c168225d09ed1c1c1ad22fe114ee4431aff7527b38954f88a015f5
Instruction Fuzzy Hash: D1B16BB3F1122547F3884939DCA83626683EBD5310F2F827C8A59AB7C5DD7E5D0A5384

Function 00456175 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc0b6076a11f07d662810f04a3cd382e26bb629afd6803d9c09656d5566c1794
Instruction ID: 0511d16d30e5f6ec773e07b1a350fd7d335094fa7f08bd2436f70de3a22a7d6a
Opcode Fuzzy Hash: cc0b6076a11f07d662810f04a3cd382e26bb629afd6803d9c09656d5566c1794
Instruction Fuzzy Hash: FFB168F7F1112547F3944938CD583626683AB94325F2F82788F5DAB7C5D87E9C0A5388

Function 00572216 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b02f2d9b83cc0b5ba9f397356734b4c6ca7fe741d309fab0e3721cf0bf104ac2
Instruction ID: cf4196552260d9b539e6ba3027cbeb1a6dec55f4c7411ecc55653fc989f5475b
Opcode Fuzzy Hash: b02f2d9b83cc0b5ba9f397356734b4c6ca7fe741d309fab0e3721cf0bf104ac2
Instruction Fuzzy Hash: 3CB13AB3F516204BF3544838DD983616583AB95324F2F82788FADAB7C9DC7E5D0A5384

Function 00595348 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1296293df43f3f52cb25cee5baf4a0069cbf6a2640c9e96fcb0402228c7ef00b
Instruction ID: 3a7e878c50e94ef3859844009acc65c15c79b6a1e80bc98e6bc06159676ad5dd
Opcode Fuzzy Hash: 1296293df43f3f52cb25cee5baf4a0069cbf6a2640c9e96fcb0402228c7ef00b
Instruction Fuzzy Hash: FEB16AB3F5162547F3940838CD683A22583E795324F2F82788EAD6BBC9DC7E5D0A5384

Function 0051C163 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6b9b8c62221b8913ad8a4ab299c98f5772935f1e07c0348d08d3a36591970e2
Instruction ID: 69fc9f597bad00c76c12cb2464fd8bcef01e99a9afcfdb519138ca94dc9ebb11
Opcode Fuzzy Hash: d6b9b8c62221b8913ad8a4ab299c98f5772935f1e07c0348d08d3a36591970e2
Instruction Fuzzy Hash: D8B148F3F1122547F7484928CC683626643E7E5324F2F82788B596B7C9ED7E9C4A5384

Function 0056B244 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d4a281b3a99d082ce0b8e3cc28e8b92ba28c8bb599d3f0d01c356ef3212eee
Instruction ID: b4d85c3709b0f740c8b01241d63c86a74aa86f9a374ac4bfc5ea3c86aaf0deef
Opcode Fuzzy Hash: 42d4a281b3a99d082ce0b8e3cc28e8b92ba28c8bb599d3f0d01c356ef3212eee
Instruction Fuzzy Hash: 44B169B3F1122487F7544939CD983A26683ABD4314F2F82788F996B7C9DDBE5C0A5384

Function 0052C04D Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ab0e1879e38282b07442ebd29a850cc5c949b75cfc2f277b3c65d40f69b7bd0
Instruction ID: 2173c02777a36bcc7ac0d5f78fd05090a41f9cb5a3f1c11370ce8a396d4dfcb4
Opcode Fuzzy Hash: 7ab0e1879e38282b07442ebd29a850cc5c949b75cfc2f277b3c65d40f69b7bd0
Instruction Fuzzy Hash: 50B179B7F6162547F3444978CCA83616983DBE5724F2F82788B98AB7C5DC7E9C0A4284

Function 004FB095 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d9103ed13b50c787517cd1d9d0367d47a143e8c24e56227590e0058881e4104
Instruction ID: 3836d6465e4c43e292eb6884a592ac6efc656cd27a5c8b4349db53ae9cecc7b3
Opcode Fuzzy Hash: 8d9103ed13b50c787517cd1d9d0367d47a143e8c24e56227590e0058881e4104
Instruction Fuzzy Hash: 87B16AF3E1123547F3940928CD983626652ABA5324F2F82798F8C7B7C6D97E5D0A53C8

Function 004EB0E2 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25a87d6365c06f344931b1012daaf0ece93914f7dc99403019609bedd510b7c9
Instruction ID: e0d8537b59b2fe32005f46320b88ebdf0e3a96725aad8c01fd615d3713a22a8e
Opcode Fuzzy Hash: 25a87d6365c06f344931b1012daaf0ece93914f7dc99403019609bedd510b7c9
Instruction Fuzzy Hash: 4CB1ADF7F2162587F3580928CCA83A17643EBA5324F2F82788F596B7C1D97E9D095384

Function 004E93E8 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3df1a394100c890b81bd25df279b5187e265c72c9eaf10cf518cd88dcc4f605
Instruction ID: 86efab511c1deddc47683560f62cdbcc4fe541d5815d431dcb277aa89e051391
Opcode Fuzzy Hash: e3df1a394100c890b81bd25df279b5187e265c72c9eaf10cf518cd88dcc4f605
Instruction Fuzzy Hash: 83B189F3F116214BF3884929CCA93656643EB95324F2F82388F49AB7C5D97E5D0A5384

Function 0045C0D4 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d87af738611feb7c3f4b266eb1af97482044364148d0f8e617214c735c519132
Instruction ID: 5f5de49d4940d010fa8f26ae2714f3ad5153f6931db8f947ba6f15aa061d75e2
Opcode Fuzzy Hash: d87af738611feb7c3f4b266eb1af97482044364148d0f8e617214c735c519132
Instruction Fuzzy Hash: C6B15AB3F112244BF3944979CC983626683ABD1324F2F82788F996B7C9DD7E5D0A5384

Function 0053925E Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1e81699cfd3c9bcc12767296478d39744297c1346874f88f324e1b375b3fa5b
Instruction ID: 61abfba361a04613efb4fd3d357ebea7ca7687c4896b4da17d03fed440b3a037
Opcode Fuzzy Hash: d1e81699cfd3c9bcc12767296478d39744297c1346874f88f324e1b375b3fa5b
Instruction Fuzzy Hash: EBB15DB3F1122587F7944D28CC983627693EB95324F2F82788F48AB7C5D97E9D0A5384

Function 00458027 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc76b7d875aa10ee80cefc5644b6800e42117c82f5c6d5ce5d44fcafb266a19
Instruction ID: 65f9cf34954e15bac5475e3bafabefc331d60e5931d864f730d28eb2df4c20b0
Opcode Fuzzy Hash: 4bc76b7d875aa10ee80cefc5644b6800e42117c82f5c6d5ce5d44fcafb266a19
Instruction Fuzzy Hash: 0CB17BF3F116214BF3404929CC543A26683ABD5325F2F82788E5CAB7C9ED7E9D0A5384

Function 004D738F Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d2c495e62d2a086edf8799741b7199b2ab6f7a5bfe58f98fc275611a617d1ed
Instruction ID: 0e6532fa4c4d1bda76332f1e3e024808c3e59ec712c032337714d30c95017db1
Opcode Fuzzy Hash: 7d2c495e62d2a086edf8799741b7199b2ab6f7a5bfe58f98fc275611a617d1ed
Instruction Fuzzy Hash: B0B18EF3F506244BF3844978CDA83A26682EB95324F2F82798F596B7C9DC7E5C095384

Function 0051D2C3 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b714f731a84d57457346b87b4aa6056d990007fdfdaa7fe3733d380751967d
Instruction ID: dc38c92033a8349e2a18d86dfc4c4af2a49f3a59a43067ff117ade1d608cfabf
Opcode Fuzzy Hash: f1b714f731a84d57457346b87b4aa6056d990007fdfdaa7fe3733d380751967d
Instruction Fuzzy Hash: F7A1AEB3F1022547F3484978CC983A27682EB91324F2F82388F58AB7C5DD7E9D0A5384

Function 0045B33C Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f1f319590f3f03850acb638b8735f2ef432ae9acc3b040bcef07ef010c261a9
Instruction ID: 82c3d634aaaabafd971a3e8c72e412563a3ef20b81a3f98dbf39e2facc6ca546
Opcode Fuzzy Hash: 2f1f319590f3f03850acb638b8735f2ef432ae9acc3b040bcef07ef010c261a9
Instruction Fuzzy Hash: F8A136A7F0162547F3944939CD983626583ABD5324F2BC2788F8C6BBC9DC7E5D0A5384

Function 0048C240 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6c48d2d50bdd616c56ddebf730d7b36261e402afcb9de9ff05040498a6806bc
Instruction ID: bacf4ba249a3958a3ec892ea0445311725d8ecf75c401ab82f49ff8724b22233
Opcode Fuzzy Hash: b6c48d2d50bdd616c56ddebf730d7b36261e402afcb9de9ff05040498a6806bc
Instruction Fuzzy Hash: F9A190B3F111244BF3944D78CC983626682EB95310F2B82788F59AB7C4DD7E5D4A5388

Function 0059B1CC Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c37bb3ea5310050f3c1e2fa17eeaf2eb841fc0221ead118d78b38339e803a6b
Instruction ID: 486d512983a8ff7322ade28fc62bc28cdabf821d5ddf8fbaa2e0a7b85e981332
Opcode Fuzzy Hash: 6c37bb3ea5310050f3c1e2fa17eeaf2eb841fc0221ead118d78b38339e803a6b
Instruction Fuzzy Hash: 3BA1ADB3F5062547F3584939CCA83A276839BA5320F2F82788F996B7C5DC7E5C0A5384

Function 0057302A Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03b2b10ceeac6317b62b6ac3d397effefc6f5e7269abccb6c0c2fa46b544b465
Instruction ID: 3cd6c2b07a5b20a426406a24afe2b790e91e2754f3a28ab0100de3446036e5f8
Opcode Fuzzy Hash: 03b2b10ceeac6317b62b6ac3d397effefc6f5e7269abccb6c0c2fa46b544b465
Instruction Fuzzy Hash: 1EA15DF3F2162547F3544938CD983A12583EBA5314F2F82788F49ABBC9D87E9D0A5384

Function 005643D3 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06735a3838ade1833d9682c76f368544273f16de77c46f47e3525ba6339dbfdd
Instruction ID: 9975f9ade299f09cacc47fdc613536b42bc076576e013bfd4077611a7f895ace
Opcode Fuzzy Hash: 06735a3838ade1833d9682c76f368544273f16de77c46f47e3525ba6339dbfdd
Instruction Fuzzy Hash: 73A18BB3F112254BF3544968CC983A2B683ABD5320F2F82788F5C6B7C9D97E5C499384

Function 0051A3FE Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d0c11b7fb0ac5b36a997ac9cffdb7f952f249ebd285bea62aaf25f93c92eac
Instruction ID: a242507d1a4e2a833048ed87831c00386adff98f123daff33f3eeb190747ebc7
Opcode Fuzzy Hash: 78d0c11b7fb0ac5b36a997ac9cffdb7f952f249ebd285bea62aaf25f93c92eac
Instruction Fuzzy Hash: 66A15DF3F1122547F3944878CDA83666583A7A4720F2F82398F5DA7BC6DD7E8D0A5284

Function 004900B3 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d20870699fa513e34ac17bbb2813610cccd0a9bee43df8df9cbd91dc4867eddb
Instruction ID: 99ef4397cdc8331ad78bc0005641dd0ca79daf3b3a9be1707cafd24c7bded996
Opcode Fuzzy Hash: d20870699fa513e34ac17bbb2813610cccd0a9bee43df8df9cbd91dc4867eddb
Instruction Fuzzy Hash: C8A148B3E5162547F3944969DC98362B6839BE5320F2F82788E8C6B3C5E97E5C0A53C4

