Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1562763
MD5:	9b74557efef93db56818bb3355dc0954
SHA1:	c7abf497b84ba4c3f3bebcdc92556a2a35fc67d8
SHA256:	6d0eea80b03ff05f40ac2c0bdefde7c8eb4ad3a7cebe0ef9917cab6c20a8be40
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

AI detected suspicious sample

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7420 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9B74557EFEF93DB56818BB3355DC0954)

cleanup

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:17.632263+0100	2028371	3	Unknown Traffic	192.168.2.7	49703	172.67.187.240	443	TCP
2024-11-26T00:25:19.574766+0100	2028371	3	Unknown Traffic	192.168.2.7	49705	172.67.187.240	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:18.373645+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49703	172.67.187.240	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-26T00:25:18.373645+0100	2049836	1	A Network Trojan was detected	192.168.2.7	49703	172.67.187.240	443	TCP

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic	DNS traffic detected: DNS query: frogs-severz.sbs
Source: global traffic	DNS traffic detected: DNS query: occupy-blushi.sbs

Source: unknown

Source: file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogs-severz.sbs:443/api
Source: file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/
Source: file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/=H3
Source: file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1344769503.00000000016B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api
Source: file.exe, 00000000.00000003.1345575273.0000000001654000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347675102.0000000001654000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api4
Source: file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/apiS
Source: file.exe, 00000000.00000003.1345575273.0000000001654000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/apil8
Source: file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs:443/api
Source: file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs:443/apiNs
Source: file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs:443/api)t

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown

HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49703 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE16C	0_2_00BEE16C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE8690	0_2_00BE8690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBB890	0_2_00BBB890
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBDBE5	0_2_00BBDBE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB	0_2_00C380CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB50C0	0_2_00CB50C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8	0_2_00C6E0C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C730F4	0_2_00C730F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8D0FF	0_2_00C8D0FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D850E0	0_2_00D850E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C810F3	0_2_00C810F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E2C0AB	0_2_00E2C0AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1F088	0_2_00C1F088
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80097	0_2_00C80097
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4093	0_2_00CC4093
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C750A3	0_2_00C750A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C0AD	0_2_00C8C0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB60D0	0_2_00BB60D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E0AA	0_2_00C1E0AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C440B2	0_2_00C440B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D8604B	0_2_00D8604B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4805E	0_2_00C4805E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0050	0_2_00CC0050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7006D	0_2_00C7006D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5707F	0_2_00C5707F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4207F	0_2_00C4207F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C16001	0_2_00C16001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C55009	0_2_00C55009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C53010	0_2_00C53010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD067	0_2_00BDD067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBC023	0_2_00CBC023
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD052	0_2_00BDD052
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3F03F	0_2_00C3F03F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAF1CB	0_2_00CAF1CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF11B0	0_2_00BF11B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB21C4	0_2_00CB21C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C671D2	0_2_00C671D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C651DE	0_2_00C651DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9B1D3	0_2_00C9B1D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA31EA	0_2_00CA31EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A1E0	0_2_00C4A1E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E1F6	0_2_00C5E1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C751F2	0_2_00C751F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8B1F2	0_2_00C8B1F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6A1F9	0_2_00C6A1F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C391FC	0_2_00C391FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9918C	0_2_00C9918C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C18C	0_2_00C4C18C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE1D0	0_2_00BCE1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEF1D0	0_2_00BEF1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C201AD	0_2_00C201AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D751AE	0_2_00D751AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9E1B3	0_2_00C9E1B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA1C0	0_2_00BBA1C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB6156	0_2_00CB6156
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB716A	0_2_00CB716A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD910B	0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7617B	0_2_00C7617B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7A101	0_2_00C7A101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2170	0_2_00BB2170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6F119	0_2_00C6F119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2512D	0_2_00C2512D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8F135	0_2_00C8F135
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C2CA	0_2_00C3C2CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C612CB	0_2_00C612CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA42DB	0_2_00CA42DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C2E7	0_2_00C6C2E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB12E8	0_2_00CB12E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF92E7	0_2_00CF92E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC12F8	0_2_00CC12F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C992F6	0_2_00C992F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9828D	0_2_00C9828D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9F28F	0_2_00C9F28F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBE285	0_2_00CBE285
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEF2E0	0_2_00BEF2E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD32E2	0_2_00BD32E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD42E2	0_2_00BD42E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7F246	0_2_00C7F246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBF25D	0_2_00CBF25D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3A25C	0_2_00C3A25C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2253	0_2_00CC2253
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBE218	0_2_00BBE218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C265	0_2_00C1C265
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C32266	0_2_00C32266
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28264	0_2_00C28264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5326F	0_2_00C5326F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAB266	0_2_00CAB266
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE020C	0_2_00BE020C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C77275	0_2_00C77275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2F276	0_2_00C2F276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBB273	0_2_00CBB273
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3527A	0_2_00C3527A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4277	0_2_00CB4277
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F200	0_2_00C4F200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9420E	0_2_00C9420E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6274	0_2_00BC6274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C215	0_2_00C6C215
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1B222	0_2_00C1B222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5D221	0_2_00C5D221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5922D	0_2_00C5922D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA23D	0_2_00CBA23D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC623A	0_2_00CC623A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E23E	0_2_00C7E23E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C97230	0_2_00C97230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD3247	0_2_00BD3247
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC7236	0_2_00CC7236
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7923B	0_2_00C7923B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB33CD	0_2_00CB33CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4D3D1	0_2_00C4D3D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C393E3	0_2_00C393E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAC3E2	0_2_00CAC3E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCB390	0_2_00BCB390
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C573E9	0_2_00C573E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C833FF	0_2_00C833FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8385	0_2_00BC8385
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C413F8	0_2_00C413F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C203FC	0_2_00C203FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C49381	0_2_00C49381
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C15387	0_2_00C15387
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C903A0	0_2_00C903A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1F3AB	0_2_00C1F3AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C533AF	0_2_00C533AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBC3D4	0_2_00BBC3D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C303B7	0_2_00C303B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C263B5	0_2_00C263B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C913BE	0_2_00C913BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD910B	0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE83C0	0_2_00BE83C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEF3C0	0_2_00BEF3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8328	0_2_00BD8328
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA7352	0_2_00CA7352
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C16364	0_2_00C16364
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7B368	0_2_00C7B368
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6B303	0_2_00C6B303
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A304	0_2_00C8A304
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE936D	0_2_00BE936D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54310	0_2_00C54310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C29318	0_2_00C29318
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2360	0_2_00BE2360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C56326	0_2_00C56326
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C71336	0_2_00C71336
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB9339	0_2_00CB9339
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7A323	0_2_00D7A323
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A338	0_2_00C1A338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C314C6	0_2_00C314C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBC4CD	0_2_00CBC4CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C4E7	0_2_00C7C4E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C814FE	0_2_00C814FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C474F8	0_2_00C474F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5C485	0_2_00C5C485
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC6488	0_2_00CC6488
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C37488	0_2_00C37488
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC24F0	0_2_00BC24F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4849C	0_2_00C4849C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8F491	0_2_00C8F491
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C924AA	0_2_00C924AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAD4A9	0_2_00CAD4A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC4D7	0_2_00BDC4D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C694A8	0_2_00C694A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C254B1	0_2_00C254B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB34C0	0_2_00BB34C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA144E	0_2_00CA144E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C59454	0_2_00C59454
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C87450	0_2_00C87450
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7B465	0_2_00C7B465
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6F465	0_2_00C6F465
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24466	0_2_00C24466
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC847C	0_2_00CC847C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C45415	0_2_00C45415
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6341A	0_2_00C6341A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50424	0_2_00C50424
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEB450	0_2_00BEB450
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C22432	0_2_00C22432
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C76433	0_2_00C76433
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2D43C	0_2_00C2D43C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA5CE	0_2_00CAA5CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC65C8	0_2_00CC65C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C5C9	0_2_00C1C5C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E5C9	0_2_00C1E5C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCD5B5	0_2_00BCD5B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDA5B0	0_2_00BDA5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C5CD	0_2_00C2C5CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E5D3	0_2_00C3E5D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8D5DA	0_2_00C8D5DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1D5DF	0_2_00C1D5DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9D5EA	0_2_00C9D5EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC55EF	0_2_00CC55EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4B5E3	0_2_00C4B5E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB5593	0_2_00BB5593
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C945E5	0_2_00C945E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA95FA	0_2_00CA95FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A5F2	0_2_00C4A5F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9E5F5	0_2_00C9E5F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2580	0_2_00BD2580
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8258A	0_2_00C8258A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA5E0	0_2_00BBA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C705A1	0_2_00C705A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C555AB	0_2_00C555AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAF5BA	0_2_00CAF5BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCD5C8	0_2_00BCD5C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C585B3	0_2_00C585B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE05C0	0_2_00BE05C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C97540	0_2_00C97540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8520	0_2_00BB8520
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC151A	0_2_00BC151A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB7573	0_2_00CB7573
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7F56A	0_2_00D7F56A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7450F	0_2_00C7450F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA6500	0_2_00CA6500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE570	0_2_00BCE570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2050F	0_2_00C2050F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C42510	0_2_00C42510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3F516	0_2_00C3F516
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A522	0_2_00C4A522
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2852A	0_2_00C2852A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C521	0_2_00C8C521
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0542	0_2_00BC0542
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1D6C4	0_2_00C1D6C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA26C6	0_2_00CA26C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C196D9	0_2_00C196D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAB6D3	0_2_00CAB6D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB86D6	0_2_00CB86D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3A6E0	0_2_00C3A6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9C6EA	0_2_00C9C6EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7A6E2	0_2_00C7A6E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBD69D	0_2_00BBD69D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6B6ED	0_2_00C6B6ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C326F8	0_2_00C326F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C296FE	0_2_00C296FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E6FB	0_2_00C5E6FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA76F5	0_2_00CA76F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8B68A	0_2_00C8B68A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD6F0	0_2_00BDD6F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A696	0_2_00C1A696
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C266A4	0_2_00C266A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C20640	0_2_00C20640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D73654	0_2_00D73654
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA64E	0_2_00CBA64E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5F64D	0_2_00C5F64D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBD65A	0_2_00CBD65A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2620	0_2_00BB2620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC3651	0_2_00CC3651
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDB66A	0_2_00CDB66A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4D671	0_2_00C4D671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C49679	0_2_00C49679
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4060D	0_2_00C4060D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7360D	0_2_00C7360D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1860D	0_2_00C1860D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA3613	0_2_00CA3613
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAC616	0_2_00CAC616
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD65E	0_2_00BDD65E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0626	0_2_00CC0626
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28637	0_2_00C28637
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2640	0_2_00BE2640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E636	0_2_00C8E636
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C7C3	0_2_00C8C7C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAC7C5	0_2_00CAC7C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C367D1	0_2_00C367D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC67AA	0_2_00BC67AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE7A0	0_2_00BCE7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD579D	0_2_00BD579D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C407E7	0_2_00C407E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C7E1	0_2_00C4C7E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6790	0_2_00BB6790
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB37E4	0_2_00CB37E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C917F3	0_2_00C917F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C927F4	0_2_00C927F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB1789	0_2_00CB1789
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC1783	0_2_00CC1783
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7179F	0_2_00C7179F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5779A	0_2_00C5779A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C647A3	0_2_00C647A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA7A0	0_2_00CAA7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9E7B3	0_2_00C9E7B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C817B4	0_2_00C817B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C417B9	0_2_00C417B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF07C0	0_2_00BF07C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C39743	0_2_00C39743
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9374C	0_2_00C9374C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2274B	0_2_00C2274B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB9747	0_2_00CB9747
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD3730	0_2_00BD3730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEF730	0_2_00BEF730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC5742	0_2_00CC5742
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A754	0_2_00C5A754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9F754	0_2_00C9F754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D39774	0_2_00D39774
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6D76D	0_2_00C6D76D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB2771	0_2_00CB2771
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCF700	0_2_00BCF700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62704	0_2_00C62704
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D78712	0_2_00D78712
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C98710	0_2_00C98710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C99716	0_2_00C99716
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7D724	0_2_00C7D724
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4572A	0_2_00C4572A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C8C7	0_2_00C3C8C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA18CD	0_2_00CA18CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2F8D2	0_2_00C2F8D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C388DC	0_2_00C388DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D728F0	0_2_00D728F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E8EA	0_2_00C6E8EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C608E9	0_2_00C608E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E8FB	0_2_00C1E8FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC88F3	0_2_00CC88F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB48EF	0_2_00BB48EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C478A6	0_2_00C478A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C988AE	0_2_00C988AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C848B2	0_2_00C848B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAE8B1	0_2_00CAE8B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCF8C0	0_2_00BCF8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C49843	0_2_00C49843
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5884C	0_2_00C5884C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6784B	0_2_00C6784B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C855	0_2_00C7C855
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2485E	0_2_00C2485E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7D864	0_2_00C7D864
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4286D	0_2_00C4286D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2862	0_2_00CC2862
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA5879	0_2_00CA5879
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAD876	0_2_00CAD876
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6380C	0_2_00C6380C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C35816	0_2_00C35816
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2E821	0_2_00C2E821
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C65828	0_2_00C65828
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9B826	0_2_00C9B826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C87838	0_2_00C87838
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3B830	0_2_00C3B830
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEB840	0_2_00BEB840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C83F	0_2_00C1C83F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C739CA	0_2_00C739CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0B9D3	0_2_00C0B9D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A9DB	0_2_00C5A9DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEF990	0_2_00BEF990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C289EC	0_2_00C289EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C749F2	0_2_00C749F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C899F1	0_2_00C899F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C909F0	0_2_00C909F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1F982	0_2_00C1F982
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4D98C	0_2_00C4D98C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0985	0_2_00CC0985
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB7991	0_2_00CB7991
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4B9A4	0_2_00C4B9A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB09A8	0_2_00CB09A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7A9BD	0_2_00C7A9BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C279B9	0_2_00C279B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD19C0	0_2_00BD19C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE93D	0_2_00BEE93D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1D94D	0_2_00C1D94D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5094A	0_2_00C5094A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D82942	0_2_00D82942
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92964	0_2_00C92964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94964	0_2_00C94964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66975	0_2_00C66975
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C58973	0_2_00C58973
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8D971	0_2_00C8D971
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3697C	0_2_00C3697C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6190E	0_2_00C6190E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC491E	0_2_00CC491E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1B923	0_2_00C1B923
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD579D	0_2_00BD579D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46931	0_2_00C46931
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5C93A	0_2_00C5C93A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C79ACD	0_2_00C79ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C93AC3	0_2_00C93AC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C82AC6	0_2_00C82AC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDFAAF	0_2_00BDFAAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24ADA	0_2_00C24ADA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C51AE4	0_2_00C51AE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2DAE6	0_2_00C2DAE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C39AF3	0_2_00C39AF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C18A8F	0_2_00C18A8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBEAEB	0_2_00BBEAEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB5A96	0_2_00CB5A96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3AAA2	0_2_00C3AAA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8EAAC	0_2_00C8EAAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC9AD4	0_2_00BC9AD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C55AB5	0_2_00C55AB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2AC0	0_2_00BB2AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C99AB7	0_2_00C99AB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AA4D	0_2_00C8AA4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CABA45	0_2_00CABA45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAFA57	0_2_00CAFA57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8FA56	0_2_00C8FA56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C21A6B	0_2_00C21A6B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCDA10	0_2_00BCDA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6CA69	0_2_00C6CA69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA6A7B	0_2_00CA6A7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C25A77	0_2_00C25A77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA3A1A	0_2_00CA3A1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2A18	0_2_00CC2A18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCCA60	0_2_00BCCA60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE7A60	0_2_00BE7A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C53A3F	0_2_00C53A3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBAA36	0_2_00CBAA36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6CBCC	0_2_00C6CBCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAABD4	0_2_00CAABD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6DBE3	0_2_00C6DBE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDAB90	0_2_00BDAB90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C33BED	0_2_00C33BED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C68BF6	0_2_00C68BF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9EB88	0_2_00C9EB88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4BF8	0_2_00BB4BF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5DB81	0_2_00C5DB81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C19B89	0_2_00C19B89
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C41B93	0_2_00C41B93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C45BAD	0_2_00C45BAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D87BB2	0_2_00D87BB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4CBBB	0_2_00C4CBBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C81B49	0_2_00C81B49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3BB45	0_2_00C3BB45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CB58	0_2_00C8CB58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48B5E	0_2_00C48B5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB9B50	0_2_00CB9B50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CB65	0_2_00C1CB65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2CB6B	0_2_00C2CB6B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC4B10	0_2_00BC4B10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4FB75	0_2_00C4FB75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C71B72	0_2_00C71B72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54B7C	0_2_00C54B7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0B00	0_2_00BF0B00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C95B76	0_2_00C95B76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46B02	0_2_00C46B02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C91B00	0_2_00C91B00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBBB1D	0_2_00CBBB1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DEDB04	0_2_00DEDB04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9BB12	0_2_00C9BB12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C87B2D	0_2_00C87B2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6AB20	0_2_00C6AB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5AB34	0_2_00C5AB34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C78B3D	0_2_00C78B3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64B3D	0_2_00C64B3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA1B35	0_2_00CA1B35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74CD2	0_2_00C74CD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C31CD8	0_2_00C31CD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D76CC9	0_2_00D76CC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C83CD7	0_2_00C83CD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C38CE8	0_2_00C38CE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4ACF6	0_2_00C4ACF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB6CFF	0_2_00CB6CFF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD7C82	0_2_00BD7C82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6EC8B	0_2_00C6EC8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C93C9D	0_2_00C93C9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCDCE0	0_2_00BCDCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50C99	0_2_00C50C99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDBCD4	0_2_00BDBCD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C43CB7	0_2_00C43CB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE7CC0	0_2_00BE7CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8BC48	0_2_00C8BC48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB1C4D	0_2_00CB1C4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3EC48	0_2_00C3EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA5C45	0_2_00CA5C45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5BC53	0_2_00C5BC53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB5C10	0_2_00BB5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C69C76	0_2_00C69C76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBFC7F	0_2_00CBFC7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1EC76	0_2_00C1EC76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C85C7F	0_2_00C85C7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C35C07	0_2_00C35C07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0AC06	0_2_00C0AC06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2C6C	0_2_00BD2C6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C44C11	0_2_00C44C11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9AC2A	0_2_00C9AC2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4C25	0_2_00CC4C25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6FC29	0_2_00C6FC29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C58DC4	0_2_00C58DC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CDC5	0_2_00C8CDC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB3DC4	0_2_00CB3DC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40DD1	0_2_00C40DD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C34DEB	0_2_00C34DEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84DE3	0_2_00C84DE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3CDF3	0_2_00C3CDF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3DDF3	0_2_00C3DDF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9CDFA	0_2_00C9CDFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C39DFB	0_2_00C39DFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5CDFD	0_2_00C5CDFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C20DFE	0_2_00C20DFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C87DF6	0_2_00C87DF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD0DFC	0_2_00BD0DFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE8DE0	0_2_00BE8DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3FDA4	0_2_00C3FDA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C79DA0	0_2_00C79DA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4DD45	0_2_00C4DD45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9ED48	0_2_00C9ED48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2BD5A	0_2_00C2BD5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86D50	0_2_00C86D50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D7BD4E	0_2_00D7BD4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4BD5E	0_2_00C4BD5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C37D5E	0_2_00C37D5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6D18	0_2_00BD6D18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80D64	0_2_00C80D64
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52D7F	0_2_00C52D7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72D0D	0_2_00C72D0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0D06	0_2_00CC0D06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C42D09	0_2_00C42D09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7AD19	0_2_00C7AD19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C63D19	0_2_00C63D19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5DD2E	0_2_00C5DD2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C98D27	0_2_00C98D27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDCD4F	0_2_00BDCD4F