Function 0050C123 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48887e7b896aa38a934b90c1bbbd294ca3565acd1dbddb765903711635a8d7ee
Instruction ID: 86f9385e65b743b1d4ef1bdf096eaea33cacd7d7d9989c64a68493f4be1e399c
Opcode Fuzzy Hash: 48887e7b896aa38a934b90c1bbbd294ca3565acd1dbddb765903711635a8d7ee
Instruction Fuzzy Hash: 39A168F7E1262147F3544978CC88362A693ABE5324F2F82788F5C6B7C5E97E5D0A4384

Function 005773EB Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcb02ea3dcbc8b499ea432c7b88fd9126adef82329fe9a22467100f73dc86e9b
Instruction ID: 29426e476de6c31b4aeef2c46c830237cc3511af9ae7d66afdb53c758cd91793
Opcode Fuzzy Hash: dcb02ea3dcbc8b499ea432c7b88fd9126adef82329fe9a22467100f73dc86e9b
Instruction Fuzzy Hash: 52A18AF7F6062547F3544878CD983A26582EB94314F2F82388F58ABBC9DC7E9D0A5384

Function 004DF045 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 114cd1e5a216c149332fb1fd1d36216034e08f4e2da8da295422277caa579d1d
Instruction ID: 2cc741a861ab2b8af28810658cb483c9ae0abd9a28a014eb94980bbdd376243a
Opcode Fuzzy Hash: 114cd1e5a216c149332fb1fd1d36216034e08f4e2da8da295422277caa579d1d
Instruction Fuzzy Hash: 82A14BB3F112254BF7544939CC983627693ABD5320F2F82788E48AB7C9DD7E5D0A9384

Function 0057C2F9 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9599d062d7a9eaea3764fd4ec34e495690e469f9fd5d139a0b4caf09f59b229
Instruction ID: 88073a2d293ac6a9ea393890199cec13e4c132484d8afa130b1cb2afed9c3b5b
Opcode Fuzzy Hash: a9599d062d7a9eaea3764fd4ec34e495690e469f9fd5d139a0b4caf09f59b229
Instruction Fuzzy Hash: B8A18AB3F116254BF3544928CC983A27683EB95324F2F82788F58AB7C5DD7E9C0A5384

Function 004FD330 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8343eae4a647e307ed28034add15543acd407a726e96d4bba1ae41caecc921b
Instruction ID: 3f39ae348fa2db37197684b32fcef6742141c09f1a08bfd6b8567ea9c6f96f09
Opcode Fuzzy Hash: d8343eae4a647e307ed28034add15543acd407a726e96d4bba1ae41caecc921b
Instruction Fuzzy Hash: 40A16AB3F1122587F3504A69CC983617693EBD5314F2F81788B4C6B7C5D97EAC0A9384

Function 0058E095 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 931565904e9b55c5d87513ec6e1f10b853d1f56f29403f4a2900d049817ba237
Instruction ID: 9f5baee6367366ec04ff1b0f6fb66ba75ce8c1b3a4152a4d775a213e7f60e5ce
Opcode Fuzzy Hash: 931565904e9b55c5d87513ec6e1f10b853d1f56f29403f4a2900d049817ba237
Instruction Fuzzy Hash: 64A19AF7F5162547F3844828CC983A16583E7E4324F2F82788F58AB7C6E87E9D0A5384

Function 004E035E Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c91ff4312f9fbd80e5df2ea53f436e80d0b51eaa727a3deb89edbecaae7562dd
Instruction ID: b11d34e83cb3348c86ab41974dbafc526d1b039c5160973f531191bb0667601e
Opcode Fuzzy Hash: c91ff4312f9fbd80e5df2ea53f436e80d0b51eaa727a3deb89edbecaae7562dd
Instruction Fuzzy Hash: BDA157B3F1122547F3544829CD983A2668397D5314F2F82788E4CABBCADC7E9D4A5384

Function 00503048 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f14154afe4cda40e7400312b50746fd0f89ff491824e8a6d47e7dc5917eb4a3
Instruction ID: 1d46b3d97fadc574e20a194f74ffbd79648eb1860ee7a7dd968be269ef8ab19d
Opcode Fuzzy Hash: 5f14154afe4cda40e7400312b50746fd0f89ff491824e8a6d47e7dc5917eb4a3
Instruction Fuzzy Hash: 9DA16DF3F1122547F3944928CC583A22583EBD5324F2F82388E995BBC9ED7E9D0A5384

Function 004910AB Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e32f1d674788139bbfaab02777195dc29290b270d2c1d6cf2ce2818b6037967
Instruction ID: 6b98f79b4300e91244e3f5bf0ba79d006e60b0e49697d9f7704eefdbfe9b677f
Opcode Fuzzy Hash: 6e32f1d674788139bbfaab02777195dc29290b270d2c1d6cf2ce2818b6037967
Instruction Fuzzy Hash: 37A16AB3F012254BF7984D29CC983626683ABD5320F2F82788F595B7C9DD7E5D0A5384

Function 004E632F Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56de8ac9a7c06189ed9dc9d12512ac735291f5853f911cb13cc777e1ea66907d
Instruction ID: d84fca6d3b1b1ed06a89f0d7bcfff825536c307a490dcb95f76fc07db5bcedb8
Opcode Fuzzy Hash: 56de8ac9a7c06189ed9dc9d12512ac735291f5853f911cb13cc777e1ea66907d
Instruction Fuzzy Hash: 76A17AB3F5022147F3944939CC983A66583AB95320F2F827C8E9D6B7C5DC7E5D0A5384

Function 004B40B3 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e741349ac4421da9da6606ed94899091dfae5d3c1b8a651675a482b4727862c
Instruction ID: ec79017863b50368894131eec101806a8862464bb6687b56b77b6d187ed030e2
Opcode Fuzzy Hash: 9e741349ac4421da9da6606ed94899091dfae5d3c1b8a651675a482b4727862c
Instruction Fuzzy Hash: 52A17BB3F502254BF3584978CDA93A66283DB94724F2F82398F89AB7C5DC7E5C065384

Function 005122B2 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7ababb2b30778e485b760b9b66f370c54661c25160813a0167a63fa4942bc2f
Instruction ID: 8d949297e4de6370cae4e06e44f8413af3ea79a490c90beabb39b407c5edee85
Opcode Fuzzy Hash: d7ababb2b30778e485b760b9b66f370c54661c25160813a0167a63fa4942bc2f
Instruction Fuzzy Hash: 32A18BB3F1122547F7484939CC983A66643EBD5314F2F81788A896BBC9ECBE5C4A5384

Function 00557364 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59d7602d1cbcbab454e2265511c075de0651032d94728e373214eab02f39692d
Instruction ID: 162dbc628bdeb1a10d726b1392b2177722cf9d67d1aa82b54c536bc44bd52f40
Opcode Fuzzy Hash: 59d7602d1cbcbab454e2265511c075de0651032d94728e373214eab02f39692d
Instruction Fuzzy Hash: 37A169B7F1122447F7884D29CC68362B683ABA5724F2F827D8E996B3C4DD3E5C095384

Function 004EC0B4 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 684a6d5dd53a6ed28089b68b8441c01ae1b491975427dd0527eab75eedbd2aa8
Instruction ID: 73fc267d559c9c1104d6293ed358756e5a3b18123da77fb463c7badd9b351f18
Opcode Fuzzy Hash: 684a6d5dd53a6ed28089b68b8441c01ae1b491975427dd0527eab75eedbd2aa8
Instruction Fuzzy Hash: 92A14AF3F1112547F3944939CC593A66583ABE1314F2F82788E4DABBC5D87E9D0A5388

Function 0054C29E Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 260bc6b4648d5b71c4879d9ed8ea1afc64c7e9e7ee965402e97f297037fafee7
Instruction ID: 478be481f855660030021e4ddd5ed8e33d0df214b35a0769b8e61bebdc7ada93
Opcode Fuzzy Hash: 260bc6b4648d5b71c4879d9ed8ea1afc64c7e9e7ee965402e97f297037fafee7
Instruction Fuzzy Hash: 75A16CB3E102248BF3548E28CC943917693AB95314F2F82788E8C6B7C5D97F6D5A93C4

Function 004EA3EE Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b6b925b67b643d852651f2682c4f3f6f0010f9695dbcb29f3b493f2dac59ce
Instruction ID: 15f9f1cb1e877961f2a8b4f69d020882ce8a8a2aeca049fa0a483a41416da081
Opcode Fuzzy Hash: 84b6b925b67b643d852651f2682c4f3f6f0010f9695dbcb29f3b493f2dac59ce
Instruction Fuzzy Hash: 79A17CB3F1162587F3584929CC583A26683DBD5320F2F827C8B99AB7C4DD7E9D0A5384

Function 004BE0ED Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a0362f1fb4f9bdc4a76dabdfe9b6bf78a76139ecd1553a50435e3e50974e35b
Instruction ID: b717e852f83109cbee9931996563ca3f541e2ce18db0ddfe5c852ec6efd3de0a
Opcode Fuzzy Hash: 3a0362f1fb4f9bdc4a76dabdfe9b6bf78a76139ecd1553a50435e3e50974e35b
Instruction Fuzzy Hash: F5A139B3F112244BF3544879CD583A66583ABD4324F2F82798E9D67BC5DC7E5D0A4384

Function 0048A143 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d9e9215d0704286dee6a3ce190f4a1c45517858436aa4a4efdaf07323c18727
Instruction ID: 84016ec68e317ab864d8227b6ab9e01a9c640ad9d9e76ab48832d2a2916b68e8
Opcode Fuzzy Hash: 8d9e9215d0704286dee6a3ce190f4a1c45517858436aa4a4efdaf07323c18727
Instruction Fuzzy Hash: 19A16AF7F5161147F3984968DD983A26683EBD4314F2F81388B49AB7CADCBE5C0A5384

Function 0050235C Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389126b7f311ecab6453530b66f89057936610a7ed93c559774c98cb8048fff8
Instruction ID: 584e32881399fb1e2de40cebc3658b4fb0260ac330b3594eabf7e5c5071f0dbd
Opcode Fuzzy Hash: 389126b7f311ecab6453530b66f89057936610a7ed93c559774c98cb8048fff8
Instruction Fuzzy Hash: 1AA17AF3F112254BF3544928CC583617693EBA5324F2F82388F996B7C9D97E5D0A5388

Function 004D327C Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fcf911cddaaef42eb4db6a1d362a136e04ef12f6320b5e008f88cbd98a7a9a9
Instruction ID: 0787079f6e37cacd28fba368b35af28b7da4c062c26f1af9386d6122dc987ea4
Opcode Fuzzy Hash: 1fcf911cddaaef42eb4db6a1d362a136e04ef12f6320b5e008f88cbd98a7a9a9
Instruction Fuzzy Hash: 2AA17DF3F512214BF35448B8CD9436266839795324F2F82788F58ABBC5DCBE5D0A5384

Function 00597355 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53541717c9d4662e85f211f0ede16692dd978c7d42bfe5b28ef497c2012d9941
Instruction ID: 7e5b6f137428a12ced462ee6037f281c52f6a649b7d212981fe1d8cd1c863dfc
Opcode Fuzzy Hash: 53541717c9d4662e85f211f0ede16692dd978c7d42bfe5b28ef497c2012d9941
Instruction Fuzzy Hash: 32A17CB3F502254BF7544D79CD58362A683DBD5320F2B82388E58AB7C9DD7E9C0A5384

Function 005AA365 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4111c71e4209d5ae03fcd2a7d624c805f2b291c531c57a480c165ce2a44df7e
Instruction ID: 6f94c2b0d423e3cea778a63790c989fa6adeba1f6a0b1ca3cb15f14e1558a5bd
Opcode Fuzzy Hash: d4111c71e4209d5ae03fcd2a7d624c805f2b291c531c57a480c165ce2a44df7e
Instruction Fuzzy Hash: 60A159B7F1122547F3540929CC583A2A693ABE1321F2F82788E9C6B7C5ED7E5C4A43C4

Function 0051E3F0 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef5c5183136c7965c4a4c5b3a44e1877b73ed7d955a78aaade02af88f146ed88
Instruction ID: d9435da659224134cb0ac1bda352a61ab8652a6f472837fefa4c866184995935
Opcode Fuzzy Hash: ef5c5183136c7965c4a4c5b3a44e1877b73ed7d955a78aaade02af88f146ed88
Instruction Fuzzy Hash: B1A167B3F112254BF3544D79CC683A26693ABD5310F2F82788E8D6BBC5D97E9C0A5384

Function 00505388 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32cf3ea44bad9011b9ff326397b83a0015e19489788f902ff7bfd8458d2599a6
Instruction ID: b3d275a6b7e55002d7555d42747c7c9eeb3dcf2445ef701587b9cd38642289db
Opcode Fuzzy Hash: 32cf3ea44bad9011b9ff326397b83a0015e19489788f902ff7bfd8458d2599a6
Instruction Fuzzy Hash: A0A158B3F1122547F3544978CC98362A683ABE5714F2F82788F896BBC9DD7E5C0A5384

Function 004E40AE Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf0f884c39c92ac5d0b5a890e3cb96171497ebd4d780f99e40d2a0383f2ea256
Instruction ID: 288884bffba01b89224abd8a0ca361c02a36ef6846cbaf592c0db4cc721bd4ce
Opcode Fuzzy Hash: bf0f884c39c92ac5d0b5a890e3cb96171497ebd4d780f99e40d2a0383f2ea256
Instruction Fuzzy Hash: CBA159B3F1122547F3484929CC98366B683ABD4315F2F81788F896B7C9E97E5D4A4388

Function 00498262 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cd6e01be6bd9de77e6a64985ed2f25e784f6a9f2a0a9b11b6f47e1c628edb53
Instruction ID: 0a173831084e331dfa24794f2b7c8e4aa2d4fcc1b287965acc4d52ff38213d60
Opcode Fuzzy Hash: 6cd6e01be6bd9de77e6a64985ed2f25e784f6a9f2a0a9b11b6f47e1c628edb53
Instruction Fuzzy Hash: D8A17CF3F1162547F7548938CD983A1259397E5324F2F82788E8CAB7C9D87E8D0A9384

Function 00534078 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f238104e4e309a307c184c10b2d9a083862d0c4d0ca1a8f6997fea18757ce35d
Instruction ID: 4aeeed98a33b84f06dffc64859f68b93ac3e8573df3be0c1912f1eb5c9acf7d2
Opcode Fuzzy Hash: f238104e4e309a307c184c10b2d9a083862d0c4d0ca1a8f6997fea18757ce35d
Instruction Fuzzy Hash: 9CA14CB3E1012587F3544969CC54362B693AB95324F2F82788F8C7BBC9E93E5C1A97C4

Function 004A0243 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5806ca43b595ad0c42c01ddf6eaaef65bac077f80648104812aa49be51ec35f
Instruction ID: 16b9407f0e60b525c6748751e0e26d334e2bce7723c70ed81fa92a8a61633f17
Opcode Fuzzy Hash: f5806ca43b595ad0c42c01ddf6eaaef65bac077f80648104812aa49be51ec35f
Instruction Fuzzy Hash: 98A168B3F1122447F7844968CC983666683A7E5320F2F82788F9DAB7C5DC7E5D0A5388

Function 005523DF Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19be6ddcf3d778517d80a5762abd0ea5cfbf1bec9aa221636bf75f76722d6548
Instruction ID: f062274088014ece7272a99e0efacecef6283a6ea1bf15deec7acb62bb62dd7c
Opcode Fuzzy Hash: 19be6ddcf3d778517d80a5762abd0ea5cfbf1bec9aa221636bf75f76722d6548
Instruction Fuzzy Hash: A0A1BCF3F602258BF3984968DC583A17682DB95314F2F82388F4DAB7C5D97E5C099384

Function 0051F028 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 810098f0161c1b672b03a27ba4474f854c6a41a83c644d98fdc61df677912de4
Instruction ID: e16e99e7eeb4c4d15651d08ae797a02c7f731b1a6b6088c556afcf46090e9691
Opcode Fuzzy Hash: 810098f0161c1b672b03a27ba4474f854c6a41a83c644d98fdc61df677912de4
Instruction Fuzzy Hash: 0BA179B3F5122587F3884A38CCA83626643EBD5724F2F82388B596B7C5DD7E5C1A5384

Function 00474393 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c4b9268424071662257fbe65a9254f3ad10a713bc9935002ac2a6766b91d252
Instruction ID: 8dae7ce907b6c457626beece93b2b9b548d4d2ff7e9b047ca85c92641e592977
Opcode Fuzzy Hash: 4c4b9268424071662257fbe65a9254f3ad10a713bc9935002ac2a6766b91d252
Instruction Fuzzy Hash: 2AA189B3F5122547F3944928DC983A27283EBA5321F2F82798F98677C9DDBE5C095384

Function 00486112 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbe550061c29a969a903ee0a60597b417d210d9c564dcf0c6317eafe2fa87fe
Instruction ID: 091b8ae904ad441426e4cadc9600f8b7e393bc25f2f6c67ba11bf9c74ee0dd54
Opcode Fuzzy Hash: fcbe550061c29a969a903ee0a60597b417d210d9c564dcf0c6317eafe2fa87fe
Instruction Fuzzy Hash: 0A916BB3F112248BF3544929CC543A2B283ABD5324F2F82788E596B7D5DD7E9C1A93C4

Function 00544138 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23a446001c5470fcab58788c6e6f3c0319a7a8202a7bffd2a4c6274058141f8
Instruction ID: 810beab74115ac81ab7e0e965aeb7d4e3af4ea99b98eed4d5dff480b965906b5
Opcode Fuzzy Hash: e23a446001c5470fcab58788c6e6f3c0319a7a8202a7bffd2a4c6274058141f8
Instruction Fuzzy Hash: 209190B3F1121587F3844D69CC983A27693EBD5314F2F81788B489B7C9D97E9D0A5384

Function 00499346 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2542e67abfd759955ceeb4c45c787f35fd4e5663a81986cb2296bf0f39a8b146
Instruction ID: a728fc983394ec97055a6dc044c4c34ccae89294fda7e640b23804d5075c3944
Opcode Fuzzy Hash: 2542e67abfd759955ceeb4c45c787f35fd4e5663a81986cb2296bf0f39a8b146
Instruction Fuzzy Hash: 259139B3F112254BF7948D39CC5836276839BD1324F2F82788A985B7C9DD7E5D0A5384

Function 004DD012 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4fb693b4c27465849142f3ea92f35b470f7273a26a4347f34d5f12386e6e9fb
Instruction ID: 850b8ab8a67fc437a46a7d5515c2c51da4f9bb4e0ff7867400abec1bfcc6c9db
Opcode Fuzzy Hash: b4fb693b4c27465849142f3ea92f35b470f7273a26a4347f34d5f12386e6e9fb
Instruction Fuzzy Hash: 45918EB7F1062547F3984978DC983666143E7A5310F2F82388F59AB7C6DC7E9D0A5384

Function 004C009E Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e1acb456c47537f197d45843f9d4c62c01fd6add78b9765a3a6d362aca9344c
Instruction ID: b72fd6d5d79155c49ffde9e0561e066c03cdcf76c7a1769e6f776876ea9743b0
Opcode Fuzzy Hash: 1e1acb456c47537f197d45843f9d4c62c01fd6add78b9765a3a6d362aca9344c
Instruction Fuzzy Hash: 38918CF3F1122547F3644D28CC883A16683ABA5324F2F82788E8C6B7C5D97E5C0A53C4

Function 005A716D Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f53cffd0dd4f0b05954167eb4df3f1392918b293d7410d65b04db927a54df0
Instruction ID: 1ce8498e7f70c9ecdd673ae18413a4b267e498f258cde95f70c59971c64e65a6
Opcode Fuzzy Hash: e2f53cffd0dd4f0b05954167eb4df3f1392918b293d7410d65b04db927a54df0
Instruction Fuzzy Hash: 95916CB3F1162547F3444929CD593627693EBD5320F2F82788E88ABBC9DD7E9D0A4384

Function 0052839C Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51136c572a1f36b4e2ea65fef35e9b979b2fe93a1b55ede6359ce895f7ee835d
Instruction ID: 792579112d2c8ba8967922c85f353786ee3e47761bb2e063c2cff198ea5ed537
Opcode Fuzzy Hash: 51136c572a1f36b4e2ea65fef35e9b979b2fe93a1b55ede6359ce895f7ee835d
Instruction Fuzzy Hash: 5D918BB3F116248BF3444968CC983A26683EBD5320F2F82788F596B7C5DDBE5D0A5384

Function 00598045 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cef360847c51ccfb238652e94698f4fb37e8d88a3bc51645801f107a2fa0727
Instruction ID: 405386d7b69b199366a2b82b1c1b1d99b899496ff25adbbd21c437e406349a62
Opcode Fuzzy Hash: 9cef360847c51ccfb238652e94698f4fb37e8d88a3bc51645801f107a2fa0727
Instruction Fuzzy Hash: 53919BB3F1122547F3944D68CC983A17293EB95320F2F82388E99AB7C4DD7E9D0A5384

Function 004F8072 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16069a158f094041b8e52baba73ca44f5cffb9fd9fcc1d5f9a1dd2c7937636ed
Instruction ID: 6c2cd3736fe93ad8be13ef68b31d03a79cf5c43d804cc56d9f1cdfa30659c6f4
Opcode Fuzzy Hash: 16069a158f094041b8e52baba73ca44f5cffb9fd9fcc1d5f9a1dd2c7937636ed
Instruction Fuzzy Hash: B89179B3E1162447F3944939CD983A26683EBD4310F2F827C8E886B7C9DD7E1D0A9384

Function 004E71A6 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa173c6cb2af5a839fdaec6ca9d9584ef392ec0112e70d98a404dc13c7e52a5d
Instruction ID: fd715a2a85f292ae673e3bb3f2d69929a264065cd8ec48aa76c7313ae1a3a913
Opcode Fuzzy Hash: fa173c6cb2af5a839fdaec6ca9d9584ef392ec0112e70d98a404dc13c7e52a5d
Instruction Fuzzy Hash: 4591AEB3F112254BF3544D29CC983A27683E7D5320F2F82788A5CAB7C5D97E9D0A9384

Function 005A13CF Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667c9a4465a554807adf0cc0fbf1d5fa2e311ae9ab898b215319043142a230da
Instruction ID: 417602c5b5eb9d69af7a0c1f7401b065d5e23642b624b86080ad70004d196fd1
Opcode Fuzzy Hash: 667c9a4465a554807adf0cc0fbf1d5fa2e311ae9ab898b215319043142a230da
Instruction Fuzzy Hash: 66917CB3F1122547F3544D28CC583626683EB95325F2F82788E98ABBC9DD7E9D0A53C4

Function 0057B102 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c5375efef47615194f98a4d58e39c3a9865ba0b94634e665467ba04862a733
Instruction ID: a312539134c6555fc6f3f03c62a8e133b83b5244ed3ad669df10fb05ef21c673
Opcode Fuzzy Hash: 07c5375efef47615194f98a4d58e39c3a9865ba0b94634e665467ba04862a733
Instruction Fuzzy Hash: 089148B3F1162547F3944929DC543A27283ABE5324F2F81788E8DAB7C5ED7E5C0A5388