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00BC4B00 appears 66 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00BB9080 appears 54 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 1.0003633720930232
Source: file.exe	Static PE information: Section: jhxstaas ZLIB complexity 0.9948334227265884

Source: classification engine

Classification label: mal100.evad.winEXE@1/0@3/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BDE450 CoCreateInstance,

0_2_00BDE450

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 42%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1869824 > 1048576

Source: file.exe

Static PE information: Raw size of jhxstaas is bigger than: 0x100000 < 0x19f200

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.bb0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jhxstaas:EW;kgshmact:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jhxstaas:EW;kgshmact:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d4784 should be: 0x1d1e46

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: jhxstaas
Source: file.exe	Static PE information: section name: kgshmact
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0D7A9 push edi; mov dword ptr [esp], eax	0_2_00C0D734
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE20DA push eax; mov dword ptr [esp], 3EFE4D00h	0_2_00DE2205
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DE20DA push 54F7A1BBh; mov dword ptr [esp], edx	0_2_00DE2277
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C100C5 push eax; mov dword ptr [esp], edi	0_2_00C10D40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C110C6 push ebp; mov dword ptr [esp], edx	0_2_00C1336B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push 30AFFA13h; mov dword ptr [esp], ebx	0_2_00C385C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push 139620DBh; mov dword ptr [esp], ebx	0_2_00C38620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push 5BCD2AC0h; mov dword ptr [esp], ecx	0_2_00C38655
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push eax; mov dword ptr [esp], 736EE693h	0_2_00C3865A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push 3D31EFBAh; mov dword ptr [esp], ecx	0_2_00C3871B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push 1A45F146h; mov dword ptr [esp], esi	0_2_00C38723
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push eax; mov dword ptr [esp], 7E755483h	0_2_00C387D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push 0EB49A1Fh; mov dword ptr [esp], edx	0_2_00C38807
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C380CB push ecx; mov dword ptr [esp], edx	0_2_00C38857
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8 push edx; mov dword ptr [esp], eax	0_2_00C6E5E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8 push 4779A8EBh; mov dword ptr [esp], esi	0_2_00C6E624
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8 push 313A296Bh; mov dword ptr [esp], ebx	0_2_00C6E68C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8 push eax; mov dword ptr [esp], ebx	0_2_00C6E696
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8 push ebx; mov dword ptr [esp], edi	0_2_00C6E69C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8 push 0C8F657Ah; mov dword ptr [esp], esi	0_2_00C6E6A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8 push edi; mov dword ptr [esp], 5F00232Eh	0_2_00C6E766
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E0C8 push edx; mov dword ptr [esp], ebp	0_2_00C6E892
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C100D3 push 2D5D952Dh; mov dword ptr [esp], ebx	0_2_00C12EF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C100D3 push 1F13671Fh; mov dword ptr [esp], ecx	0_2_00C13C3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E660CE push 7119A336h; mov dword ptr [esp], ecx	0_2_00E6612F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D850E0 push ecx; mov dword ptr [esp], 7FFB4BC9h	0_2_00D85130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D850E0 push 4DD3B266h; mov dword ptr [esp], edx	0_2_00D85201
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D850E0 push 066845E3h; mov dword ptr [esp], esp	0_2_00D85259
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D850E0 push edi; mov dword ptr [esp], 00001430h	0_2_00D85289
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D850E0 push 478D7101h; mov dword ptr [esp], ebp	0_2_00D852CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D850E0 push edx; mov dword ptr [esp], eax	0_2_00D852D9

Source: file.exe	Static PE information: section name: entropy: 7.988042722835456
Source: file.exe	Static PE information: section name: jhxstaas entropy: 7.954602727067242