Function 0058A2BC Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d667761cbbab509d41f89c877e02eb59f658226dec2a72da718f4a3fb7adca4c
Instruction ID: a2eacdf77fcf286abf4793e4f2e9391102197e5bbea1a4cd78fdf1dbf09d6111
Opcode Fuzzy Hash: d667761cbbab509d41f89c877e02eb59f658226dec2a72da718f4a3fb7adca4c
Instruction Fuzzy Hash: 77917AB7E1122547F3640D29CC983617683ABA0324F2F82798F9D673C5E97E5C0A43C4

Function 004D5222 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 735c5edc23e48749bd658cf8a97d1dcfbbe0462aac8d2de9d3fd33fd82f8b5f3
Instruction ID: 8a16597ed7f4bf039f99e51dd0bf1bcc33552e24425cdcb9bf340e827c1d66b1
Opcode Fuzzy Hash: 735c5edc23e48749bd658cf8a97d1dcfbbe0462aac8d2de9d3fd33fd82f8b5f3
Instruction Fuzzy Hash: E59179B7E1062587F3544A28CC983A17252EBA5714F2F82788F8C2B7C5D97F6D0993C4

Function 00578284 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 014524a4c5d8eb1e39da3d6901c8f27fb1fc7b1713558ad770c4743ed441f427
Instruction ID: 864ad4f92d9418187157dbdec2db4f1627573e3ecc363f73990714b11c8be697
Opcode Fuzzy Hash: 014524a4c5d8eb1e39da3d6901c8f27fb1fc7b1713558ad770c4743ed441f427
Instruction Fuzzy Hash: 1B91BEB3F1122587F3444D28CC983A17283EB95314F2F81788F596B7C6D97EAC49A384

Function 0053128A Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7208da725689daa09d0f970a2f1b0ca8cb9f820a9197a196ed2daa0eae865ea0
Instruction ID: 93408490e4192b6b5882a00a9bd5f744c926a77c9f1ee6cd8518f527df8cafde
Opcode Fuzzy Hash: 7208da725689daa09d0f970a2f1b0ca8cb9f820a9197a196ed2daa0eae865ea0
Instruction Fuzzy Hash: E49188B3F1122587F3444D28CC983A57693ABD5324F2F82388F586B7C5D97E9D1A9384

Function 004D431F Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6613d764fd293eb7b95c6b7319b08854c10c3c34dba777dd8ba0775422ae76c
Instruction ID: b353772ace1c42fbea75b30fe1d34f763a31146d9e0610c75993dba632e3dde6
Opcode Fuzzy Hash: d6613d764fd293eb7b95c6b7319b08854c10c3c34dba777dd8ba0775422ae76c
Instruction Fuzzy Hash: E4917DB3F102248BF3588968CC943617693EB95314F2F82788E59AB7C4DD7F5C199384

Function 00565331 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 438b69cb41f8e5a31c93c99434e308a5ea0f8b6a68b9c5a42ea3292ab287c009
Instruction ID: 47f900b2523521d014f8786cd9c09cd61a3f5953af101397b337db3f18ab1213
Opcode Fuzzy Hash: 438b69cb41f8e5a31c93c99434e308a5ea0f8b6a68b9c5a42ea3292ab287c009
Instruction Fuzzy Hash: BF91ADB3F1122547F3944D79CD983626683EBA2724F2E82788F59AB7C4DC7E98095384

Function 005462BE Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d26cf32a5667b1fd8a75ccb4db09769394cc89723f8d872c725f67eb398b9194
Instruction ID: fd354cc165344f3798af77158be7a699b9e6dc57c3988d0e34c554d8c198d601
Opcode Fuzzy Hash: d26cf32a5667b1fd8a75ccb4db09769394cc89723f8d872c725f67eb398b9194
Instruction Fuzzy Hash: 96919AB3F116214BF3444979CDA83626683ABD5320F2F82388F59AB7C9DD7E5D0A5384

Function 004B205D Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5153725c7525ab8f52c05ae6403a36a151a0a68cc166c4bf2d542bca26497122
Instruction ID: df74506a928192915dd8250c2be67bad1e2683bed08bf4f251ce756aed9e7dfb
Opcode Fuzzy Hash: 5153725c7525ab8f52c05ae6403a36a151a0a68cc166c4bf2d542bca26497122
Instruction Fuzzy Hash: F6918FB3F102654BF3944D28CD983A17693A795310F2F82788E9CAB7C5D87E5D4A9384

Function 0058625B Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e4066e55d6275e88fab3a4e0345ca53ddd87fa71f9252102f8a08433e42cb0d
Instruction ID: 50e4d5e43251de1fe7f157b1a9836188c47451a6e7e78bf0bf1857eb2e18605a
Opcode Fuzzy Hash: 9e4066e55d6275e88fab3a4e0345ca53ddd87fa71f9252102f8a08433e42cb0d
Instruction Fuzzy Hash: 439128B3F1162647F3544829CD8836266839BD4725F3F82388E5CABBC9DD7E9D0A5384

Function 0059C3FF Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85acf4402d0a1784eb8405c2b2d88c729dcf2f31c4397d508aa1b5e074de0d0d
Instruction ID: 8644acf149187eb1a4791d3dad602330022f118e64306dd767c5b24d645d7035
Opcode Fuzzy Hash: 85acf4402d0a1784eb8405c2b2d88c729dcf2f31c4397d508aa1b5e074de0d0d
Instruction Fuzzy Hash: 90917DB3E6162147F3548939CD983626683D7D4324F2FC2388E98A7BC9DD7E9D0A5384

Function 004CF3FD Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e89176e47f88c9f6146e448dd6c5c6c0211e7af5fa4eb5270a5002f028680edd
Instruction ID: 9e16f707f109aec6ed2c722e688d346a962ad8363f250e437aa52e0d1650dd92
Opcode Fuzzy Hash: e89176e47f88c9f6146e448dd6c5c6c0211e7af5fa4eb5270a5002f028680edd
Instruction Fuzzy Hash: AE9135B3F1112447F3984929CC683A27683ABD5324F2F827C8A9D6B7C5DD7E5D0A5388

Function 004CE322 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f14da9141875cef295628c3cda299ddd94dca7312f87e83ee822f431676565c
Instruction ID: 0c22c413fcbce5c3c1a68447fe631cbb13df2b0e349c42f4f74f0d71f4eb60ea
Opcode Fuzzy Hash: 7f14da9141875cef295628c3cda299ddd94dca7312f87e83ee822f431676565c
Instruction Fuzzy Hash: A09189B3F1122447F7984939CD983A62583EBD1324F2F82788E985BBC9DD7E5D4A4384

Function 00580017 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a3a1850b83f52f3f5156cbacfe53b8d8a73e31fae957343a2f476ea3ad8fb8b
Instruction ID: 510be8eae3582cf205df4b94a844ef7b254b6f9325d1923e0557ee74570a6e2f
Opcode Fuzzy Hash: 3a3a1850b83f52f3f5156cbacfe53b8d8a73e31fae957343a2f476ea3ad8fb8b
Instruction Fuzzy Hash: F69158B3F1122547F3944D29CC683A27243ABA5314F2F82788F99AB7C9DD7E5D0A5384

Function 00594265 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa6390ee70f90c0b06a3b79794ba18f75616ac8dd3ef0b9dda98ff8a038d939f
Instruction ID: b71c70e131ec3bc5cc8ff0130da821edd4160f3e75976b60e282f7b73c6535c0
Opcode Fuzzy Hash: aa6390ee70f90c0b06a3b79794ba18f75616ac8dd3ef0b9dda98ff8a038d939f
Instruction Fuzzy Hash: C99160B3F112158BF7444E28CC943A17693EBD5720F2F82788B589B7C5DA3E5D1A9384

Function 0056C089 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eba3e02d749295d5c38d067c5363fc1928206a1f7c41a722d7a1a5325a5c1872
Instruction ID: daa516e92a453a83f4b13b7ed22d6143f69ccc14b2b53d33668427ca4f899dc5
Opcode Fuzzy Hash: eba3e02d749295d5c38d067c5363fc1928206a1f7c41a722d7a1a5325a5c1872
Instruction Fuzzy Hash: ED915AB3F1122447F3544D29DC983617693EBD4720F2F81788E886B7C9D97E2C1A9384

Function 004C92B8 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76aba70b1d6c0b7ca7b8b747e96f69a0751a615a174cc28895ed42e9975bf402
Instruction ID: add967568b5a74be022410fc2e1964dcc33da8a1d8a4075709e7405f3b46e6dd
Opcode Fuzzy Hash: 76aba70b1d6c0b7ca7b8b747e96f69a0751a615a174cc28895ed42e9975bf402
Instruction Fuzzy Hash: 14915AB7F116354BF3A44929CD583616283ABA5720F2F82788F9DAB3C1E97E5C0953C4

Function 004D1143 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7142721e7e69eeb24f6f1b1bd83debcdb00e9a48057aea2ec91c47b5f3adf5c4
Instruction ID: 809d3bc53317f6b19dd196276eef99b3b8f1b6f95b252459251b4fc4c79011c2
Opcode Fuzzy Hash: 7142721e7e69eeb24f6f1b1bd83debcdb00e9a48057aea2ec91c47b5f3adf5c4
Instruction Fuzzy Hash: 109168B3F1162587F3504929CC983626683EBD1724F3F82388E986B7C5DD7E9D1A9384

Function 0057E112 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1744e407e9db0b0efb489c5b03aea4b1b51869741d1a819b5695ac2c2513e928
Instruction ID: 6720375c2f0183f12fff96442e8917ca0b77796dd12e28d92bf08ffafbdb0344
Opcode Fuzzy Hash: 1744e407e9db0b0efb489c5b03aea4b1b51869741d1a819b5695ac2c2513e928
Instruction Fuzzy Hash: B3914BB3F1122547F3944D68CC983A17692EB95310F2F82788E8CAB7C5D97E6D1993C4

Function 0054A080 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dd6a4b5e7b243321ada7c04914d8a3bb5718f0ef07a5a432093cb173a05ffa4
Instruction ID: cb500f50cd3f54f8c8f4e5f9962d6b85da9417033112e7cd54b98ab7e3796db6
Opcode Fuzzy Hash: 5dd6a4b5e7b243321ada7c04914d8a3bb5718f0ef07a5a432093cb173a05ffa4
Instruction Fuzzy Hash: EB917DF3F1122547F3944D78DC983617692EB95310F2F82788E88AB7C9E97E5D0A9384

Function 0054B06C Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 749d4d47e028f175e0cc43e57b4052c147e56ac9e5aeefe06066a71059096637
Instruction ID: 84c9b8d2d5c216a453f4f0e4fac782843d5008eea4fc87fcab9f1442d46b8920
Opcode Fuzzy Hash: 749d4d47e028f175e0cc43e57b4052c147e56ac9e5aeefe06066a71059096637
Instruction Fuzzy Hash: C0916CB3F1122547F3944D69CC983A26683DB95714F2F82788F486B7C5DCBEAC4A5388

Function 0049503F Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cb26bb9d91c8fa256cc66d6818e7c34ff46dd469b386c48495e43a4ea887539
Instruction ID: 593ea77353129e0400455fe9808094397bbf61aae547191aef7d6f68bad310a6
Opcode Fuzzy Hash: 9cb26bb9d91c8fa256cc66d6818e7c34ff46dd469b386c48495e43a4ea887539
Instruction Fuzzy Hash: A09179B7F012258BF3444E28DC943617653EBE5724F6F817C8A492B7C8D93E6C0A9384

Function 004E817E Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f298901a7047b7007ebbedbdb2a95651436424073bd372bb7b0fc147900a34ec
Instruction ID: bdde55dd402b38f569de8e383447b923b269ef6380413f4da7c82d6ce8c8f693
Opcode Fuzzy Hash: f298901a7047b7007ebbedbdb2a95651436424073bd372bb7b0fc147900a34ec
Instruction Fuzzy Hash: 0C818CB3F102244BF3544969CC583A67692DB95324F2F82798F4DAB7C5D97E5C0A43C8

Function 0047335D Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77cb1141cc90695845eedb5f3550ad4f32747b2a0c904d62cea6f4bdce9e4611
Instruction ID: 827fe6c305a65b0826f016478c61ebedccf4d6269be1ee90864b05e2286732f1
Opcode Fuzzy Hash: 77cb1141cc90695845eedb5f3550ad4f32747b2a0c904d62cea6f4bdce9e4611
Instruction Fuzzy Hash: 049171B3E1122547F3A04D68CC883627693EB95314F2F82788E8C6B7C5D97E5D0AA3C4

Function 004BB270 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d858b599d061148aa3d0eef2cf261350c200b932c74146b750fa9238f8d001c
Instruction ID: 2e5a709855cbb4094d454ff657e5dc352f14b20971ac13a67de13d5749748bba
Opcode Fuzzy Hash: 8d858b599d061148aa3d0eef2cf261350c200b932c74146b750fa9238f8d001c
Instruction Fuzzy Hash: CA81AEB3F1022587F3444968CDA83A17693EB95324F2F82388F996B7D5DD7E5C0A9384

Function 0058D22F Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20b288a62fa031f516632ea230a17525bdf0ca0c2827adc648b6cf39bd45b27
Instruction ID: d22aaec681b08d69a5603e25abd79aab43fe0eb2e860bc846b2133862d0bbd94
Opcode Fuzzy Hash: b20b288a62fa031f516632ea230a17525bdf0ca0c2827adc648b6cf39bd45b27
Instruction Fuzzy Hash: A8818AB3F1062547F3540D78CD983656683EBA4324F2F82388F98A77C5D97E9D0A5384

Function 0046133F Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65ff37c9c0ba120f429806a202c04ccc07a9c92fc67f27e74908d04c5998d42c
Instruction ID: d316afcf00059e86a138b5b5a31005db5d756df836763b97504d1c2d598c906f
Opcode Fuzzy Hash: 65ff37c9c0ba120f429806a202c04ccc07a9c92fc67f27e74908d04c5998d42c
Instruction Fuzzy Hash: 62815AB3F112248BF3544939CD583A23693A7D5320F2F82788E9D6B7C9E87E5D4A5384

Function 00481134 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 611e776d150a0acbf8655de250607dc770778b090d2a0befc383f5eaee55045f
Instruction ID: fe9925efa940a71329a845f53e14544b0174fda60ccb2076b98460eb0e929d40
Opcode Fuzzy Hash: 611e776d150a0acbf8655de250607dc770778b090d2a0befc383f5eaee55045f
Instruction Fuzzy Hash: F88137F7F6162047F3944879CD9836225839795324F2B82788F58ABBC9DC7E5D0A5384

Function 00567161 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe163f922416ce7043124e5b373d483c834f6cd416919ccbc4ef321dedd1aca
Instruction ID: eb7eafe53e271806517462bd622bd544880ea3db34407b1bf7988bbfcb7380e6
Opcode Fuzzy Hash: 1fe163f922416ce7043124e5b373d483c834f6cd416919ccbc4ef321dedd1aca
Instruction Fuzzy Hash: EF818AB7F112264BF3544D28CC983627643EB95720F2F82388E996B7C5D97E6D0A9384

Function 0046F382 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52c833805bbffd79575a6c0e563ebf272fe313a16ca4a5be3b4a60a79edaf186
Instruction ID: 64ed59b60fb4d2f3ef1ff71fccf1ad84e857de5fda5272497619b66bd85664d5
Opcode Fuzzy Hash: 52c833805bbffd79575a6c0e563ebf272fe313a16ca4a5be3b4a60a79edaf186
Instruction Fuzzy Hash: 48818DB3F1022547F3544969CC983627683EB91314F2F82788F89AB7C5ED7E5C0A9384

Function 0052B150 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2178f1f868f88e378918b980fa4e04184419636f529f9305602a546ce96acb14
Instruction ID: 0b3b12b8ed720b8b034c1c17b399f40a7f7ce281e262fc0fbce39e1b7daba04d
Opcode Fuzzy Hash: 2178f1f868f88e378918b980fa4e04184419636f529f9305602a546ce96acb14
Instruction Fuzzy Hash: 88819EB3F102248BF3544E29DC883617693EB95314F2F81788E986B7C5D97FAD0A9384

Function 0050B078 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 689098c6e4868b685a31724bce88a9b6ae5a0fe1d9c289a15fa5af924a9319a2
Instruction ID: dafe62e62cbc6973cd0044e22cb736638342f108890ed418fdb9585a98a98259
Opcode Fuzzy Hash: 689098c6e4868b685a31724bce88a9b6ae5a0fe1d9c289a15fa5af924a9319a2
Instruction Fuzzy Hash: B5818EB3F5162547F3504938CC883A2628397D4325F2F82788E88AB7C9EC7E9C4A5384

Function 00471083 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5406b0fb775146d5cc4c3224df6bda69d30aa3707cba7f638069492d11e8c65f
Instruction ID: bde9f555d32169076d6f6101bd16a74c866993c5f49637c3eb32adedc625d94a
Opcode Fuzzy Hash: 5406b0fb775146d5cc4c3224df6bda69d30aa3707cba7f638069492d11e8c65f
Instruction Fuzzy Hash: 66818CF7E112254BF3944878CC883616693EBA5320F2F82788E58ABBC9DD7E5D095384

Function 0051E05E Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53a21719d82968ab0fa891018e3ce65b861607cadc26ceea7283426d5826aa6f
Instruction ID: 550c63f9ba766ef16b01f49f5c9bf0ddf5f8958795d7c59ca8cfb0bbb03d1072
Opcode Fuzzy Hash: 53a21719d82968ab0fa891018e3ce65b861607cadc26ceea7283426d5826aa6f
Instruction Fuzzy Hash: FE815AB7F107248BF3544E68DC983A17292EB94320F2F42788E986B3C5D97F2D499384

Function 0058514D Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2990788f9b5705765cada6f4d7a5fd42410df156c0771ca548ff38ed395065d
Instruction ID: 371859507b89776d69c33a510d86c69745c165ad1e805b0b118ee924e3598344
Opcode Fuzzy Hash: c2990788f9b5705765cada6f4d7a5fd42410df156c0771ca548ff38ed395065d
Instruction Fuzzy Hash: 808146B3F1112047F3944924CC583A67692AB95324F2F82788E8D6B7C5DD7F6D4A93C4

Function 004AA108 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5858098f64c4398301e5fe60e48f2d3236959fb895567985460a8aed316a4a71
Instruction ID: 1a402987657a26f9c0f9374633908c4af00d1cae8eec8f9ca7854f1299bfe7e5
Opcode Fuzzy Hash: 5858098f64c4398301e5fe60e48f2d3236959fb895567985460a8aed316a4a71
Instruction Fuzzy Hash: 0C819CB3F1122587F3548E28DC983627283EB95310F2F81788E895B7C5D97E6D599388

Function 00545199 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7782e66a019ea9a085072ba5e323a378b2f4b4e640c5e1b966be18346553c20
Instruction ID: 712866b61aca7545d413038d4cb570c9f4c334245589f85ed6d3ab2e182493cc
Opcode Fuzzy Hash: a7782e66a019ea9a085072ba5e323a378b2f4b4e640c5e1b966be18346553c20
Instruction Fuzzy Hash: 89814CB3F502254BF3544879DD593A2258397D5324F2F82388F58AB7CADC7E9D0A5384

Function 004C82F3 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404a4b48f2bced2d7ef7924826ba10fb31e8f9b0ca0e306186a784bd48e01b30
Instruction ID: 86b29a7b5bed7644a7b62892f4021eeeda41f3614b2852854d0ab19948bb5686
Opcode Fuzzy Hash: 404a4b48f2bced2d7ef7924826ba10fb31e8f9b0ca0e306186a784bd48e01b30
Instruction Fuzzy Hash: D48139B3F1122547F3544929CC54362B693ABD5724F2F82788E9C6B7C5DD7E6C0A8384

Function 0058736A Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18043f8eb7e4fa38a2e112cba8e964db0c2f2018e7df35b2955bd92cf45a6c16
Instruction ID: 9bb2d1b2b3e0236b864d85843e87163fc90b260d5ded11c414a9d1c0c55e6442
Opcode Fuzzy Hash: 18043f8eb7e4fa38a2e112cba8e964db0c2f2018e7df35b2955bd92cf45a6c16
Instruction Fuzzy Hash: B8819BF3F116248BF3440A29CC543A17693EB95714F2F81788F886B7C5E97EAC0A9384

Function 004B9250 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ca7080c73ecaa77db60573431e7966e9405fa4969db101a4fac207f941e5beb
Instruction ID: 88ef0eddb0593d2fb093f8413b43d4540acc2a1980793abb41229c20c22608a8
Opcode Fuzzy Hash: 6ca7080c73ecaa77db60573431e7966e9405fa4969db101a4fac207f941e5beb
Instruction Fuzzy Hash: BD817A73F112254BF3444929CC983617693EBD5320F6F82788A89AB7C9DD7EAD0A5384

Function 0050F3F8 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d2eb87d61aa9a3866deeb5d1492deca98cbd7ff67e72d7d48f6949b3fc8105d
Instruction ID: c5bb27b5b10c9d2a72a8a49a4a7adea5f03568d1eb30c4a9f7b8e5c1e23a1eee
Opcode Fuzzy Hash: 0d2eb87d61aa9a3866deeb5d1492deca98cbd7ff67e72d7d48f6949b3fc8105d
Instruction Fuzzy Hash: AB816DB3F112244BF3944928CC583A17693EB96324F2F82788E9D6B7D1D97F9D0A5384

Function 0053201D Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c5bc7afedaa0f62a42bb2d9153f8c4609be50f0e2574d4860dd786b691398f6
Instruction ID: 4bb95a6302c4d604f368d3aacce6ad3e4e214eceb30f3ab123b27d68add77813
Opcode Fuzzy Hash: 6c5bc7afedaa0f62a42bb2d9153f8c4609be50f0e2574d4860dd786b691398f6
Instruction Fuzzy Hash: 66819CB3F116258BF3448A68CC583A27653EBD1314F2F81788E4C6B7C9E97E5D4A9384

Function 004C71D9 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed80aafac901868c7227af4f7a90d0a3a0b6efbefdc9302e4102a106cce4f6d
Instruction ID: 6b4f92c7ac90f4265a2e9a436e35d89cf6cc240ab8882a2ec4c526ef94739971
Opcode Fuzzy Hash: 2ed80aafac901868c7227af4f7a90d0a3a0b6efbefdc9302e4102a106cce4f6d
Instruction Fuzzy Hash: A18168B3E1122587F3444929DC983A17653EB95324F2F82388F8C6B7C5D97E5D1A9384

Function 00504179 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efe93a9f8e8187a485f3887cbff126021f13dffb3c74d53596906b03ef9fbd3e
Instruction ID: 3fd32dbaa33ee8bbf186d445137e7aa264a14f53b270a3b8542ce0851760bd6f
Opcode Fuzzy Hash: efe93a9f8e8187a485f3887cbff126021f13dffb3c74d53596906b03ef9fbd3e
Instruction Fuzzy Hash: 2F814DB7E1122547F3944928CD583A16693EBD5325F3F82388E48A77C8DD7E5D0A5384

Function 0053C35E Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 219d39a020c392d025f6615aa0924aeb59482e12b52b4ca0ee7b87d2aeb2e94f
Instruction ID: 064a1146ef31a813721bba619c3265a9542491325eacdbff90635bbd9b9ee2f3
Opcode Fuzzy Hash: 219d39a020c392d025f6615aa0924aeb59482e12b52b4ca0ee7b87d2aeb2e94f
Instruction Fuzzy Hash: 218125B3F102254BF3944969CD98362B682EB95314F2F82788F886B7C5D97E6D095388