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0D326 second address: C0D330 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D809EB second address: D809F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D809F3 second address: D809F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D809F9 second address: D80A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F0760DC67B7h 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0760DC67ACh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8BA45 second address: D8BA4F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F07608300ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C18A second address: D8C19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 ja 00007F0760DC67ACh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8FFD5 second address: D8FFD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8FFD9 second address: D8FFDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9018D second address: D901FD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F07608300F5h 0x0000000b popad 0x0000000c xor dword ptr [esp], 114743DDh 0x00000013 mov dh, ah 0x00000015 mov dh, D6h 0x00000017 push 00000003h 0x00000019 jmp 00007F07608300ECh 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F07608300E8h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000017h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a push esi 0x0000003b mov ch, 2Dh 0x0000003d pop ecx 0x0000003e push 00000003h 0x00000040 mov dword ptr [ebp+122D234Fh], ecx 0x00000046 push 448CFA17h 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e jl 00007F07608300E6h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D901FD second address: D9020F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67AAh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D902A0 second address: D902A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D902A5 second address: D902EC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0760DC67B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D2469h], edi 0x00000013 push 00000000h 0x00000015 cld 0x00000016 call 00007F0760DC67A9h 0x0000001b jnp 00007F0760DC67AEh 0x00000021 push eax 0x00000022 jl 00007F0760DC67A6h 0x00000028 pop eax 0x00000029 push eax 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jbe 00007F0760DC67A6h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D902EC second address: D9031F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jnp 00007F07608300F6h 0x00000015 jmp 00007F07608300F0h 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F07608300EAh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9031F second address: D903A5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0760DC67ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jo 00007F0760DC67AEh 0x00000014 jno 00007F0760DC67A8h 0x0000001a pop eax 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F0760DC67A8h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 jnp 00007F0760DC67ACh 0x0000003b sub dword ptr [ebp+122D21DBh], ebx 0x00000041 push 00000003h 0x00000043 pushad 0x00000044 mov ecx, 3F0E0306h 0x00000049 mov edx, ecx 0x0000004b popad 0x0000004c push 00000000h 0x0000004e mov ch, 3Fh 0x00000050 push 00000003h 0x00000052 mov ecx, edx 0x00000054 call 00007F0760DC67A9h 0x00000059 pushad 0x0000005a jmp 00007F0760DC67B5h 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D903A5 second address: D9040E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f je 00007F07608300FFh 0x00000015 jmp 00007F07608300F9h 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f jnl 00007F07608300EEh 0x00000025 mov eax, dword ptr [eax] 0x00000027 push edx 0x00000028 pushad 0x00000029 jne 00007F07608300E6h 0x0000002f jg 00007F07608300E6h 0x00000035 popad 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b pushad 0x0000003c pushad 0x0000003d jo 00007F07608300E6h 0x00000043 jng 00007F07608300E6h 0x00000049 popad 0x0000004a push ecx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB065C second address: DB0673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67AEh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0673 second address: DB0679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE633 second address: DAE637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE637 second address: DAE641 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F07608300E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE641 second address: DAE64A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE64A second address: DAE69E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F07608300F7h 0x00000011 jmp 00007F07608300F8h 0x00000016 popad 0x00000017 je 00007F07608300F0h 0x0000001d jmp 00007F07608300EAh 0x00000022 push eax 0x00000023 push edx 0x00000024 jno 00007F07608300E6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE69E second address: DAE6A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAE819 second address: DAE847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F0760830111h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F07608300F7h 0x00000012 jmp 00007F07608300EAh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAEC6D second address: DAEC8B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0760DC67B8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAEDBD second address: DAEDC7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAEF6D second address: DAEF83 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jns 00007F0760DC67A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAEF83 second address: DAEF8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAEF8A second address: DAEF95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F0760DC67A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF3AE second address: DAF3CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF3CE second address: DAF3D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF3D4 second address: DAF3EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jnl 00007F07608300E6h 0x0000000c push edx 0x0000000d pop edx 0x0000000e jg 00007F07608300E6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF3EA second address: DAF406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0760DC67B5h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF406 second address: DAF412 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF412 second address: DAF424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67AAh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF424 second address: DAF429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF429 second address: DAF42F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF42F second address: DAF435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF597 second address: DAF59D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF59D second address: DAF5AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007F07608300EBh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D767F9 second address: D767FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF6EE second address: DAF6F7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFD03 second address: DAFD15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F0760DC67ADh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFD15 second address: DAFD32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F07608300F7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFD32 second address: DAFD36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFD36 second address: DAFD3C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFD3C second address: DAFD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F0760DC67A6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0139 second address: DB0192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F07608300E6h 0x0000000a pop ebx 0x0000000b jc 00007F07608300FBh 0x00000011 jmp 00007F07608300F3h 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 js 00007F07608300E6h 0x0000001f jg 00007F07608300E6h 0x00000025 jmp 00007F07608300F9h 0x0000002a popad 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f je 00007F07608300E6h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0192 second address: DB0198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0198 second address: DB01A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007F07608300E6h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB01A7 second address: DB01D5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0760DC67C4h 0x00000008 jnp 00007F0760DC67AEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7EEC3 second address: D7EECF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB5AB8 second address: DB5AE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F0760DC67ACh 0x00000013 jc 00007F0760DC67A6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6B1A second address: DB6B4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F07608300F0h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6B4A second address: DB6B50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6C92 second address: DB6C96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6C96 second address: DB6C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB6C9C second address: DB6CCF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07608300FDh 0x00000008 jmp 00007F07608300F7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push esi 0x00000012 jmp 00007F07608300EBh 0x00000017 pop esi 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBDEAE second address: DBDEB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBDEB4 second address: DBDEB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBDEB8 second address: DBDEE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F0760DC67BEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007F0760DC67C2h 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79DBC second address: D79DD4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F07608300E6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f jnl 00007F07608300E6h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBD3EE second address: DBD402 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67AAh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBD402 second address: DBD413 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F07608300E6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBD6D1 second address: DBD720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67B8h 0x00000009 jmp 00007F0760DC67B3h 0x0000000e jbe 00007F0760DC67A6h 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007F0760DC67B6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBDA0D second address: DBDA28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F07608300E6h 0x0000000a jmp 00007F07608300EFh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBDA28 second address: DBDA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F0760DC67AAh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBDA3C second address: DBDA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F07608300E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBDA46 second address: DBDA5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBE714 second address: DBE71A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBE71A second address: DBE748 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 0798F20Ah 0x0000000f mov esi, dword ptr [ebp+122D396Ch] 0x00000015 push D78C75E4h 0x0000001a pushad 0x0000001b jmp 00007F0760DC67B0h 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF31C second address: DBF322 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF322 second address: DBF334 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF334 second address: DBF339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF3B8 second address: DBF3BE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF3BE second address: DBF3D8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 sub dword ptr [ebp+122D2775h], eax 0x0000000f push eax 0x00000010 je 00007F07608300F8h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF3D8 second address: DBF3DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF3DC second address: DBF3E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF499 second address: DBF49F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF577 second address: DBF5AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F4h 0x00000009 popad 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F07608300F7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF7DC second address: DBF7E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF7E0 second address: DBF7EA instructions: 0x00000000 rdtsc 0x00000002 js 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF934 second address: DBF93A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBF93A second address: DBF970 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F07608300F1h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push esi 0x0000000f jmp 00007F07608300EAh 0x00000014 pop esi 0x00000015 mov edi, dword ptr [ebp+122D3734h] 0x0000001b push eax 0x0000001c jns 00007F07608300EEh 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBFF60 second address: DBFF65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBFF65 second address: DBFF82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F07608300E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC091B second address: DC09A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jp 00007F0760DC67ACh 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F0760DC67A8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f movzx edi, dx 0x00000032 adc si, 8EC9h 0x00000037 push 00000000h 0x00000039 mov dword ptr [ebp+122D2985h], esi 0x0000003f xchg eax, ebx 0x00000040 pushad 0x00000041 ja 00007F0760DC67A8h 0x00000047 pushad 0x00000048 jmp 00007F0760DC67B9h 0x0000004d jmp 00007F0760DC67AAh 0x00000052 popad 0x00000053 popad 0x00000054 push eax 0x00000055 jp 00007F0760DC67B0h 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e pop eax 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC125C second address: DC1268 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC26E3 second address: DC26F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0760DC67B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2423 second address: DC2427 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC26F9 second address: DC274A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jne 00007F0760DC67AEh 0x0000000f nop 0x00000010 mov dword ptr [ebp+122D2891h], edi 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F0760DC67A8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+12469003h], edx 0x0000003a xchg eax, ebx 0x0000003b push eax 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC274A second address: DC2769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F07608300EDh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC31A4 second address: DC31AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC31AA second address: DC31AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3258 second address: DC3265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F0760DC67ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3DE2 second address: DC3DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9FB2 second address: DC9FD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0760DC67B1h 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC517E second address: DC5183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9FD1 second address: DC9FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0760DC67A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCB01B second address: DCB01F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCCF83 second address: DCCFA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jng 00007F0760DC67A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD03A second address: DCD03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD03E second address: DCD048 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD048 second address: DCD05F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F07608300E6h 0x00000009 jno 00007F07608300E6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCDFAB second address: DCDFAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCA124 second address: DCA138 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCA138 second address: DCA16D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F0760DC67B5h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0760DC67B5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCDFAF second address: DCE01D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F07608300E8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push ecx 0x00000025 mov bh, D5h 0x00000027 pop ebx 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F07608300E8h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 mov bx, 8C86h 0x0000004a sub ebx, dword ptr [ebp+12479FB8h] 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 jnl 00007F07608300E6h 0x0000005a pushad 0x0000005b popad 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE01D second address: DCE023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE023 second address: DCE027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE027 second address: DCE04A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0760DC67B4h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD21C second address: DCD2B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F07608300F1h 0x0000000a popad 0x0000000b nop 0x0000000c mov di, 7700h 0x00000010 and ebx, dword ptr [ebp+122D3710h] 0x00000016 push dword ptr fs:[00000000h] 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007F07608300E8h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 00000016h 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 mov bh, 2Ch 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 js 00007F07608300ECh 0x00000046 sub dword ptr [ebp+122D1AABh], esi 0x0000004c mov eax, dword ptr [ebp+122D00E5h] 0x00000052 add ebx, 7412CFFBh 0x00000058 push FFFFFFFFh 0x0000005a push 00000000h 0x0000005c push edi 0x0000005d call 00007F07608300E8h 0x00000062 pop edi 0x00000063 mov dword ptr [esp+04h], edi 0x00000067 add dword ptr [esp+04h], 00000019h 0x0000006f inc edi 0x00000070 push edi 0x00000071 ret 0x00000072 pop edi 0x00000073 ret 0x00000074 sbb edi, 67836D49h 0x0000007a push eax 0x0000007b pushad 0x0000007c jo 00007F07608300ECh 0x00000082 push eax 0x00000083 push edx 0x00000084 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD2B7 second address: DCD2C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 js 00007F0760DC67A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1143 second address: DD114E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F07608300E6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD114E second address: DD1154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD1154 second address: DD11AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D2A1Eh] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F07608300E8h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d cld 0x0000002e mov bx, 5231h 0x00000032 push 00000000h 0x00000034 xchg eax, esi 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F07608300F6h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2192 second address: DD21AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD21AF second address: DD21CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD21CF second address: DD21D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD131A second address: DD1328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD13E3 second address: DD1416 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F0760DC67B2h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD31C4 second address: DD31D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD31D9 second address: DD31DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD31DF second address: DD31E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD31E3 second address: DD3255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F0760DC67A8h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D340Ah], ebx 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c movsx ecx, cx 0x0000002f add edi, 3A62FBAAh 0x00000035 popad 0x00000036 push 00000000h 0x00000038 jmp 00007F0760DC67B9h 0x0000003d xchg eax, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 jnl 00007F0760DC67BAh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD41CE second address: DD41D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD41D4 second address: DD424F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F0760DC67A8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007F0760DC67A8h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 00000018h 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 push 00000000h 0x00000043 jmp 00007F0760DC67B9h 0x00000048 mov bx, di 0x0000004b xchg eax, esi 0x0000004c push eax 0x0000004d push edx 0x0000004e ja 00007F0760DC67A8h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD424F second address: DD4264 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F07608300E6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD60AC second address: DD60B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD60B0 second address: DD60BA instructions: 0x00000000 rdtsc 0x00000002 js 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD43EB second address: DD43EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD60BA second address: DD6138 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F07608300E8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 cmc 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007F07608300E8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000017h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 movzx edi, di 0x00000046 push 00000000h 0x00000048 sub dword ptr [ebp+122D1B62h], edx 0x0000004e push eax 0x0000004f push ebx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F07608300F3h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD543F second address: DD5460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67B9h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD5460 second address: DD5479 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F07608300EFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD632E second address: DD634C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0760DC67B3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD634C second address: DD6351 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD6351 second address: DD6357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9326 second address: DD933F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F07608300F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD933F second address: DD9343 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9343 second address: DD935B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F07608300ECh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8401 second address: DD847D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 mov di, ax 0x00000009 push dword ptr fs:[00000000h] 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F0760DC67A8h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a jmp 00007F0760DC67B0h 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 mov eax, dword ptr [ebp+122D1209h] 0x0000003c sub di, A466h 0x00000041 push FFFFFFFFh 0x00000043 jmp 00007F0760DC67ABh 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F0760DC67B9h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD935B second address: DD9365 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9365 second address: DD9414 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F0760DC67A8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 or di, FB3Ch 0x0000002a pushad 0x0000002b call 00007F0760DC67AAh 0x00000030 sub esi, dword ptr [ebp+122D3858h] 0x00000036 pop eax 0x00000037 pushad 0x00000038 clc 0x00000039 jmp 00007F0760DC67B3h 0x0000003e popad 0x0000003f popad 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push eax 0x00000045 call 00007F0760DC67A8h 0x0000004a pop eax 0x0000004b mov dword ptr [esp+04h], eax 0x0000004f add dword ptr [esp+04h], 00000015h 0x00000057 inc eax 0x00000058 push eax 0x00000059 ret 0x0000005a pop eax 0x0000005b ret 0x0000005c sub ebx, dword ptr [ebp+122D2159h] 0x00000062 push 00000000h 0x00000064 jmp 00007F0760DC67B9h 0x00000069 xchg eax, esi 0x0000006a push eax 0x0000006b push edx 0x0000006c push edx 0x0000006d push esi 0x0000006e pop esi 0x0000006f pop edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9414 second address: DD941E instructions: 0x00000000 rdtsc 0x00000002 je 00007F07608300ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE1D29 second address: DE1D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE14E5 second address: DE14EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F07608300E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE16A4 second address: DE16AE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE16AE second address: DE16B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE1844 second address: DE184C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE19A0 second address: DE19A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7BDE second address: DE7BFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEDD23 second address: DEDD54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F4h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jmp 00007F07608300EAh 0x00000012 pop edi 0x00000013 pushad 0x00000014 jno 00007F07608300E6h 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEDD54 second address: DEDD5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F0760DC67A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8765F second address: D87671 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F07608300ECh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87671 second address: D87676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87676 second address: D8767C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED700 second address: DED704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED704 second address: DED708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED852 second address: DED86F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67B9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED86F second address: DED879 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED879 second address: DED88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED88E second address: DED898 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F07608300E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED898 second address: DED8B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0760DC67ADh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED8B1 second address: DED8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DED8C6 second address: DED8E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEDA30 second address: DEDA44 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEDA44 second address: DEDA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0760DC67B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0969 second address: DF0999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jnl 00007F07608300ECh 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F07608300F6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0999 second address: DF09AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF09AD second address: DF09D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F6h 0x00000007 pushad 0x00000008 jnp 00007F07608300E6h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7822F second address: D78234 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B912 second address: D7B920 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F07608300ECh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B920 second address: D7B92E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jp 00007F0760DC67A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7B92E second address: D7B932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF513B second address: DF513F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF55CB second address: DF55E7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F07608300F2h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF55E7 second address: DF55F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0760DC67ADh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF55F9 second address: DF5616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F07608300F2h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF5911 second address: DF5947 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0760DC67B4h 0x0000000f push ecx 0x00000010 jmp 00007F0760DC67B3h 0x00000015 pop ecx 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF5C27 second address: DF5C49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F07608300EAh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F07608300EAh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF5C49 second address: DF5C4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7D8A second address: DC7E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jbe 00007F07608300F3h 0x0000000e jmp 00007F07608300EDh 0x00000013 jng 00007F07608300F3h 0x00000019 jmp 00007F07608300EDh 0x0000001e popad 0x0000001f nop 0x00000020 call 00007F07608300F1h 0x00000025 mov dword ptr [ebp+1245C4D7h], ebx 0x0000002b pop edi 0x0000002c mov edi, dword ptr [ebp+122D2361h] 0x00000032 lea eax, dword ptr [ebp+1248EAC4h] 0x00000038 pushad 0x00000039 mov cx, B2D0h 0x0000003d mov ebx, dword ptr [ebp+122D247Eh] 0x00000043 popad 0x00000044 nop 0x00000045 jmp 00007F07608300F2h 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F07608300F9h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E19 second address: DC7E28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0760DC67AAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E28 second address: DA55CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 jmp 00007F07608300EDh 0x0000000d call dword ptr [ebp+122D1A02h] 0x00000013 jmp 00007F07608300F2h 0x00000018 push eax 0x00000019 push edx 0x0000001a push ecx 0x0000001b jno 00007F07608300E6h 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC844E second address: DC8470 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8470 second address: DC8482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F07608300EEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8482 second address: DC84DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jo 00007F0760DC67BBh 0x00000015 jmp 00007F0760DC67B5h 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d pushad 0x0000001e jmp 00007F0760DC67B5h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8678 second address: DC8681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8681 second address: DC86D3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], esi 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F0760DC67A8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 jmp 00007F0760DC67ACh 0x0000002d nop 0x0000002e jmp 00007F0760DC67AAh 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 je 00007F0760DC67ACh 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC86D3 second address: DC86D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8983 second address: DC8988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8D51 second address: DC8D6E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F07608300E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jg 00007F07608300E6h 0x00000014 jng 00007F07608300E6h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8D6E second address: DC8D74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8D74 second address: DC8D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8E53 second address: DC8E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9077 second address: DC9088 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9088 second address: DC908F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9166 second address: DC916C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC916C second address: DC9170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9170 second address: DA61D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007F07608300F5h 0x0000000f jmp 00007F07608300EFh 0x00000014 nop 0x00000015 clc 0x00000016 lea eax, dword ptr [ebp+1248EB08h] 0x0000001c mov dword ptr [ebp+124574FDh], ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007F07608300EAh 0x0000002c popad 0x0000002d pop edx 0x0000002e mov dword ptr [esp], eax 0x00000031 mov edx, eax 0x00000033 jmp 00007F07608300EAh 0x00000038 lea eax, dword ptr [ebp+1248EAC4h] 0x0000003e movzx edi, di 0x00000041 push eax 0x00000042 jbe 00007F07608300F8h 0x00000048 jmp 00007F07608300F2h 0x0000004d mov dword ptr [esp], eax 0x00000050 mov dword ptr [ebp+12479E98h], esi 0x00000056 mov dword ptr [ebp+122D1D9Dh], ebx 0x0000005c call dword ptr [ebp+122D1C45h] 0x00000062 push edi 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA61D0 second address: DA61D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA61D6 second address: DA61DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA61DA second address: DA61E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73167 second address: D73188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F07608300EEh 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jns 00007F07608300E6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73188 second address: D7319D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0760DC67AEh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7319D second address: D731A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9A7A second address: DF9A7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9BEA second address: DF9C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F07608300F7h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9C0D second address: DF9C1C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0760DC67A6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9C1C second address: DF9C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F1h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9C34 second address: DF9C43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0760DC67ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9C43 second address: DF9C49 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9DB3 second address: DF9DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pop ebx 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF9DC0 second address: DF9DC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA048 second address: DFA05A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67ACh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA1A2 second address: DFA1B7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F07608300EAh 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA321 second address: DFA345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B0h 0x00000007 jmp 00007F0760DC67B0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA345 second address: DFA34A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFBF80 second address: DFBF94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0085C second address: E00862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00C2C second address: E00C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F0760DC67ACh 0x0000000b jbe 00007F0760DC67A6h 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 ja 00007F0760DC67A6h 0x0000001f push esi 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00C4D second address: E00C75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EEh 0x00000007 jnc 00007F07608300E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F07608300EEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00C75 second address: E00C79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00C79 second address: E00C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00DDD second address: E00DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00DE1 second address: E00DFC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07608300E6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jg 00007F07608300E6h 0x00000013 jl 00007F07608300E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00DFC second address: E00E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67ADh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E00E0E second address: E00E2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F07608300E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E01148 second address: E0114E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E01421 second address: E0144E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F4h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jl 00007F07608300E6h 0x00000015 pushad 0x00000016 popad 0x00000017 jl 00007F07608300E6h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0144E second address: E0145B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0760DC67A8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0190B second address: E0191E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300EBh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0191E second address: E01923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E01923 second address: E01928 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B65E second address: E0B662 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B7BE second address: E0B7C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B7C4 second address: E0B7E1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0760DC67AFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B7E1 second address: E0B7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B7E5 second address: E0B7E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B7E9 second address: E0B809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jbe 00007F07608300E6h 0x00000012 jmp 00007F07608300ECh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B809 second address: E0B826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0760DC67B0h 0x0000000c jp 00007F0760DC67A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B826 second address: E0B82C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B82C second address: E0B832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F318 second address: E0F31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F31C second address: E0F322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F322 second address: E0F333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a jnc 00007F07608300E6h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F333 second address: E0F346 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0760DC67AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F62E second address: E0F638 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F638 second address: E0F63E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F63E second address: E0F642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0F642 second address: E0F659 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jne 00007F0760DC67A6h 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13A60 second address: E13A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13A6F second address: E13A75 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13A75 second address: E13A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13A7E second address: E13A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13C08 second address: E13C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13C0D second address: E13C13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13C13 second address: E13C27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13F20 second address: E13F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13F24 second address: E13F28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13F28 second address: E13F2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1406E second address: E14072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E19D18 second address: E19D5B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pushad 0x00000007 je 00007F0760DC67A6h 0x0000000d jne 00007F0760DC67A6h 0x00000013 jmp 00007F0760DC67ADh 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push edx 0x0000001f pop edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F0760DC67B4h 0x00000029 pushad 0x0000002a popad 0x0000002b pop eax 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E19D5B second address: E19D6F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F07608300E8h 0x00000008 js 00007F07608300EEh 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E18944 second address: E18948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E18948 second address: E18956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F07608300E8h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8B13 second address: DC8B19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8B19 second address: DC8B85 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jbe 00007F07608300E6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F07608300F9h 0x00000012 nop 0x00000013 mov ebx, dword ptr [ebp+1248EB03h] 0x00000019 add cx, 1271h 0x0000001e add eax, ebx 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007F07608300E8h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 0000001Bh 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a jc 00007F07608300EBh 0x00000040 and di, F167h 0x00000045 nop 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 jc 00007F07608300E6h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC8B85 second address: DC8C25 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0760DC67B2h 0x00000010 jmp 00007F0760DC67B3h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 jne 00007F0760DC67AEh 0x0000001e nop 0x0000001f push 00000000h 0x00000021 push esi 0x00000022 call 00007F0760DC67A8h 0x00000027 pop esi 0x00000028 mov dword ptr [esp+04h], esi 0x0000002c add dword ptr [esp+04h], 00000018h 0x00000034 inc esi 0x00000035 push esi 0x00000036 ret 0x00000037 pop esi 0x00000038 ret 0x00000039 push 00000004h 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e call 00007F0760DC67A8h 0x00000043 pop esi 0x00000044 mov dword ptr [esp+04h], esi 0x00000048 add dword ptr [esp+04h], 0000001Ah 0x00000050 inc esi 0x00000051 push esi 0x00000052 ret 0x00000053 pop esi 0x00000054 ret 0x00000055 jmp 00007F0760DC67AFh 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jl 00007F0760DC67A8h 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E19132 second address: E19138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E19138 second address: E19145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jc 00007F0760DC67A6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E19145 second address: E1914A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F2A6 second address: E1F2C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B6h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F426 second address: E1F42C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1FAD3 second address: E1FAF0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0760DC67B8h 0x00000008 jmp 00007F0760DC67B0h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20070 second address: E2009D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F07608300EEh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F07608300F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2009D second address: E200A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E203CB second address: E203CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E203CF second address: E203D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E203D8 second address: E203E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E203E0 second address: E203F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F0760DC67ABh 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E203F8 second address: E20406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20406 second address: E2040B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2040B second address: E20422 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F0h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20711 second address: E2071D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E20F5E second address: E20F62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E29E8B second address: E29EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67AFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E29EA2 second address: E29EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F07608300E6h 0x0000000a jnp 00007F07608300E6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E29EB2 second address: E29EB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2A00B second address: E2A02B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F7h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2A02B second address: E2A031 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2A19D second address: E2A1CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F07608300F2h 0x00000008 jmp 00007F07608300F9h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2A1CD second address: E2A1D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2A1D5 second address: E2A1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2A1DB second address: E2A1E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E337A2 second address: E337C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F07608300F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E337C5 second address: E337D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0760DC67ABh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E319D8 second address: E319E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E319E1 second address: E319E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E319E7 second address: E319EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E32358 second address: E32369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0760DC67ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E32369 second address: E3236D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E32F7E second address: E32F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E32F82 second address: E32F86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E32F86 second address: E32F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0760DC67B0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E32F9C second address: E32FB0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07608300E8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F07608300E6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3365A second address: E3365E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3365E second address: E33664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E33664 second address: E33670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F0760DC67A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E33670 second address: E33674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E33674 second address: E33678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3A836 second address: E3A853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4337F second address: E4338B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0760DC67A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4338B second address: E433A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007F07608300EFh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4C529 second address: E4C52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4C52D second address: E4C555 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F07608300EBh 0x0000000b pop ecx 0x0000000c push eax 0x0000000d jmp 00007F07608300F2h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D74D0E second address: D74D46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0760DC67ACh 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0760DC67ABh 0x00000014 jmp 00007F0760DC67B7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F341 second address: E5F347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F347 second address: E5F34B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E66551 second address: E6659C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop esi 0x0000000a jmp 00007F07608300F3h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F07608300EDh 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F07608300F7h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6659C second address: E665AE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jns 00007F0760DC67A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E665AE second address: E665B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E665B2 second address: E665CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E65037 second address: E6503C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E652EA second address: E652F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E652F0 second address: E652FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6AEBD second address: E6AEC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0760DC67A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6AEC7 second address: E6AECC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6AECC second address: E6AEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F0760DC67B4h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F0760DC67AEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6AEF9 second address: E6AEFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6FAB5 second address: D6FAB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6AA47 second address: E6AA7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F07608300EEh 0x0000000c pop eax 0x0000000d jmp 00007F07608300EDh 0x00000012 popad 0x00000013 jc 00007F0760830106h 0x00000019 push ebx 0x0000001a jmp 00007F07608300EBh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E6F1CC second address: E6F1D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E74D24 second address: E74D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C1D4 second address: E7C1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C028 second address: E7C02E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C02E second address: E7C034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C034 second address: E7C03F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C03F second address: E7C045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7C045 second address: E7C04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D92E second address: E7D932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7944C second address: E7945E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7945E second address: E7947A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67B4h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA19C9 second address: EA19CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA1D7E second address: EA1D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA1D82 second address: EA1DA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F07608300F5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA1DA0 second address: EA1DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA1DA7 second address: EA1DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA2067 second address: EA206B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA206B second address: EA206F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA206F second address: EA207A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA207A second address: EA2081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA3B43 second address: EA3B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA3B4A second address: EA3B7B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F07608300E6h 0x00000009 jmp 00007F07608300F3h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F07608300EEh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA3B7B second address: EA3B8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F0760DC67A8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA3B8B second address: EA3B93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA3B93 second address: EA3B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA64F8 second address: EA6502 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA6502 second address: EA6506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA66EF second address: EA6700 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA6700 second address: EA6704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA6704 second address: EA674B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jl 00007F07608300E6h 0x00000011 pop ebx 0x00000012 popad 0x00000013 nop 0x00000014 mov dx, 5024h 0x00000018 push 00000004h 0x0000001a je 00007F07608300E9h 0x00000020 movzx edx, cx 0x00000023 mov edx, dword ptr [ebp+124571B3h] 0x00000029 push 4825D2A8h 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F07608300F7h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA6942 second address: EA697E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jmp 00007F0760DC67ABh 0x0000000c push dword ptr [ebp+122D276Bh] 0x00000012 mov dword ptr [ebp+122D2A56h], edx 0x00000018 call 00007F0760DC67A9h 0x0000001d jnp 00007F0760DC67AEh 0x00000023 push eax 0x00000024 push ebx 0x00000025 pushad 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA697E second address: EA698E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA698E second address: EA699D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA699D second address: EA69A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA69A3 second address: EA69D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e jne 00007F0760DC67ACh 0x00000014 pushad 0x00000015 jno 00007F0760DC67A6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA69D8 second address: EA69E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA69E7 second address: EA69EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C0CAC6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E3E4DE instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00C112F3 rdtsc