Function 0052537C Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9bbcbe5565b429a9315593df98179528b9786d45931f8536b7c1f73f7ad7ae
Instruction ID: 94b41a870233f2c260916925ae030db5df2a271e99c33a7a80286e6626a76408
Opcode Fuzzy Hash: fc9bbcbe5565b429a9315593df98179528b9786d45931f8536b7c1f73f7ad7ae
Instruction Fuzzy Hash: 79818AB3F1162447F7944878DDA83A26682A795320F2F82788FA96B7C5DC7E5C0A43C4

Function 005013FA Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad863ae7484ba05687b908db442cc286734899d9c6c38f53afa539046731d20
Instruction ID: 0d1b616325703e77ac6eca7adcc0498876b964d303687454f2fcba3f7fb9e828
Opcode Fuzzy Hash: aad863ae7484ba05687b908db442cc286734899d9c6c38f53afa539046731d20
Instruction Fuzzy Hash: 76818AB3F1122947F3944968CC983A2A283A7D5310F2F81788E8D6B7C5ED3E5C4A53C4

Function 0053A398 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a52c3563cf06caf7dfed80ba66e08b5413798a51dd3d5f3b86c3e6d4d9b9555c
Instruction ID: 7745c8a6135883298a7913982108c032fe2eb4883f05cff3a43c16ab987391cc
Opcode Fuzzy Hash: a52c3563cf06caf7dfed80ba66e08b5413798a51dd3d5f3b86c3e6d4d9b9555c
Instruction Fuzzy Hash: 86719CB7F1122547F3944D78CC98362A282EB94324F2F827D8E89A77C9DD7E5D0A4384

Function 0050F074 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f281982c70d64b521b3183b77c4cf86ed98ed7fba9db81d71805d1befb4e73de
Instruction ID: df6127b14e768550c424fda6d4acefdea8f8d928eeccca994e874f6574bd521d
Opcode Fuzzy Hash: f281982c70d64b521b3183b77c4cf86ed98ed7fba9db81d71805d1befb4e73de
Instruction Fuzzy Hash: 2D7179B3F1122147F3944924CC583A1B293ABA5324F6F82788E8D6B7C5D97F6C4953C4

Function 00467097 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac352f5abda76b244e468f54e05021c3a682b99b1eadb4b7ce9f11f1444bfa9
Instruction ID: 1397fee17e58cf63d3c55c77ae9a8ea80d3ff6aa7d950405dabfa02cf3efa617
Opcode Fuzzy Hash: bac352f5abda76b244e468f54e05021c3a682b99b1eadb4b7ce9f11f1444bfa9
Instruction Fuzzy Hash: FB7159B3F2162447F3A84839CD983626683DBA4710F2F82798F896B7C5DC7E5C0A5384

Function 0047D149 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3934ec5fe414ae01ca732bb2ce113bfb81dd0652239aad25b4dccedaef4c2ea3
Instruction ID: a225aeef89d2e06cebb078f15d1ee7bb1d6e3ec1f7c48b96981a829d61c4320e
Opcode Fuzzy Hash: 3934ec5fe414ae01ca732bb2ce113bfb81dd0652239aad25b4dccedaef4c2ea3
Instruction Fuzzy Hash: AE716BB3F1122547F3584D68CC993627683EB91310F2E827D8E899B7C5DD7E5D099384

Function 004AB163 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8476dace8a87e5d20be4bf7507f39bb754ecd830d6b9d1e378c08b6a0de3cc9b
Instruction ID: 10cfebe995905540e25ad8b616ff1219b583d6f99e53bdf20823f38782a6e942
Opcode Fuzzy Hash: 8476dace8a87e5d20be4bf7507f39bb754ecd830d6b9d1e378c08b6a0de3cc9b
Instruction Fuzzy Hash: 96718CB3F1162547F3944925CC983627683ABD5320F2F81788B8DAB7C5DD7E9D0A5388

Function 004D827F Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c885a73270231ce88cff3da2531cd6324b9074ea9c31909664cf9549ed87dc6
Instruction ID: 3c4d9a7a1edd5a313c14ceadb75b0a3195b685f116eb4fc4161ccf6bc059c931
Opcode Fuzzy Hash: 0c885a73270231ce88cff3da2531cd6324b9074ea9c31909664cf9549ed87dc6
Instruction Fuzzy Hash: C7718BB3E112258BF3544D78CC983617692EBA5320F2F82788E9CAB7C5D97E5D099384

Function 0054D22D Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23f67eb1ab383034e9c4f6dba42084e7ed41654d78e0896d517738fb97172a4c
Instruction ID: 882a41b61469465d3c9964b5ffc560943c2e6646404de8d412b4f70647a78438
Opcode Fuzzy Hash: 23f67eb1ab383034e9c4f6dba42084e7ed41654d78e0896d517738fb97172a4c
Instruction Fuzzy Hash: 3171ADB3F102258BF3504D29CC983A17693EB95710F2F82788F89AB7C5D97E9D099384

Function 0050E281 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c21d0c766e065638a8c67275bf8c0dc0565953e3827aa9f96f66022784cb3d8
Instruction ID: 53861a9eb2e99f485e60168332a104e574cbbeba9c30d4b73ec33f706a34499f
Opcode Fuzzy Hash: 4c21d0c766e065638a8c67275bf8c0dc0565953e3827aa9f96f66022784cb3d8
Instruction Fuzzy Hash: F1718BF3F1112147F3984829CD593A26683E795320F2F82798F59AB7C9DC7E9D4A0384

Function 0045E374 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ecb59b36de5ac103bafd8297a5e1ff760b43c862cd705430812746d9b46a693
Instruction ID: 825555757fe10a9414819359553f7485e476d5fc98e38308aa9636c47a3a222c
Opcode Fuzzy Hash: 9ecb59b36de5ac103bafd8297a5e1ff760b43c862cd705430812746d9b46a693
Instruction Fuzzy Hash: E7718DF7F1162547F3944928CC583A17283EBA5724F2F82788E98AB7C1ED3E9D095384

Function 0046A0EB Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9bf2b8b0e335f84ee9d0ac472de46627b394d98c0da5f0c31b8f9033b361e1b
Instruction ID: 39cee9fc189b455993ab6aa6e22b278493ecda2387bd7e6b539df95a77427eed
Opcode Fuzzy Hash: a9bf2b8b0e335f84ee9d0ac472de46627b394d98c0da5f0c31b8f9033b361e1b
Instruction Fuzzy Hash: EE716CB3F5162547F3548929CC943A2B683EBD5310F2F82788A48AB7C8DD7E9C0A5384

Function 004AE042 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cddafe847d8a9391535e907f9fb956fdb3d65d9b3ceb04e59ed10406210bc9ec
Instruction ID: 67cbc5ea486500957c37027f325043a105815b91c75ad4233558e8f50b665d79
Opcode Fuzzy Hash: cddafe847d8a9391535e907f9fb956fdb3d65d9b3ceb04e59ed10406210bc9ec
Instruction Fuzzy Hash: 84717BB3F1062547F3884968CD683A57683EBE5310F2F827C8E8AAB7D5D87E5D095384

Function 004BC1BE Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30a0057248403eda5758de68ab759fb3587b91149c90607dca62a39a5f9c728d
Instruction ID: 5e2a2b4772713c50d5ccd1a7b875d0b58c39cd99ca3fff166e97ed74f12043dd
Opcode Fuzzy Hash: 30a0057248403eda5758de68ab759fb3587b91149c90607dca62a39a5f9c728d
Instruction Fuzzy Hash: 73716CB3F1021647F3544969CC983627683EBD5720F6F81388F49ABBC9D97E9D0A5388

Function 004A9354 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5eb72cc07ab55367ae92fa00a244bdbdded7e94633a122054406e2925b4cd7
Instruction ID: 99024790ff1d341ddf1cae2356b087c75ba1b8c92757589d53ab023b0607cafb
Opcode Fuzzy Hash: 2e5eb72cc07ab55367ae92fa00a244bdbdded7e94633a122054406e2925b4cd7
Instruction Fuzzy Hash: 02718BB7E1122587F7944E29CC583617693EB94320F2F827C8E892B7C5DD7E6D0A5388

Function 004A2341 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0918b13fbd3a5dae006dd665c34d2504a511fc080f6f4f8629d3f7a8ab18ce6a
Instruction ID: 2ad4fab7c907593e9ce45a6d53f21173ce00806297682b36483b1b35ae0f8b93
Opcode Fuzzy Hash: 0918b13fbd3a5dae006dd665c34d2504a511fc080f6f4f8629d3f7a8ab18ce6a
Instruction Fuzzy Hash: D5717BB3F5121147F3444A29CC843A27283ABD5324F2F82788B589BBC9ED7E5C0A4388

Function 005520A1 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e315ce9758327c1e4d274c110c63a1b6d1f6b361ce67f3c9416a4d3d93995e26
Instruction ID: 33e6a6388835913eea3c634ee5965a93bff3b47d10c86c87c1e61a8d93c7c207
Opcode Fuzzy Hash: e315ce9758327c1e4d274c110c63a1b6d1f6b361ce67f3c9416a4d3d93995e26
Instruction Fuzzy Hash: 06719BB3F112258BF3508D25CC983A17683EBD1315F2F82788E886B7C4D97E6D499384

Function 004B0239 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9158bf40c9eae41d038c8442dc5aa3dd2fea43199fed80e634621e432d6df71
Instruction ID: 75213b98227c92053648cedb744d9d7045acb8c89663daebefbd1b7cf4007588
Opcode Fuzzy Hash: c9158bf40c9eae41d038c8442dc5aa3dd2fea43199fed80e634621e432d6df71
Instruction Fuzzy Hash: AB716BB3F5022447F3544929CC943A67693EBD5320F6F82788E886B7C9D97E5C0A9384

Function 0045A1CE Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e544b8946a9c7c43607925411cc69246a41b7912cc1805e9ff337dae2353e9
Instruction ID: 495b76636f3a599e8aa1228a25adec5cbdc45e1dca1ef5be8a5cdb922778284e
Opcode Fuzzy Hash: c1e544b8946a9c7c43607925411cc69246a41b7912cc1805e9ff337dae2353e9
Instruction Fuzzy Hash: 9D717DB3F1162547F3904969CC983627693EBD5314F2F81388F88AB7C5D97E9D0A5384

Function 004CB0E3 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0950622a7fa2f8392037de6cf321859c5113abb0cc67adb77fc1c07889f89b4d
Instruction ID: 38991c270c627fad217f680925591bae470e2558255eba26ca2ae5fc462d1649
Opcode Fuzzy Hash: 0950622a7fa2f8392037de6cf321859c5113abb0cc67adb77fc1c07889f89b4d
Instruction Fuzzy Hash: 49716CB3F2152547F7984828CC693A2A643DBD1320F2F82398E59AB7C5DD7E9D0A5384

Function 004CD310 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71f50ef0a8fe7314d21aeaeaf17f9fafc7436afcab6cba9ddf1cf9e66617038b
Instruction ID: 35c28e2e54237f0310e6250a678d0138719681c930098a1a48c0faec1805dfa9
Opcode Fuzzy Hash: 71f50ef0a8fe7314d21aeaeaf17f9fafc7436afcab6cba9ddf1cf9e66617038b
Instruction Fuzzy Hash: 68719AB3F216244BF3984978CC583A17182E795324F2F827C8E59AB7D5DC7E1C0A5384

Function 0057F108 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e3203e278e76ed4b55cc40b8da5f57790fc8941a11d726b86d976fe09619684
Instruction ID: 1a66ab7600a2e2cc71c0a8efd21d9e8e8a73fa76cabd60b07c8af9a3ed995c23
Opcode Fuzzy Hash: 7e3203e278e76ed4b55cc40b8da5f57790fc8941a11d726b86d976fe09619684
Instruction Fuzzy Hash: 866169B7F1122587F3844E28CC983A17653EBD5311F2F82388A489B7C4DD7E6D5A9384

Function 005A9251 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2931790de78f2e7f60e19e025d979d1295e6f417a7844a4bcb700b558a446c59
Instruction ID: bbca0140b2e0a50719a43d5acaadf460a09a41a4c028ca477852e3af10145757
Opcode Fuzzy Hash: 2931790de78f2e7f60e19e025d979d1295e6f417a7844a4bcb700b558a446c59
Instruction Fuzzy Hash: 1A6179B3F1162547F3544979CC58362A293ABD5314F2F82788E8C6BBC9E93E4D4A53C4

Function 00542268 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dd7b813516c9049d74905a206b09c1326ac2d04a2715bc28f64bdc25f2e5b05
Instruction ID: bdb599c2beb6ab8ac07ccecba17dff741cdecef9aa93132aa8ce0eeab1b2da01
Opcode Fuzzy Hash: 3dd7b813516c9049d74905a206b09c1326ac2d04a2715bc28f64bdc25f2e5b05
Instruction Fuzzy Hash: 6B619DB3F512254BF3944D28CD583626643DBA5320F2F82788E9C6B7C9DD7E5C0A5384

Function 004A11DA Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b79b855c85be47dafb373d0d99524afef6557da1ed88900e9675d9572def09
Instruction ID: 6e3d118433b8129733c4bf6e8b026f177546a8f3b59703decb8df1863ab1678f
Opcode Fuzzy Hash: a4b79b855c85be47dafb373d0d99524afef6557da1ed88900e9675d9572def09
Instruction Fuzzy Hash: AE61B2B7F2162547F3944D28CC983A17293EB95314F2F82788F88AB7C5D87E9D095384

Function 00473016 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5c2af158fe06898c93cae38f6c82f6313f70f214739de76a1a060744f59840
Instruction ID: 331d4f70cbe3db56cd2f8f984f342a2a5efe833dd2839e60fe7e02c99f4ab7cb
Opcode Fuzzy Hash: ca5c2af158fe06898c93cae38f6c82f6313f70f214739de76a1a060744f59840
Instruction Fuzzy Hash: 3B6188F3F106254BF3544938CC983A26683EBA5324F2F82788F586B7C5D97E5C0A9384

Function 00563373 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76bc40071ec29ef5df518b78d48c28287c004447ebc7ad1a9b4da50a4d8f755b
Instruction ID: c037922ddecd2f8485471be3570fc783568d772590db1d4b41cb270efcc46728
Opcode Fuzzy Hash: 76bc40071ec29ef5df518b78d48c28287c004447ebc7ad1a9b4da50a4d8f755b
Instruction Fuzzy Hash: A06139B3F1022487F3944D29CC98361B693EB95310F2F817D8E896B7D5D97E5D0AA388

Function 004A83ED Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce139dde387151ef2eb491349d9fb019c9a099d349e53dfbb6c25370f80b3e85
Instruction ID: 3cc9a9953c82746ff892b5c9d8ee22a5727e9a17953ac77aefbe6e71e9d3779a
Opcode Fuzzy Hash: ce139dde387151ef2eb491349d9fb019c9a099d349e53dfbb6c25370f80b3e85
Instruction Fuzzy Hash: 5F617CB3F616254BF3904978CD983622583EB95320F2F82788F98AB7D5D87E9D095384

Function 005A3223 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb9a2f8bd1caac0d3c6e34364f923cf768177f26538a66c315618a11160fb79e
Instruction ID: 9437d71e0a6ae8be451b027f9b3a5a91bd8bbd472487bfdebe509a8fc3237f3c
Opcode Fuzzy Hash: eb9a2f8bd1caac0d3c6e34364f923cf768177f26538a66c315618a11160fb79e
Instruction Fuzzy Hash: 396149B3E1122547F3940929CC983A1B643E7D4320F3F81788E99AB7C5D97E9E1A5788

Function 004F2268 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f6d3601b541db62be3c7dc2eba7e01a829c64c393ce0248d344813b146653b5
Instruction ID: c49228c6dade7edb127b718c7ae538c5d856a93df823e8ca3501e16d1db46111
Opcode Fuzzy Hash: 1f6d3601b541db62be3c7dc2eba7e01a829c64c393ce0248d344813b146653b5
Instruction Fuzzy Hash: CE61BCB3F1022547F3544D78CD983A26682DB95320F2F82788F586BBC9D9BE5C4A53C8

Function 0046F05E Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edafa274518ca7708d290bc0662ca44d65c8882b89b04728c2ea451d9bc50a54
Instruction ID: 198aff454d1245e17b41ed24047a8a06e1e839319a405eeca9b19bd1dde139ca
Opcode Fuzzy Hash: edafa274518ca7708d290bc0662ca44d65c8882b89b04728c2ea451d9bc50a54
Instruction Fuzzy Hash: 1A617CB3F5112547F3984878CC693A661839BD1310F2F823D8B9AAB7C5EC7E4C0A5284

Function 004CF0ED Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fedded9b970c5be3bb8685fcab54eda85c315fd88a62c500c89e27f56e2355c0
Instruction ID: 855624a3d3ba0b82a2382e545edc43ef84d05db30ac0df969f112b7413c50f3c
Opcode Fuzzy Hash: fedded9b970c5be3bb8685fcab54eda85c315fd88a62c500c89e27f56e2355c0
Instruction Fuzzy Hash: 10619CB3F112248BF3484938CC683667683EBD5714F2F82788A896B7C9DD7E5D0A4384

Function 004D2386 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08821dcf6704f5322d0be5b74a84ad82606ed53792bf0d9bb0fa1fa0b6fb3c59
Instruction ID: 27acaeb28659d0b010d0f94b12da55799406dcc6d0b9a9704d2034bfa1d4842d
Opcode Fuzzy Hash: 08821dcf6704f5322d0be5b74a84ad82606ed53792bf0d9bb0fa1fa0b6fb3c59
Instruction Fuzzy Hash: 32614AB3F102258BE3544E69CC943A1B293EB94314F2F82798E88677C4D9BF6D499784

Function 004B717E Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9006e86352670882d29f7794e9df03f9961f78aca40b36f106eab006b8604128
Instruction ID: 21111566fc3ae437b958f02178a83075820dd6eb33f2acc78678095d4f60a5ad
Opcode Fuzzy Hash: 9006e86352670882d29f7794e9df03f9961f78aca40b36f106eab006b8604128
Instruction Fuzzy Hash: 1F51A1B3F4032547F3584D68CC94362B292EB95710F2F827C8E89A77D4D97E5D0A8388

Function 0046D220 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c37409a850bf2d6cb16a73bd548c8c698bd4c1e8f0c8aa9909673df5642144a
Instruction ID: 562ff9fb04063cceb0850f000ae36e762ea8f0c35bdf028aafac58073fdf23a4
Opcode Fuzzy Hash: 2c37409a850bf2d6cb16a73bd548c8c698bd4c1e8f0c8aa9909673df5642144a
Instruction Fuzzy Hash: 47516CF3F506254BF3544829CC583A26583DBA5724F2F827C8F99AB7C5D87E5C0A5388

Function 004F42AC Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2363725758509db6daaa9bb7a33ec56a73292803f09cd181c060e93b99ba9f53
Instruction ID: 10c537fba269d7172eb12dcbb74018136c7d0188521c2dc2f056000706f0b5d6
Opcode Fuzzy Hash: 2363725758509db6daaa9bb7a33ec56a73292803f09cd181c060e93b99ba9f53
Instruction Fuzzy Hash: 45518CB3F502244BF3944964CC983A27643EBD5310F6F81788E886B3C5DD7E6D0A9388

Function 005811D8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d81400514668c29b1b772fe1275ec61db2ded8f875cd8db804c8ce3d308a000
Instruction ID: e42283c67db95e00364d1085df4e574bf616d5daad4d254de67ac261bb611534
Opcode Fuzzy Hash: 9d81400514668c29b1b772fe1275ec61db2ded8f875cd8db804c8ce3d308a000
Instruction Fuzzy Hash: E25170B7F6162447F3944969DC983A17282EBA4714F2F42788EDCAB3C2D97E5C0A53C4

Function 00525105 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b76f12d6f26e14806c3dd63460fe2e8749c9a54758d77e203fe92cabaf46827
Instruction ID: 552ca2027d67dcca20e55bdae2802b1891169eaa091dca1f0c28cbb16a14f603
Opcode Fuzzy Hash: 1b76f12d6f26e14806c3dd63460fe2e8749c9a54758d77e203fe92cabaf46827
Instruction Fuzzy Hash: B9517DB3F216258BF7944E18CC943A17353EB96310F2E81788E486B7C4DA7EAD199784

Function 0046B1C9 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e542358ec73df3bc36e87b64422477e91f17eae6d40b8f28f58c9a07873ec6aa
Instruction ID: 3112655535b6e902ed9b049c188e0f7b1292257836cfe9680ff6a16b3880d5a9
Opcode Fuzzy Hash: e542358ec73df3bc36e87b64422477e91f17eae6d40b8f28f58c9a07873ec6aa
Instruction Fuzzy Hash: 8F5157A3E1122547F3944939CC583627693EBD1314F2BC1388F986BBC9DD7E9D4A9388

Function 0050819C Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2da728f744999fa4b0d8b9225382860510e2d510dd094e8ff7db7a8ded4e7e6
Instruction ID: 63da750f70424959753b5125fcce1fc24aab4a46cae885dc82e2c7a4aec1e481
Opcode Fuzzy Hash: b2da728f744999fa4b0d8b9225382860510e2d510dd094e8ff7db7a8ded4e7e6
Instruction Fuzzy Hash: 0C515AB3F106254BF3944D28CC583617693EB95310F2F82788E896B7D5D93E5D0E9384

Function 00549015 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d28cc4e1195a3d201854d89049c875acdbc16e4fb9c86dcb64e3444a3f1e37a
Instruction ID: e80e46f77a456e0abbcecab14f4f94c69c69e60c106d026fef5232bd2a270c7a
Opcode Fuzzy Hash: 1d28cc4e1195a3d201854d89049c875acdbc16e4fb9c86dcb64e3444a3f1e37a
Instruction Fuzzy Hash: 20517E73E002258BF3548E19CC953A1B393EB85714F2E817C8E491B7D4DA7E6C5AA784

Function 004F3226 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e4acea903afa3469ec137dea362bb6e7ef90345ca8ece2a1e7c10ad07f5d8c5
Instruction ID: 4231265f746a1d631bb92b4658e0f9e8a5fc3d2cd81f2f29690bcbb1d39c8367
Opcode Fuzzy Hash: 0e4acea903afa3469ec137dea362bb6e7ef90345ca8ece2a1e7c10ad07f5d8c5
Instruction Fuzzy Hash: 494116F3A082149BE3156E2DDC4577AFBE5EB94320F1A853DDBD483380E9396814C796

Function 0056E32C Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45311ba3353635dd7d85c5c9edf3550cd658fc642dde9b2cdb5a79e7188373f
Instruction ID: 3f4a5e0ed0d81c316bcc08f93f2ca929f6fa66b1fed73f80e69e22e9546d2d85
Opcode Fuzzy Hash: d45311ba3353635dd7d85c5c9edf3550cd658fc642dde9b2cdb5a79e7188373f
Instruction Fuzzy Hash: 435169B3F115248BF3448E25CC483667293ABD5320F2F81788B586B7D4DD7EAD4A9384