0_2_00C112F3

Source: C:\Users\user\Desktop\file.exe TID: 7596

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1345575273.0000000001654000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347675102.0000000001654000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1347675102.0000000001618000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00C112F3 rdtsc

0_2_00C112F3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BED930 LdrInitializeThunk,

0_2_00BED930

Source: file.exe, file.exe, 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: ~Program Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	13 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	223 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	42%	ReversingLabs	Win32.Trojan.Symmi
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://property-imper.sbs:443/api)t	0%	Avira URL Cloud	safe
https://occupy-blushi.sbs/=H3	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs/apil8	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs/apiS	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs/api4	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs:443/api	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs:443/apiNs	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
occupy-blushi.sbs	172.67.187.240	true	false	high
property-imper.sbs	unknown	unknown	false	high
frogs-severz.sbs	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://occupy-blushi.sbs/api	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://occupy-blushi.sbs:443/apiNs	file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://property-imper.sbs:443/api)t	file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://occupy-blushi.sbs:443/api	file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://occupy-blushi.sbs/	file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/apil8	file.exe, 00000000.00000003.1345575273.0000000001654000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://frogs-severz.sbs:443/api	file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/=H3	file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://occupy-blushi.sbs/apiS	file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://occupy-blushi.sbs/api4	file.exe, 00000000.00000003.1345575273.0000000001654000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347675102.0000000001654000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.187.240	occupy-blushi.sbs	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562763
Start date and time:	2024-11-26 00:24:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@1/0@3/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
18:25:16	API Interceptor	2x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.187.240	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
occupy-blushi.sbs	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://docs.google.com/drawings/d/1rnJTD83ySW2kuilnF4J1ffAp0B5BM7BM0Nvi8F8BbSI/preview?pli=1HeatherMitchell-andrew.tokar@overlakehospital.org	Get hash	malicious	HTMLPhisher	Browse	172.67.193.18
	IeccNv7PP6.exe	Get hash	malicious	Stealc, Vidar	Browse	172.67.179.207
	https://kkinternational.co.uk/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	fbot.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	8.44.60.26
	6wjCYfcM3a.exe	Get hash	malicious	LummaC	Browse	172.67.160.80
	https://shorturl.at/ZbKEL?REVd=Vhx6ZLBnjMm	Get hash	malicious	Unknown	Browse	104.26.8.129
	https://avidgroup.famislnc.com/fvcvfxfec/cc6d843dfd/?1f9da=amtsZW1wQGNhcmlzbHMuY29t	Get hash	malicious	Unknown	Browse	172.67.69.226
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	6wjCYfcM3a.exe	Get hash	malicious	LummaC	Browse	172.67.187.240
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948572269254835
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'869'824 bytes
MD5:	9b74557efef93db56818bb3355dc0954
SHA1:	c7abf497b84ba4c3f3bebcdc92556a2a35fc67d8
SHA256:	6d0eea80b03ff05f40ac2c0bdefde7c8eb4ad3a7cebe0ef9917cab6c20a8be40
SHA512:	10e060cc93de062789ced58486a27b452f917e4641bd9911eeb5fbaa75af56e9d21258fe7e76e1d7c0fb07e419b151659df4c32e05cf4b81a9ab16d69d56645f
SSDEEP:	49152:JRBYMhfeY6AsCor8sVWoy9VmJqFRh33kN5C2:pYMhhfvm8wW9YqhKC
TLSH:	9885338F9871BA32EC1ECAB447BF4407B356AD22D2EE81799DE424755E23183E5C34C6
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Dg.............................@J...........@..........................pJ......G....@.................................\...p..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8a4000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67449FF1 [Mon Nov 25 16:04:01 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F07605EDD9Ah
pcmpgtd mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F07605EFD95h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5805c	0x70	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x57000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x581f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x56000	0x25a00	569742820d9a8fb957bb231c409d6e62	False	1.0003633720930232	data	7.988042722835456	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x57000	0x2b0	0x200	9cce88f5b452ed0b7aa055bd9e09f6dd	False	0.802734375	data	6.0736560743638295	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x58000	0x1000	0x200	c92ced077364b300efd06b14c70a61dc	False	0.15625	data	1.1194718105633323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x59000	0x2aa000	0x200	722b37105dc9e20064ff21ab4ac5b3a2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
jhxstaas	0x303000	0x1a0000	0x19f200	1b4adea31d849021890a35d7e5da2b07	False	0.9948334227265884	data	7.954602727067242	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
kgshmact	0x4a3000	0x1000	0x400	1fd22dfba69dbd6e8f1ceec5b8d85d54	False	0.720703125	data	5.7387589933844705	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4a4000	0x3000	0x2200	c1ad5e4d4f4a849f49e750cd1586a5f4	False	0.05307904411764706	DOS executable (COM)	0.5752755904076379	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4a1f84	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-26T00:25:17.632263+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49703	172.67.187.240	443	TCP
2024-11-26T00:25:18.373645+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49703	172.67.187.240	443	TCP
2024-11-26T00:25:18.373645+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49703	172.67.187.240	443	TCP
2024-11-26T00:25:19.574766+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49705	172.67.187.240	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 00:25:16.359565020 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:16.359607935 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:16.359829903 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:16.364402056 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:16.364419937 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:17.632132053 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:17.632262945 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:17.636281013 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:17.636288881 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:17.636626959 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:17.679544926 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:17.685174942 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:17.685174942 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:17.685267925 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:18.373665094 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:18.373770952 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:18.373859882 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:18.375689030 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:18.375689030 CET	49703	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:18.375711918 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:18.375721931 CET	443	49703	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:18.433752060 CET	49705	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:18.433787107 CET	443	49705	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:18.433864117 CET	49705	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:18.434292078 CET	49705	443	192.168.2.7	172.67.187.240
Nov 26, 2024 00:25:18.434309959 CET	443	49705	172.67.187.240	192.168.2.7
Nov 26, 2024 00:25:19.574765921 CET	49705	443	192.168.2.7	172.67.187.240

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 00:25:15.529855013 CET	60867	53	192.168.2.7	1.1.1.1
Nov 26, 2024 00:25:15.780649900 CET	53	60867	1.1.1.1	192.168.2.7
Nov 26, 2024 00:25:15.806941032 CET	59125	53	192.168.2.7	1.1.1.1
Nov 26, 2024 00:25:16.030781031 CET	53	59125	1.1.1.1	192.168.2.7
Nov 26, 2024 00:25:16.035394907 CET	54732	53	192.168.2.7	1.1.1.1
Nov 26, 2024 00:25:16.269659996 CET	53	54732	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2024 00:25:15.529855013 CET	192.168.2.7	1.1.1.1	0x9ffb	Standard query (0)	property-imper.sbs	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:15.806941032 CET	192.168.2.7	1.1.1.1	0x2cf1	Standard query (0)	frogs-severz.sbs	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:16.035394907 CET	192.168.2.7	1.1.1.1	0x5869	Standard query (0)	occupy-blushi.sbs	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2024 00:25:15.780649900 CET	1.1.1.1	192.168.2.7	0x9ffb	Name error (3)	property-imper.sbs	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:16.030781031 CET	1.1.1.1	192.168.2.7	0x2cf1	Name error (3)	frogs-severz.sbs	none	none	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:16.269659996 CET	1.1.1.1	192.168.2.7	0x5869	No error (0)	occupy-blushi.sbs		172.67.187.240	A (IP address)	IN (0x0001)	false
Nov 26, 2024 00:25:16.269659996 CET	1.1.1.1	192.168.2.7	0x5869	No error (0)	occupy-blushi.sbs		104.21.7.169	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

occupy-blushi.sbs

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49703	172.67.187.240	443	7420	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 23:25:17 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: occupy-blushi.sbs
2024-11-25 23:25:17 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-25 23:25:18 UTC	1015	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 23:25:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qs1te2brt380nqef4vsaasumio; expires=Fri, 21-Mar-2025 17:11:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tsOkpKf8m7frCMU5Ml2GoeSBQ1fw11mlKkUOhUIqMD7YDo%2BSnuxVvw7HyRktvjR6JZmjlwrr1sN%2BIFE0a3cYF0aZF18F3RCyWeUpvYWq6WTLFyFfgDRFZ2tfm18P40tDBqH%2FpQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e8565aae9d478df-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1836&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=908&delivery_rate=1581798&cwnd=230&unsent_bytes=0&cid=d983fa92204f4c2e&ts=756&x=0"
2024-11-25 23:25:18 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-11-25 23:25:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	18:25:12
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xbb0000
File size:	1'869'824 bytes
MD5 hash:	9B74557EFEF93DB56818BB3355DC0954
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	49.1%
Total number of Nodes:	57
Total number of Limit Nodes:	2

Executed Functions

Function 00BBDBE5 Relevance: 21.5, Strings: 17, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

vino, xrefs: 00BBDF36
:M?C, xrefs: 00BBDEE9
ojz., xrefs: 00BBDD8A
btw~, xrefs: 00BBDCC9
}A3G, xrefs: 00BBDEF4
0Uwk, xrefs: 00BBDF2B
2I=O, xrefs: 00BBDEDE
U-E#, xrefs: 00BBDE91
=Y,_, xrefs: 00BBDF0A
]%I;, xrefs: 00BBDEA7
X)R/, xrefs: 00BBDE86
A!R', xrefs: 00BBDE9C
bpwv, xrefs: 00BBDCD4
4Q3W, xrefs: 00BBDF20
J9?, xrefs: 00BBDEB2
2E&[, xrefs: 00BBDEFF
;]!S, xrefs: 00BBDF15

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 0Uwk$2E&[$2I=O$4Q3W$:M?C$;]!S$=Y,_$A!R'$J9?$U-E#$X)R/$]%I;$bpwv$btw~$ojz.$vino$}A3G
API String ID: 0-3347885647
Opcode ID: 519fe65f90aee6e05c2918c616913de164b8324f786926d1df7be4443a795a86
Instruction ID: 12db67d76c8018db9a390a0b5f3e911abf2f0d248f25ea25722babc9b9e1d26f
Opcode Fuzzy Hash: 519fe65f90aee6e05c2918c616913de164b8324f786926d1df7be4443a795a86
Instruction Fuzzy Hash: 0DA1F37598C3928BD3348F25D8917FBBBE1EBD6304F0989ACD4D94B341EA794805CB92

Function 00BE8690 Relevance: 18.1, APIs: 5, Strings: 5, Instructions: 584
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(994B9B42), ref: 00BE8831
CoSetProxyBlanket.COMBASE(859C6334,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00BE887B
GetVolumeInformationW.KERNEL32(?,00000000,00000000,19C71BF7,00000000,00000000,00000000,00000000), ref: 00BE8D1D

Strings

S", xrefs: 00BE86BF
XI, xrefs: 00BE86B7
\, xrefs: 00BE8733
R], xrefs: 00BE86C7
C, xrefs: 00BE872B

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AllocBlanketInformationProxyStringVolume
String ID: C$R]$S"$XI$\
API String ID: 2230333033-1386815641
Opcode ID: 92f45e771160c5865ebc755daa4dfcc40c0728b7bfeb8b21409731cdd78097e6
Instruction ID: c07b0a4cec9ef00c1fe702f4c8ad7bc6be0bfd0e1ad29dc71ba55aaa4e505c40
Opcode Fuzzy Hash: 92f45e771160c5865ebc755daa4dfcc40c0728b7bfeb8b21409731cdd78097e6
Instruction Fuzzy Hash: 041232716483819FE710CF65C881B6BFBE1EF96310F148A6CE5889B391DB74D845CB92

Function 00BBB890 Relevance: 5.4, Strings: 4, Instructions: 442
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=:, xrefs: 00BBBC55
6(>*, xrefs: 00BBBC5D
VY^_, xrefs: 00BBB9F2
2$1., xrefs: 00BBBC80

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 2$1.$6(>*$=:$VY^_
API String ID: 0-408715646
Opcode ID: 23fc0e21a1e2be2cded045e31df68ad2f91c154232b0a356d3d4524672f07c3f
Instruction ID: 7117f3d56a65860051809054ffe5ff59d7cc33f3a76fc0496b6783ec7523c986
Opcode Fuzzy Hash: 23fc0e21a1e2be2cded045e31df68ad2f91c154232b0a356d3d4524672f07c3f
Instruction Fuzzy Hash: 0FD1277660C3944FD314CF29C8917ABBBD2EBD1314F18896CE4D58B355DBB9890ACB82

Function 00BED930 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00BEFDFB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00BED95E

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00BEDC1F Relevance: 1.4, Strings: 1, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

EFG@, xrefs: 00BEDC60

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: EFG@
API String ID: 2994545307-813506099
Opcode ID: fb12633e3e3ca7cc88ebd102516e40b9b5f01b9b01dfc983eb640e21ac349d35
Instruction ID: b0c52b9d798c3a7b3a99f671255200669e765e10ff09c00575547105aa81e4fc
Opcode Fuzzy Hash: fb12633e3e3ca7cc88ebd102516e40b9b5f01b9b01dfc983eb640e21ac349d35
Instruction Fuzzy Hash: 37318DB0618241ABD314CF2ADC45B37B7E2EB95315F25C86CE086CB2A2DBF5D815CB46

Function 00BBAA50 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

y#|!, xrefs: 00BBAAFF

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: y#|!
API String ID: 0-3264998935
Opcode ID: 33fcc464b591444f85950c3fe3bb43daf56b4dcf1d6ed5992ab0bbdedff699d5
Instruction ID: b2f10d4862d10320c76835aee73c69bd9ba10535ccf22bdf5031c9a855dea9d0
Opcode Fuzzy Hash: 33fcc464b591444f85950c3fe3bb43daf56b4dcf1d6ed5992ab0bbdedff699d5
Instruction Fuzzy Hash: 283166B4D512189BDB14CFB5DEC26EEBF71EB85300F14429EE88477384D63449098BE2

Function 00BEE16C Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: aff27c8c06905d506411b20c6414e2cfaccc927cf6ab29abf6495009a3465523
Instruction ID: 180a71e9826fb5a485905de9e133e362109b8f5a1c0865c592f5ca5ad8f4e90e
Opcode Fuzzy Hash: aff27c8c06905d506411b20c6414e2cfaccc927cf6ab29abf6495009a3465523
Instruction Fuzzy Hash: 47310171A093908FD704EF59D88423BB3D2EBC4304F2A896CDAE65B255DB70AC01CB82

Function 00BB9830 Relevance: 1.7, APIs: 1, Instructions: 178
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00BB9A33

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 01aeb371138b9b08e91eeca1959a1232a6e6ee834640c8364622c1355cb09c25
Instruction ID: b228770a764529e022ba419c53379e7819b2467e05caeefa799895a54a8c2b06
Opcode Fuzzy Hash: 01aeb371138b9b08e91eeca1959a1232a6e6ee834640c8364622c1355cb09c25
Instruction Fuzzy Hash: 7641E5B3F517080BD70CAA6A8D927B9B6C79BC4714F0E943D9989DB385EDB89C094281

Function 00BEAE40 Relevance: 1.6, APIs: 1, Instructions: 75
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?), ref: 00BEAF13

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 99225ca3e8f435c3b2c577bd976a48d310ad7f92dc82409c255bc0c65d108c18
Instruction ID: 22ae1441609cbb327dcb829ceae41a9c8013426ab099a8c9e988d68e60559ecc
Opcode Fuzzy Hash: 99225ca3e8f435c3b2c577bd976a48d310ad7f92dc82409c255bc0c65d108c18
Instruction Fuzzy Hash: 7011CB77F142900BC318CE78ECA0B9BFA93EBC4205F2A817CDD819B22ACA715D05C680

Function 00BEADE0 Relevance: 1.5, APIs: 1, Instructions: 38
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00BEAE31

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a76c33c15d88b8a602a4a3e4d5d4a2fb095bc398db957e630a9787f83c9575a7
Instruction ID: 6310188d777b73e0f51bb38a32829730fa467728c523aa1e1361df1d11f8fc9c
Opcode Fuzzy Hash: a76c33c15d88b8a602a4a3e4d5d4a2fb095bc398db957e630a9787f83c9575a7
Instruction Fuzzy Hash: 05F0E9311083404BC71D9F24D896AAF7BA3EF86304F24896CD4864B1A5DA761817CB85

Function 00BBDBB3 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00BBDBC6

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 76b0d3d47e1a2d1edb8d4c6e90d9c411a01a13861425a16bfa02ad2e6c4f4d0d
Instruction ID: 83a23e442550380aab6b105d85de65608f575cc426faac3d979064df678be22e
Opcode Fuzzy Hash: 76b0d3d47e1a2d1edb8d4c6e90d9c411a01a13861425a16bfa02ad2e6c4f4d0d
Instruction Fuzzy Hash: 4DD0CA313D4342BAF2389708AC63F2023009302F28F302A08B7A2FF2D2CCD1B6228508

Function 00BBDB80 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00BBDB93

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 9c2c0d1e0a04b90e4d80ca2515dd6a4ed0bed8a46cb2e2cf8a6cbeec6a1b1e16
Instruction ID: 12e4056fd6f571c3479bb236e1a9c24a43e3f20be5ead3b52678ae80bc2bee06
Opcode Fuzzy Hash: 9c2c0d1e0a04b90e4d80ca2515dd6a4ed0bed8a46cb2e2cf8a6cbeec6a1b1e16
Instruction Fuzzy Hash: B2D0A7211D014477D150666CDC03F323B5CC707768F045225E6A6E75D3DC10AA21C5B6

Function 00BBABB8 Relevance: 1.5, APIs: 1, Instructions: 16
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202), ref: 00BBABD1

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: ec8300428ad44e2a6a1553484c8ffa325573109bc39c6d1343d7f23955768037
Instruction ID: 1d2e7e5d0fc22e08fe817588ba0580125f69ac6a5bdaa2d88b6c535092977492
Opcode Fuzzy Hash: ec8300428ad44e2a6a1553484c8ffa325573109bc39c6d1343d7f23955768037
Instruction Fuzzy Hash: 4FD0A972680682DBD608AB61FCA3D392309970538AB04103AA223C32B2DE206924DD64

Function 00C0D7A9 Relevance: 1.3, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000), ref: 00C0D7AF

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f11396a49a2ff683fd1d08693429ef223c383645df76b1f63785b1e49646ff5a
Instruction ID: 6f690b0537d062e38a0f7c2f043cb963ee0bbf13b5ba03453938462cc89116b6
Opcode Fuzzy Hash: f11396a49a2ff683fd1d08693429ef223c383645df76b1f63785b1e49646ff5a
Instruction Fuzzy Hash: CBF05EB150C105CBE7046F79990957E7BE4EF45320F204A2DE893CA7C4E6319C50DB57

Function 00C0D9D6 Relevance: 1.3, APIs: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000), ref: 00C0E4F2

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a2a89034eff80c53a436f86234281c2998690b60549de9a5c31f287a5253ce65
Instruction ID: 99d81eccbbaf878feaa8e3b338a318ee9ba8f2a2fa4838f2d00f7ec3ba4a72e9
Opcode Fuzzy Hash: a2a89034eff80c53a436f86234281c2998690b60549de9a5c31f287a5253ce65
Instruction Fuzzy Hash: 2AF0A77110C205DBD308EFBAC8A66BEBBA8EF04300F26491DD9C7CA694E2301940D556

Function 00BBE072 Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

CoUninitialize.COMBASE ref: 00BBE072

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: Uninitialize
String ID:
API String ID: 3861434553-0
Opcode ID: fa5fa72ca4a5867e9fb3d16052347d4ba74ed8d5c91a47553b010a67aa8d6b69
Instruction ID: 64c1c76747dac98cf07f7ee528d8371df797e86caa126fa0fe462e79efaf3032
Opcode Fuzzy Hash: fa5fa72ca4a5867e9fb3d16052347d4ba74ed8d5c91a47553b010a67aa8d6b69
Instruction Fuzzy Hash: 09A02437F10014445F4000F47C010DDF310D1C00377100373C31CC1400D533113501C1

Non-executed Functions

Function 00BC24F0 Relevance: 122.0, Strings: 96, Instructions: 2005COMMON

Download Yara Rule

Strings

g, xrefs: 00BC2D47
O, xrefs: 00BC3AB7
N, xrefs: 00BC39EF
h, xrefs: 00BC391F
A, xrefs: 00BC3658
t, xrefs: 00BC3ACF
/, xrefs: 00BC3012
), xrefs: 00BC38B8
', xrefs: 00BC3DE1
j, xrefs: 00BC30B8
v, xrefs: 00BC2B3C
^, xrefs: 00BC30D8
E, xrefs: 00BC31C0
g, xrefs: 00BC2E32
V, xrefs: 00BC3472
C, xrefs: 00BC3A57
f, xrefs: 00BC2FDA
B, xrefs: 00BC364E
l, xrefs: 00BC3ABF
G, xrefs: 00BC394F
{, xrefs: 00BC2555
B, xrefs: 00BC39AF
1, xrefs: 00BC2FE2
Q, xrefs: 00BC39FF
f, xrefs: 00BC34F7
V, xrefs: 00BC395F
%, xrefs: 00BC3DD1
3, xrefs: 00BC2FF2
U, xrefs: 00BC39DF
-, xrefs: 00BC3002
V, xrefs: 00BC3680
f, xrefs: 00BC2D3F
X, xrefs: 00BC3A2F
g, xrefs: 00BC393F
S, xrefs: 00BC3AD7
;, xrefs: 00BC3D59
j, xrefs: 00BC3A8F
Z, xrefs: 00BC3662
), xrefs: 00BC3DF1
D, xrefs: 00BC4367
P, xrefs: 00BC3ADF
O, xrefs: 00BC398F
I, xrefs: 00BC269C
o, xrefs: 00BC2D07
s, xrefs: 00BC2CE7
M, xrefs: 00BC3AC7
+, xrefs: 00BC3E01
), xrefs: 00BC3022
G, xrefs: 00BC3A77
Q, xrefs: 00BC3AE7
4, xrefs: 00BC3D49
\, xrefs: 00BC30C8
D, xrefs: 00BC31C8
', xrefs: 00BC28B7
`, xrefs: 00BC3298
+, xrefs: 00BC38A8
#, xrefs: 00BC3DC1
E, xrefs: 00BC3A87
5|iL, xrefs: 00BC41E8
(, xrefs: 00BC301A
m, xrefs: 00BC2CF7
Q, xrefs: 00BC396F
0, xrefs: 00BC3E29
f, xrefs: 00BC2E3A
6, xrefs: 00BC2607
A, xrefs: 00BC3A67
L, xrefs: 00BC397F
/, xrefs: 00BC3E21
I, xrefs: 00BC31A0
!, xrefs: 00BC3DB1
Y, xrefs: 00BC2E2A
-, xrefs: 00BC3E11
;, xrefs: 00BC29C5
e, xrefs: 00BC2D37
G, xrefs: 00BC31B0
Z, xrefs: 00BC366C
D, xrefs: 00BC3F26
], xrefs: 00BC3A0F
m, xrefs: 00BC392F
I, xrefs: 00BC3AA7
E, xrefs: 00BC3A3F
i, xrefs: 00BC2D17
*, xrefs: 00BC38B0
K, xrefs: 00BC3A97
1, xrefs: 00BC3E31
-, xrefs: 00BC2CCF
K, xrefs: 00BC3190
g, xrefs: 00BC2B32
B, xrefs: 00BC25F7
P, xrefs: 00BC3676
C, xrefs: 00BC31D0
e, xrefs: 00BC3A9F
7, xrefs: 00BC2D1F
D, xrefs: 00BC399F
k, xrefs: 00BC2D27
q, xrefs: 00BC2CD7

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: !$#$%$'$'$($)$)$)$*$+$+$-$-$-$/$/$0$1$1$3$4$5|iL$6$7$;$;$A$A$B$B$B$C$C$D$D$D$D$E$E$E$G$G$G$I$I$I$K$K$L$M$N$O$O$P$P$Q$Q$Q$S$U$V$V$V$X$Y$Z$Z$\$]$^$`$e$e$f$f$f$f$g$g$g$g$h$i$j$j$k$l$m$m$o$q$s$t$v${
API String ID: 0-1857156078
Opcode ID: 61a946f162fe95e3f33f216033c2c71244ae64a00cfca2f6c8caae6b731acf17
Instruction ID: 8378017be5053f3908f4594137c5a97e35e598dca4a13cf18cefdf4ff30ad948
Opcode Fuzzy Hash: 61a946f162fe95e3f33f216033c2c71244ae64a00cfca2f6c8caae6b731acf17
Instruction Fuzzy Hash: 5B13BE7150C7C08AD3358B38C4997AEBBD1ABD6324F188AADE4E9873D2C7798941C753

Function 00BD42E2 Relevance: 34.2, Strings: 27, Instructions: 422COMMON

Download Yara Rule

Strings

#O3I, xrefs: 00BD4D70
y+U5, xrefs: 00BD4D23
I?Z9, xrefs: 00BD4D44
"o i, xrefs: 00BD4DC8
AC, xrefs: 00BD44FF
5G(A, xrefs: 00BD4D5A
\2, xrefs: 00BD4AA5
$S#], xrefs: 00BD4D91
Yg_a, xrefs: 00BD4DB2
SQ, xrefs: 00BD4A8F
H7B1, xrefs: 00BD4D2E
-_+Y, xrefs: 00BD4D9C
<[ae, xrefs: 00BD4DA7
*, xrefs: 00BD49F4
&+, xrefs: 00BD49E9
xy, xrefs: 00BD4C31
+W*Q, xrefs: 00BD4D86
+C6M, xrefs: 00BD4D65
XkVu, xrefs: 00BD4DD3
_c/m, xrefs: 00BD4DBD
CsA}, xrefs: 00BD4DE9
A3C=, xrefs: 00BD4D39
W@, xrefs: 00BD4A9A
/$, xrefs: 00BD49DE
h;HE, xrefs: 00BD4D4F
r1`3, xrefs: 00BD44BE
GwKq, xrefs: 00BD4DDE

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: AC$"o i$#O3I$$S#]$&+$*$+C6M$+W*Q$-_+Y$/$$5G(A$<[ae$A3C=$CsA}$GwKq$H7B1$I?Z9$SQ$W@$XkVu$Yg_a$\2$_c/m$h;HE$r1`3$xy$y+U5
API String ID: 0-3402895583
Opcode ID: 183a2d2d615d50df118d677794f6ff4c22033689dbd06f35116627b1ecc32750
Instruction ID: 2140f918d81c20eaa337744f32ee7a5bda8ef73855ea3df06d101dcc75bfd828
Opcode Fuzzy Hash: 183a2d2d615d50df118d677794f6ff4c22033689dbd06f35116627b1ecc32750
Instruction Fuzzy Hash: D942C7B450D3858AE374CF119481BDFBAE1BBD2304F508A1DD6EA6B255DBB04186CF93

Function 00BC151A Relevance: 16.9, Strings: 13, Instructions: 662COMMON

Download Yara Rule

Strings

F, xrefs: 00BC1737
^, xrefs: 00BC15FB
|, xrefs: 00BC1CA4
h, xrefs: 00BC1528
i, xrefs: 00BC1CAC
T, xrefs: 00BC1C11
o, xrefs: 00BC1C9C
!, xrefs: 00BC173F
X, xrefs: 00BC1C01
W, xrefs: 00BC1C09
=, xrefs: 00BC1B41
G, xrefs: 00BC184F
r, xrefs: 00BC1931

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: !$=$F$G$T$W$X$^$h$i$o$r$|
API String ID: 0-3969503238
Opcode ID: f9b1193fcdaead1a214876e95102e3a5ae1cef82a0693eea4d1b3e7561bd5092
Instruction ID: 6b05c3d7a3f559c3afc01aaf39a50ac8005499fee4292297082a20dc29701105
Opcode Fuzzy Hash: f9b1193fcdaead1a214876e95102e3a5ae1cef82a0693eea4d1b3e7561bd5092
Instruction Fuzzy Hash: D542F872A0C7908BD7289B3CC4957AEBBE1ABD6310F194EBDE4D9D73C2D67588018742

Function 00D7A323 Relevance: 12.9, Strings: 9, Instructions: 1642COMMON

Download Yara Rule

Strings

0v<, xrefs: 00D7AF41
bjy, xrefs: 00D7B44A
;A, xrefs: 00D7AE63
X>K, xrefs: 00D7A368
-r]W, xrefs: 00D7B121
Oy+_, xrefs: 00D7A40E
{*O, xrefs: 00D7A501
Ak, xrefs: 00D7AE4F
4Poy, xrefs: 00D7A42F

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: -r]W$0v<$4Poy$;A$Oy+_$X>K$bjy${*O$Ak
API String ID: 0-1521505383
Opcode ID: 27925ee5657679dcd855243db8012c371e650162ba8df6b203f6c618cd9dc0d1
Instruction ID: 008f6d3f54bd83692d75a0648d3349e598cf67d21054912a7d3386f831fd2bab
Opcode Fuzzy Hash: 27925ee5657679dcd855243db8012c371e650162ba8df6b203f6c618cd9dc0d1
Instruction Fuzzy Hash: 19B219F3A0C2109FE304AE2DEC8577ABBD9EF94760F1A453DEAC4C7744E93598018696

Function 00BD3247 Relevance: 12.1, Strings: 9, Instructions: 814COMMON

Download Yara Rule

Strings

ag, xrefs: 00BD3BCC
yu, xrefs: 00BD3BDC
aw, xrefs: 00BD3BD4
wy, xrefs: 00BD3A33
G&I, xrefs: 00BD3A93
CE, xrefs: 00BD3A8B
|}, xrefs: 00BD3DB1
{}, xrefs: 00BD3A3B
wi, xrefs: 00BD3BE4

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: ag$aw$wi$yu$|}$CE$G&I$wy${}
API String ID: 0-1554855913
Opcode ID: 75000827d1a41e39a3a70154129faa1aa3956c678bd6121d62140b199f824c8e
Instruction ID: c50736a82c6f65eec1248155f55ed89b5fa400424ab3bfacc7150477871636dc
Opcode Fuzzy Hash: 75000827d1a41e39a3a70154129faa1aa3956c678bd6121d62140b199f824c8e
Instruction Fuzzy Hash: 1E52DE75A08201DFDB04CF68D88166EBBF1FF89314F1989ADE5969B391EB34D901CB42

Function 00BD32E2 Relevance: 12.0, Strings: 9, Instructions: 744COMMON

Download Yara Rule

Strings

ag, xrefs: 00BD3BCC
yu, xrefs: 00BD3BDC
aw, xrefs: 00BD3BD4
wy, xrefs: 00BD3A33
G&I, xrefs: 00BD3A93
CE, xrefs: 00BD3A8B
|}, xrefs: 00BD3DB1
{}, xrefs: 00BD3A3B
wi, xrefs: 00BD3BE4

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: ag$aw$wi$yu$|}$CE$G&I$wy${}
API String ID: 0-1554855913
Opcode ID: b4b3b3af18c729900e55963bca06604d9defb78a5d908d3aaa8187e4fa85b734
Instruction ID: f2ca2499a6e2415c1673bb895f33b26b4571bc6bbd1d64c2d8aedbf58b2e0930
Opcode Fuzzy Hash: b4b3b3af18c729900e55963bca06604d9defb78a5d908d3aaa8187e4fa85b734
Instruction Fuzzy Hash: C042DCB1A08341CFD704CF68D89166EBBF1FB85314F1989ADE5969B391EB38D901CB42

Function 00BBA1C0 Relevance: 10.4, Strings: 8, Instructions: 402COMMON

Download Yara Rule

Strings

LH>N, xrefs: 00BBA2EC
(, xrefs: 00BBA27D
^'U[, xrefs: 00BBA2BC
fG, xrefs: 00BBA324
>, xrefs: 00BBA37E
cmj., xrefs: 00BBA1E6
W+U0, xrefs: 00BBA2D4
-++(, xrefs: 00BBA2CC

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: ($-++($>$LH>N$W+U0$^'U[$cmj.$fG
API String ID: 0-3233654006
Opcode ID: 5e6bdec4ac60a2a2cb09132af775e15d63ff9971446b651b6d4483e353406e3b
Instruction ID: ab0d28ae587cb2e766d700ea85afbdec1ad895a41c35a6f5bdfab3a04018c1b3
Opcode Fuzzy Hash: 5e6bdec4ac60a2a2cb09132af775e15d63ff9971446b651b6d4483e353406e3b
Instruction Fuzzy Hash: 1EB1C57160C3C14BD3268F2994A03ABBFE19FD7704F0849ADE4D54B382D7B98946CB92

Function 00D8604B Relevance: 9.2, Strings: 6, Instructions: 1669COMMON

Download Yara Rule

Strings

,?_, xrefs: 00D863AD
sDs-, xrefs: 00D87158
!%, xrefs: 00D86E54
d(~, xrefs: 00D8686F
0z+, xrefs: 00D86105
Dyk~, xrefs: 00D86B88

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: ,?_$0z+$Dyk~$d(~$sDs-$!%
API String ID: 0-3309475078
Opcode ID: 2aab5b1ea7367ad56cac72aa6c931813fc58581dc4faad55bdd571e0935ff726
Instruction ID: ca73b85701d70a93db2586bb739084063cd614d95c417416a56f155073d80e57
Opcode Fuzzy Hash: 2aab5b1ea7367ad56cac72aa6c931813fc58581dc4faad55bdd571e0935ff726
Instruction Fuzzy Hash: 4CB2E8F360C204AFE3046E29EC8567AFBE9EF94720F16493DEAC4C3744EA3558458697

Function 00D751AE Relevance: 7.8, Strings: 5, Instructions: 1599COMMON

Download Yara Rule

Strings

*g6, xrefs: 00D76371
`8{i, xrefs: 00D7612D
{&Z, xrefs: 00D75C1B
0G[5, xrefs: 00D75899
=m, xrefs: 00D75D1A

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: *g6$0G[5$=m$`8{i${&Z
API String ID: 0-1863006537
Opcode ID: daf3e7bea2ad02788ee420e0e7446696e782150962c9b579f57beba2e93273e9
Instruction ID: 7a2e8c0506bde0f1c539dc9ab6227cb0ac58e9503c762193e49f0f19c6c95ac2
Opcode Fuzzy Hash: daf3e7bea2ad02788ee420e0e7446696e782150962c9b579f57beba2e93273e9
Instruction Fuzzy Hash: C6B2F6F360C2049FE304AE29EC4567AF7E6EFD4720F1A892DE6C4C7744EA3598418697

Function 00C6C215 Relevance: 6.8, Strings: 5, Instructions: 568COMMON

Download Yara Rule

Strings

Q, xrefs: 00C6C2D9
4, xrefs: 00C6C828
^, xrefs: 00C6C859
Q, xrefs: 00C6C742
$, xrefs: 00C6C9BC

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: $$4$Q$Q$^
API String ID: 0-3193924108
Opcode ID: 999f2948b3e374d3b054eb6abd29f4ca486ab97470f8de5fa2af9b01a7cebdd5
Instruction ID: 27cc482e349dac3c705890a691c4a63d5ba58c5bd13d6fbb7b037c98cddc24e5
Opcode Fuzzy Hash: 999f2948b3e374d3b054eb6abd29f4ca486ab97470f8de5fa2af9b01a7cebdd5
Instruction Fuzzy Hash: 7412BEA3F2191407F7684828CDA93B62583D7E1321F2EC27D8BAA5BBC9DC7E4D454384

Function 00BBA5E0 Relevance: 6.6, Strings: 5, Instructions: 342COMMON

Download Yara Rule

Strings

h, xrefs: 00BBA7CC
\W, xrefs: 00BBA97D
(cz, xrefs: 00BBA775
L, xrefs: 00BBA728
@A, xrefs: 00BBA8C7

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: (cz$@A$L$\W$h
API String ID: 0-2254788895
Opcode ID: fbb5d5c9857b0a22a41e9468e4117f947a58ce1eb4822fc7aec75df9bf949dbc
Instruction ID: e777e82e72d1a40f8f19f8f99e68837c27ee975f6913e9782dbeba953f2bd49a
Opcode Fuzzy Hash: fbb5d5c9857b0a22a41e9468e4117f947a58ce1eb4822fc7aec75df9bf949dbc
Instruction Fuzzy Hash: 0FA1ACB050C3809BE310DF25D455BABBBE4EF92354F148D6CE1E58B292D779C50ACB52

Function 00BDC4D7 Relevance: 5.5, Strings: 4, Instructions: 500COMMON

Download Yara Rule

Strings

QZS9, xrefs: 00BDCA5B
hzK, xrefs: 00BDC968
UgYn, xrefs: 00BDCA51
u u#, xrefs: 00BDCD38

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: hzK$QZS9$UgYn$u u#
API String ID: 0-1715210810
Opcode ID: 9afd687f9b0d03261b26104f1d7b1bb95bbb377bba3735e871b36f30855ed1bb
Instruction ID: 58c0f69fa660fc687adb302dd971e908ffc64b524fcbfa9a328cac724e6adf57
Opcode Fuzzy Hash: 9afd687f9b0d03261b26104f1d7b1bb95bbb377bba3735e871b36f30855ed1bb
Instruction Fuzzy Hash: BBF1B760604B828ED725CF35C4517A3FFE2EF56304F1889AEC4EA87782E779A50AC751

Function 00C6C2E7 Relevance: 5.4, Strings: 4, Instructions: 437COMMON

Download Yara Rule

Strings

4, xrefs: 00C6C828
^, xrefs: 00C6C859
Q, xrefs: 00C6C742
$, xrefs: 00C6C9BC

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: $$4$Q$^
API String ID: 0-1360493100
Opcode ID: c7bb90efa9eae237f4cfa5c737d948210b4a2e9a13a7a5f032b228141f3ead74
Instruction ID: bc8a329e8215dfed10a35455b7f57d1066e8de96a620cc38b0a424b6db82a1c5
Opcode Fuzzy Hash: c7bb90efa9eae237f4cfa5c737d948210b4a2e9a13a7a5f032b228141f3ead74
Instruction Fuzzy Hash: 0FE17FA3F2184407F7684828CDA93B61883D7E1325F2EC27D87AB5BBCADC7E59465344

Function 00C4A5F2 Relevance: 5.4, Strings: 4, Instructions: 410COMMON

Download Yara Rule

Strings

Q, xrefs: 00C4AA1E
^, xrefs: 00C4AB1F
4, xrefs: 00C4AAD8
$, xrefs: 00C4AC4A

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: $$4$Q$^
API String ID: 0-1360493100
Opcode ID: 494251309aa835b25170166705bb1d33248d843cbb7fd2e45aa1088d066cb304
Instruction ID: cea17aa6bbf3adf35a51c5f679c821c64ecfbed333cbb73f0613e1ebb69727f1
Opcode Fuzzy Hash: 494251309aa835b25170166705bb1d33248d843cbb7fd2e45aa1088d066cb304
Instruction Fuzzy Hash: 7CD156B3EA18250BF7A40038CD183A2298357A1325F2F8278CE6C7B7C5D8BE5D4A53C5

Function 00D850E0 Relevance: 4.3, Strings: 3, Instructions: 596COMMON

Download Yara Rule

Strings

>, xrefs: 00D85552
WL`, xrefs: 00D857BB
Lk__, xrefs: 00D8578C

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: >$Lk__$WL`
API String ID: 0-1712777015
Opcode ID: 42ae1a17de9de95e6209e7bff96223656282df0e0b30c3c2053ec2205fb0aa13
Instruction ID: 7b0c8fb6a896b036554870e89d2947278bc38868af28ece34de83e7dd214f163
Opcode Fuzzy Hash: 42ae1a17de9de95e6209e7bff96223656282df0e0b30c3c2053ec2205fb0aa13
Instruction Fuzzy Hash: F412C2F250C300AFE704AF29EC8167AFBE5EF94720F16892DE6C487744E63598418B97

Function 00BCD5B5 Relevance: 4.0, Strings: 3, Instructions: 266COMMON

Download Yara Rule

Strings

+*), xrefs: 00BCD7E6
+*), xrefs: 00BCD7BA, 00BCD706, 00BCD670
ge, xrefs: 00BCD64E

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: +*)$+*)$ge
API String ID: 0-1375209572
Opcode ID: 7723b27b4a1e085571f41441591294376a0d7a982e3bebacb282ad1a113af281
Instruction ID: 68d0860af8621f9b57a46d01a38ae821ed00bcee3c36d9ff2b42ebe9bdb4bcb9
Opcode Fuzzy Hash: 7723b27b4a1e085571f41441591294376a0d7a982e3bebacb282ad1a113af281
Instruction Fuzzy Hash: AB7112B56483408BC318DF24D8927ABB7E1EFA1304F1848BDE8D58B391E779C906DB52

Function 00BCD5C8 Relevance: 4.0, Strings: 3, Instructions: 262COMMON

Download Yara Rule

Strings

+*), xrefs: 00BCD7E6
+*), xrefs: 00BCD7BA, 00BCD706, 00BCD670
ge, xrefs: 00BCD64E

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: +*)$+*)$ge
API String ID: 0-1375209572
Opcode ID: b1abea28a9eacfbd4976c23afde460592dd71aac1f79adfd634795810b5107d0
Instruction ID: 9153cd1c754c8b101a86a4d42cdfeb34bf5de168fb8dfdc88fa1015a9ad94312
Opcode Fuzzy Hash: b1abea28a9eacfbd4976c23afde460592dd71aac1f79adfd634795810b5107d0
Instruction Fuzzy Hash: EC7123B52483408BC318DF24D8927ABB7E1EFA1304F1848BDE8D58B391E779C906DB52

Function 00BB2170 Relevance: 4.0, Strings: 3, Instructions: 237COMMON

Download Yara Rule

Strings

", xrefs: 00BB217B
\, xrefs: 00BB2329
u, xrefs: 00BB2333

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: "$\$u
API String ID: 0-3864133841
Opcode ID: 39bd3301a30731ca9f32c53f203bb09c6dbc8a290ca378fc3c345780403b75e5
Instruction ID: f8b18df7e3536d64c192818374e82c082973bf336ace378db3fd7744111175d8
Opcode Fuzzy Hash: 39bd3301a30731ca9f32c53f203bb09c6dbc8a290ca378fc3c345780403b75e5
Instruction Fuzzy Hash: 4D7119315086818FDB158F2888413FABFE2DF96310F1886FDDAD6CB392D6B49945C396

Function 00BC51D8 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

hn, xrefs: 00BC9031
2j, xrefs: 00BC9026
eu, xrefs: 00BC901B

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 2j$eu$hn
API String ID: 0-107825706
Opcode ID: 14881d494c76e88cf93f11ea319dc5bfba545540f41138136f0d73e64dd68ce8
Instruction ID: 73502b100016350f1583437d9aa9df74fea9f39f8fa73886bbb22b02d4cc47bc
Opcode Fuzzy Hash: 14881d494c76e88cf93f11ea319dc5bfba545540f41138136f0d73e64dd68ce8
Instruction Fuzzy Hash: EF41BE751083818BD7359F28C455BFBB7E1EFE6310F198A9DE4CA8B291EB744841CB52

Function 00C380CB Relevance: 3.0, Strings: 2, Instructions: 549COMMON

Download Yara Rule

Strings

4T|~, xrefs: 00C3882D
\.., xrefs: 00C3885A

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 4T|~$\..
API String ID: 0-4288574030
Opcode ID: 4d446352caaddc322db9851c2f5a7bee058eeef469376ca9f8c2a1113a02ba8c
Instruction ID: 7978cc3d1e86972f8bff1d072313c3a1af4ac4e8e4b4820532b36c8c06819415
Opcode Fuzzy Hash: 4d446352caaddc322db9851c2f5a7bee058eeef469376ca9f8c2a1113a02ba8c
Instruction Fuzzy Hash: A902F1B3F503244BF3184D79DC98366BA92EB94320F2B863C9F89A77C5D97D5C0A4285

Function 00CC7236 Relevance: 3.0, Strings: 2, Instructions: 548COMMON

Download Yara Rule

Strings

.T7, xrefs: 00CC79B8
"D~?, xrefs: 00CC7A20

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: "D~?$.T7
API String ID: 0-614855885
Opcode ID: 54688e493d25bed465028839dfbd18a289c9e8ab70eaacb6c05633498a22de7b
Instruction ID: c329ab5e11e3dd928734604f3a1a426c470e7e4591e728cd0f07954bc09d9553
Opcode Fuzzy Hash: 54688e493d25bed465028839dfbd18a289c9e8ab70eaacb6c05633498a22de7b
Instruction Fuzzy Hash: 5202C3F3F112244BF3444929CC58366B693DBD4320F2F8238DE98AB7C9E97E9D064285

Function 00C8A304 Relevance: 3.0, Strings: 2, Instructions: 500COMMON

Download Yara Rule

Strings

[, xrefs: 00C8A96D
|]?, xrefs: 00C8A974

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: [$|]?
API String ID: 0-1108369818
Opcode ID: 61340dae37eecee5d9126201ed374c9486de11bdb1478d7c9ce718245acc5cd8
Instruction ID: 0f82fb4bc00bd3483898398eaa6ba92ac3c04e3698e14c31c2a240aeaa528d2f
Opcode Fuzzy Hash: 61340dae37eecee5d9126201ed374c9486de11bdb1478d7c9ce718245acc5cd8
Instruction Fuzzy Hash: E2F1BEB3F112244BF3548929DC94366B697DBD4320F2F823D8E98AB7C5E97E5C0A4385

Function 00BD2580 Relevance: 2.9, Strings: 2, Instructions: 447COMMON

Download Yara Rule

Strings

`a, xrefs: 00BD25A9
;}-c, xrefs: 00BD25A1

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: ;}-c$`a
API String ID: 0-4034549700
Opcode ID: 8395cfdc9c6e99abc1dc94c533fc69f7b3908bff5286e74d37761b61930e34fb
Instruction ID: 2fe2f1566a04094c470767b8d6f18f3b864ea2e7b6f295e8be9233c26725f02f
Opcode Fuzzy Hash: 8395cfdc9c6e99abc1dc94c533fc69f7b3908bff5286e74d37761b61930e34fb
Instruction Fuzzy Hash: EDB12572A083409BD714AF24DC9277BF3E1EFA5310F0985AEE9818B391F7799905C762

Function 00BBE218 Relevance: 2.7, Strings: 2, Instructions: 158COMMON

Download Yara Rule

Strings

`86, xrefs: 00BBE41A
2, xrefs: 00BBE222

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 2$`86
API String ID: 0-3729967060
Opcode ID: f89c4da7cb826b89316167c04349d4a3f4017ca670a3595263ca717628bb2642
Instruction ID: a59c050551f5f85b40df3acd40ec71526d6c711535772203d27630544435bac9
Opcode Fuzzy Hash: f89c4da7cb826b89316167c04349d4a3f4017ca670a3595263ca717628bb2642
Instruction Fuzzy Hash: 1251BA716583838BD738CB2998A1BFFBBE2EBD5304F08897CD49987252E7704405DB92

Function 00BEF1D0 Relevance: 1.9, Strings: 1, Instructions: 689COMMON

Download Yara Rule

Strings

|~r, xrefs: 00BEF85C

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: |~r
API String ID: 0-2030294058
Opcode ID: e6c2df029ed3891490f0724bb874e92b0ddb24a303e59a75d1b425972bb9ffd7
Instruction ID: 2c21e3bd2a2205f9315b264b18123b1b69b2cc1e5ad327bdfa22a9ce99b68244
Opcode Fuzzy Hash: e6c2df029ed3891490f0724bb874e92b0ddb24a303e59a75d1b425972bb9ffd7
Instruction Fuzzy Hash: E7221136A08211CFC708CF69D8906AAB7E2FB89314F0985BDD989D7352D735EC45CB82

Function 00BEF3C0 Relevance: 1.9, Strings: 1, Instructions: 645COMMON

Download Yara Rule

Strings

|~r, xrefs: 00BEF85C

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: |~r
API String ID: 0-2030294058
Opcode ID: 00dc2aab728695385bcdfe64856e15ae4ce7599184d1185d9799bff396399e53
Instruction ID: 355b664837105720bb877966e5169ea30916d8fbd0061117b773fde203a5de4f
Opcode Fuzzy Hash: 00dc2aab728695385bcdfe64856e15ae4ce7599184d1185d9799bff396399e53
Instruction Fuzzy Hash: 7D120276A08251CFC708CF69D8916BAB7E2FB89314F0985BDD899D7352D739AC01CB81

Function 00BEF2E0 Relevance: 1.9, Strings: 1, Instructions: 631COMMON

Download Yara Rule

Strings

|~r, xrefs: 00BEF85C

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: |~r
API String ID: 0-2030294058
Opcode ID: f63502b6c106dd253f3a39ac048bb5164a005d122f8865150f0187f80ce6d39d
Instruction ID: 5541001533f4ce847318709a3552a18b7f435e648753cd05a390430436a2a358
Opcode Fuzzy Hash: f63502b6c106dd253f3a39ac048bb5164a005d122f8865150f0187f80ce6d39d
Instruction Fuzzy Hash: 8D120076A08251CFC708CF69D8906AAB7E2FF89314F0985BDD889D7352D735E845CB82

Function 00C6E0C8 Relevance: 1.8, Strings: 1, Instructions: 557COMMON

Download Yara Rule

Strings

!~, xrefs: 00C6E782

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: !~
API String ID: 0-366130559
Opcode ID: 0c01fb8b812cc23f949fdd82bd9e9d3ca5332e00cacddb509239ab4e69baeb54
Instruction ID: 7f6b1a20d2065a4224af47c972151a13bced6f27ff36c6da7893a980b1c4295a
Opcode Fuzzy Hash: 0c01fb8b812cc23f949fdd82bd9e9d3ca5332e00cacddb509239ab4e69baeb54
Instruction Fuzzy Hash: 1C02D0F3F006244BF3545969DC993A6B6D2EBD4320F2B823C9F98A77C4E97E5C064285

Function 00C694A8 Relevance: 1.8, Strings: 1, Instructions: 526COMMON

Download Yara Rule

Strings

{}+, xrefs: 00C6998D

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: {}+
API String ID: 0-3290022363
Opcode ID: 7fbfa7c43b32509a13123ae6abd07f5bc825d6beaaf45b8e58046a3d48ea541a
Instruction ID: 43a384a20c4eda1f79e0523b11452fe0c2a047fbf91760035ed37bd6950fe76e
Opcode Fuzzy Hash: 7fbfa7c43b32509a13123ae6abd07f5bc825d6beaaf45b8e58046a3d48ea541a
Instruction Fuzzy Hash: CF02F0F3F142148BF3085E28DC98366B6D2EBD5320F2B863C9B859B7C5D97D98458385

Function 00C705A1 Relevance: 1.8, Strings: 1, Instructions: 504COMMON

Download Yara Rule

Strings

l{O, xrefs: 00C70C91

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: l{O
API String ID: 0-1077595918
Opcode ID: a42aeaae6574a8cbea77e7b4d690bb2885794e02da6448c5f5b2344ffacc3459
Instruction ID: ed6bb8762d3e236e37b95cbce36274f35bcfa03b2cefe3073df8f08bc74e61ec
Opcode Fuzzy Hash: a42aeaae6574a8cbea77e7b4d690bb2885794e02da6448c5f5b2344ffacc3459
Instruction Fuzzy Hash: D6F1E1F3F106154BF3444939CD983667683EBD4310F2F82398B989BBC9ED7D990A4285

Function 00BE936D Relevance: 1.7, Strings: 1, Instructions: 477COMMON

Download Yara Rule

Strings

TU, xrefs: 00BE96E4

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: TU
API String ID: 0-2215587796
Opcode ID: 17633937a56c52d94685af7b17830cfcc84861d6c8e36484ec2a3b5ae83fc290
Instruction ID: 05f99c38c5d7e44dc5f939e250ee0d578221f1cab91853b164b07d48a5de1a80
Opcode Fuzzy Hash: 17633937a56c52d94685af7b17830cfcc84861d6c8e36484ec2a3b5ae83fc290
Instruction Fuzzy Hash: 0DE1F632528312CBCB189F28E86227BB7F1FF89751F0A897DD481872A4EB798954C741

Function 00C903A0 Relevance: 1.7, Strings: 1, Instructions: 436COMMON

Download Yara Rule

Strings

>o3f, xrefs: 00C908C9

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: >o3f
API String ID: 0-578911694
Opcode ID: ac958f385840b5c09537b62cc0dc3746b7f82dd5d8e11a9b60d08220a29c9ced
Instruction ID: b8af05670daac7d11a02fa4d92175ef9500393d104f9417eab426d1f27e5af97
Opcode Fuzzy Hash: ac958f385840b5c09537b62cc0dc3746b7f82dd5d8e11a9b60d08220a29c9ced
Instruction Fuzzy Hash: 11E1D1F3F102244BF7148929DC943627692DBD5324F2F8638DF98AB7C4E97E5C068285

Function 00C833FF Relevance: 1.6, Strings: 1, Instructions: 350COMMON

Download Yara Rule

Strings

f, xrefs: 00C8368D

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: f
API String ID: 0-1993550816
Opcode ID: bdd22a7cddb55efdfbc1554e12acc18bd9f21b82a77f039b630dc5d7d916d469
Instruction ID: 4ef3da154b42d83cc592e6a878928cef320c4ec1b59c5ddec2ec02255aa816c8
Opcode Fuzzy Hash: bdd22a7cddb55efdfbc1554e12acc18bd9f21b82a77f039b630dc5d7d916d469
Instruction Fuzzy Hash: C0C1CAB3F1122547F3184839CC683A2A6839BD5324F2F82788F5DAB7C5E97E5D0A52C4

Function 00C440B2 Relevance: 1.6, Strings: 1, Instructions: 308COMMON

Download Yara Rule

Strings

#, xrefs: 00C441CA

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: a6d205d83ec39f5fed6491ddf5bd9c635a0714e4a6a852e4ae74e86f70f69eea
Instruction ID: 8bcf2c14bae4a0bef9685296b5104deb604264f4c5362e4c332f29048e80b7ba
Opcode Fuzzy Hash: a6d205d83ec39f5fed6491ddf5bd9c635a0714e4a6a852e4ae74e86f70f69eea
Instruction Fuzzy Hash: AAB18BB7F1162447F3944839DC583A26183DBE5324F2F82788E8DAB7C6D87E9D0A1384

Function 00C5D221 Relevance: 1.6, Strings: 1, Instructions: 304COMMON

Download Yara Rule

Strings

3eM', xrefs: 00C5D3BB

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 3eM'
API String ID: 0-1830487483
Opcode ID: 761f0233ad92791ed79e41e89d506a13184699eed2d258c95bd06ab2e4c670d6
Instruction ID: e79a9565e754410c96882b05f9d2f2d2af87fc6c52ddef445bfa7435eb5b10eb
Opcode Fuzzy Hash: 761f0233ad92791ed79e41e89d506a13184699eed2d258c95bd06ab2e4c670d6
Instruction Fuzzy Hash: 65A18FB7F216250BF3844968CD983A26643DBD5314F2F81788F8CAB3C6D97E9D0A5384

Function 00C49381 Relevance: 1.5, Strings: 1, Instructions: 297COMMON

Download Yara Rule

Strings

%(h6, xrefs: 00C49578

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: %(h6
API String ID: 0-3798524798
Opcode ID: c50b27a0c081016479f0ecc9d0730dd11a42192bb6bd11925aba94c54d1c5f8b
Instruction ID: 7e00a691f2bad50c16e0572570fa2a1f22327f986f9ee55a7e85b2a8da7f1bf4
Opcode Fuzzy Hash: c50b27a0c081016479f0ecc9d0730dd11a42192bb6bd11925aba94c54d1c5f8b
Instruction Fuzzy Hash: ABA18CF3F616244BF3584929CD583A16683ABE5324F2F42788F8C6B7C6DC7E5D0A4284

Function 00BEB450 Relevance: 1.5, Strings: 1, Instructions: 293COMMON

Download Yara Rule

Strings

5|iL, xrefs: 00BEB680

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: 5|iL
API String ID: 2994545307-1880071150
Opcode ID: 9fa2318221eea6d98a87153f910677648aa37a24bedefb9b1b9289ff5719572b
Instruction ID: 55a54b40f31dc896a26a547f0793f634cf3261d53bce6386cacdb815da2dca0d
Opcode Fuzzy Hash: 9fa2318221eea6d98a87153f910677648aa37a24bedefb9b1b9289ff5719572b
Instruction Fuzzy Hash: 14713532B083518FD7148E29C