Function 0056E0D2 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a590a35250a3352e3e108b32d16540f63eb68860061fbb7ef4e0dd6a62315c7a
Instruction ID: eba7a9a214ae5553dcd5666c63c8b937d56af6dd786dbd2ae8bda93cb84bb1ef
Opcode Fuzzy Hash: a590a35250a3352e3e108b32d16540f63eb68860061fbb7ef4e0dd6a62315c7a
Instruction Fuzzy Hash: 66414EB3F112258BF3584928CC683A27283EB95320F2F82789F596B7C5D93E5D0993C4

Function 004E73FB Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b973efb4194bd2f4ff8da16e2c26ce7ae88dd492b9206a53d170cb9e6e69f4
Instruction ID: 7844f86f817ff7a0c7e5c5988095ebe0937b68e57ac2b8903627284e6917751a
Opcode Fuzzy Hash: 84b973efb4194bd2f4ff8da16e2c26ce7ae88dd492b9206a53d170cb9e6e69f4
Instruction Fuzzy Hash: 5B416FB3F111108BF7544929CC583626683DBC6321F2F8278CB186B7D9D87E9C4A9384

Function 0047E390 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb33b630b74688b1a6ec81d60068d418d4b2b3378e228183d82d118cb0c0f860
Instruction ID: 7da514270bf5f3f4460e9abaab2487b1b401f5d51c7aa4b8c5a169b97501d8e1
Opcode Fuzzy Hash: cb33b630b74688b1a6ec81d60068d418d4b2b3378e228183d82d118cb0c0f860
Instruction Fuzzy Hash: 9A31C0B7F506358BF34449A8DD98362A682DB85720F2F82398F6C6B7C5DC7E4C0A52C4

Function 004D9222 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78780a78ff4b604acb0efa3c003b2ddd18ee99f160d82207f7bc087f437176b4
Instruction ID: 90c6c3ecf422ba8e9d0ed3e0280f2140124bb98db7cbcd84a15e9fab690a6190
Opcode Fuzzy Hash: 78780a78ff4b604acb0efa3c003b2ddd18ee99f160d82207f7bc087f437176b4
Instruction Fuzzy Hash: 26316DB7F116324BF7684838CD9836269829B95320F2B83788F1DABBC5DC7E4D095380

Function 004C2331 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cff8b6acd0e0721f8bb4a9d949f0aacddb7cd9074d5a27d82bca465a39a56272
Instruction ID: fece92fb7855223e4900fe9db4a5abd94732e08df8a99304e085de57c314f739
Opcode Fuzzy Hash: cff8b6acd0e0721f8bb4a9d949f0aacddb7cd9074d5a27d82bca465a39a56272
Instruction Fuzzy Hash: 7D31F2F3E1262143F3580879DD59362548297A1328F2F83788F6CAB6D6DCBE5C0A0284

Function 005922A2 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a7af3ca01e84c345b4d96a466141da3163e6a38acff483edee0bebc2c4a02d6
Instruction ID: ac9cb2d3db55a8f61a846314da5dd7549fe4c83706115786a6c90d72d33fcbc2
Opcode Fuzzy Hash: 2a7af3ca01e84c345b4d96a466141da3163e6a38acff483edee0bebc2c4a02d6
Instruction Fuzzy Hash: 18316BB3F1122487F7488D38CC593613282AB95720F2F42788B5AAB7C4DD3E9D099384

Function 004DB2C7 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f5d4c18e898433877ae0d7e30b42dd9f45965459f044fddefe34ed270bed63e
Instruction ID: 7b6cd3b51ba19a81e3a7003a8bca1673f8be6c43a0f03288993bc687faa87008
Opcode Fuzzy Hash: 2f5d4c18e898433877ae0d7e30b42dd9f45965459f044fddefe34ed270bed63e
Instruction Fuzzy Hash: 383108F3E6122647F3940864CD593A255429BA1320F2F82388F5CABBC5DC7E8D4963C4

Function 004FD191 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0e52445d8e233960ea2e1542b440005faa831c85c3fdabc212ed7da1d5e9171
Instruction ID: d04d9cb2978c1655e0bed4365f6d64b7413f8ea977717842b3b89561d9e4104d
Opcode Fuzzy Hash: e0e52445d8e233960ea2e1542b440005faa831c85c3fdabc212ed7da1d5e9171
Instruction Fuzzy Hash: 0C313CB3E226214BF3904879CD883616983ABD5724F3F83748F686BBC5DC7E5D0A5284

Function 0053A204 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98b2d1306efea296362b38f35212c9f59d5ef1bf0c4af6cf02399e784ec0c395
Instruction ID: 09d4381c7255ba58d8a8861006e64f1838a4036cb4d4544423276cd526cbce94
Opcode Fuzzy Hash: 98b2d1306efea296362b38f35212c9f59d5ef1bf0c4af6cf02399e784ec0c395
Instruction Fuzzy Hash: FB312CF3F9162147F3544834DC993A62583CBD5718F2F82788F486B7C5EC7E590A5284

Function 004AC211 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb6ddddc9e10ca852dcf4328be885b308fb776c1960b40bc3a164083f9d2473
Instruction ID: 2ba742827007bcc0c3cd9eaaa1ac3ada58a53b007b6ab97bd9f7243e5ab74768
Opcode Fuzzy Hash: 0bb6ddddc9e10ca852dcf4328be885b308fb776c1960b40bc3a164083f9d2473
Instruction Fuzzy Hash: 753128B3F512254BF3A80879CD983526543A7D5320F2B82798F9C6BBC9CCBE5D0A1384

Function 00470371 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8765e6c1bbad741536527940ae86a4dd8f677106209e07fb19f0e7fc6b0343ca
Instruction ID: 0f6a1eaa585a79afa85c894acf9c9fb13345a53f062219245fdefee97e02df44
Opcode Fuzzy Hash: 8765e6c1bbad741536527940ae86a4dd8f677106209e07fb19f0e7fc6b0343ca
Instruction Fuzzy Hash: 813125B3F6252247F3944878CC683A661839BE1321F3F82794E6DAB7C5DC3D5D0A2284

Function 0058307B Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4e56825c317d1dfd83dc2c60841480c8152b93737ebca5dcd9c9a2237a29468
Instruction ID: 4f1733c834ed4502e29c5fa901437c862fd51b9bf1e70f83460bda182a753ac1
Opcode Fuzzy Hash: c4e56825c317d1dfd83dc2c60841480c8152b93737ebca5dcd9c9a2237a29468
Instruction Fuzzy Hash: 913159F3F116214BF3444839CD58366258397D5315F2B82798F58ABBCADC7D1D0A1388

Function 004C706A Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 253cf9eb99077c11521ad39fb6ff9d35c1f58b4b3db2d691655799c499c66101
Instruction ID: 8dc585b341cc419be855d6de6afb4c5188780784d598a109ff3d5e8993d80522
Opcode Fuzzy Hash: 253cf9eb99077c11521ad39fb6ff9d35c1f58b4b3db2d691655799c499c66101
Instruction Fuzzy Hash: 702149F7F1122547F3948879CD983622583DBD4314F2BC2388B996BBC9DCBE990A1284

Function 0059F2C6 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a900e01a825ce05f02bc18c084e012376804f4d59eaeb13b223eebf0207d9218
Instruction ID: 6f06eb8b087c5719ffe926a2dc101939159762e44c4730b6b842711324953614
Opcode Fuzzy Hash: a900e01a825ce05f02bc18c084e012376804f4d59eaeb13b223eebf0207d9218
Instruction Fuzzy Hash: 2E215CB3F1053147F7A84969C965326A1839B95324F2F82798F1DBB7D0E83E9C0953C4

Function 004F4151 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 301a91933e3c6253740725549cc6d7816c453b635e485e860791eb8987c8f9d8
Instruction ID: e26cda732ab07726659d00c8de0cbefc2fd97e7d40b74fc2cd02850b28399174
Opcode Fuzzy Hash: 301a91933e3c6253740725549cc6d7816c453b635e485e860791eb8987c8f9d8
Instruction Fuzzy Hash: BA2168B7E2162547F39488B9DD9835266839BE5320F2FC3788F686B7C9E87D0C094284

Function 0053C205 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd7d1134801c2f2454988de1d5a4beecf88e69d468579342f214f04232b2ae5f
Instruction ID: e26168a9d4fa9eee9b65e95db0611c1070cb7053f8ebca000393fedba11a574b
Opcode Fuzzy Hash: bd7d1134801c2f2454988de1d5a4beecf88e69d468579342f214f04232b2ae5f
Instruction Fuzzy Hash: F42149F3F51A204BF3544829CD493A255839BD4324F2F82798F9CAB6D9DCBD4C0A4384

Function 004593D2 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd76cd0b488ffbe4cb2e9a1217989cfa9c19f14f1d293f35f3983a265d3803a5
Instruction ID: 532042527c2ceaa45fa861bcf2c64e6978f06f5a0684d9d8bfc2b29da56565d7
Opcode Fuzzy Hash: bd76cd0b488ffbe4cb2e9a1217989cfa9c19f14f1d293f35f3983a265d3803a5
Instruction Fuzzy Hash: 19216DB7F5262147F3984864DC983926282ABD5314F2FC2788E486B7C5DD7E5C4983C0

Function 005620F8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c0fc37d48be3f7cb68e1f0dde03799e84a0ce67f9b5569e91ba51fa1eb88ec0
Instruction ID: 81238c56820fe2d347393da1575c5444e5c891f4adc30cd8a42492015be21436
Opcode Fuzzy Hash: 4c0fc37d48be3f7cb68e1f0dde03799e84a0ce67f9b5569e91ba51fa1eb88ec0
Instruction Fuzzy Hash: C32117B3F525204BF3944879CD55352A68397D1331F6F83798A6CABBD9CC7E8C0A4284

Function 00568326 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7717f711e0c6a27d2c471f439829e4eb1079b3b149af496e2e78c593ccc20604
Instruction ID: 07ad8897796580f70605a00cd9a82a608aa4fdb276226d6fd3710fb66f0b883e
Opcode Fuzzy Hash: 7717f711e0c6a27d2c471f439829e4eb1079b3b149af496e2e78c593ccc20604
Instruction Fuzzy Hash: 87214CB3F502354BF3544969CC953A262839B99320F6F41798E5CBB3C1DDBE5C0A5384

Function 004CA0A1 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1826186526.000000000044A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00440000, based on PE: true

Associated: 00000000.00000002.1826134707.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826186526.00000000006F4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826465067.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826581566.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1826596409.000000000089E000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_440000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e0f6c42a9b9928408a99b7cac9de1336be1586f3100169d9092ae40f9f65db
Instruction ID: 4806424af3d0699173c57d0b8352b0914bc53ec94fec19722864334f183a8c8f
Opcode Fuzzy Hash: 45e0f6c42a9b9928408a99b7cac9de1336be1586f3100169d9092ae40f9f65db
Instruction Fuzzy Hash: 002107A3F1152107F3844879CD583625583ABD4324F2B8574CB9CAB7C5DC7E8C0A53C4

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

System Behavior

Analysis Process: file.exePID: 7436, Parent PID: 2580

General

Chronological Activities

Disassembly

Analysis Process: file.exePID: 7436, Parent PID: 2580COMMON

Execution Graph

Graph

Windows Analysis Report
file.exe

Function 00629EAE Relevance: 3.1, APIs: 2, Instructions: 107
memoryCOMMON

Function 0061F3E7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
libraryCOMMON

Function 0061F8ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
COMMON

Function 00622247 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Function 0061E2C7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90
COMMON

Function 0061F9D6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
COMMON

Function 006ABA04 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28
memoryCOMMON

Function 00622463 Relevance: 3.1, APIs: 2, Instructions: 57
fileCOMMON

Function 00621DCF Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Function 0062A8DA Relevance: 1.6, APIs: 1, Instructions: 112
COMMON

Function 0062044E Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Function 0061FC6A Relevance: 1.6, APIs: 1, Instructions: 92
fileCOMMON

Function 0062A627 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 04FF0D48 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON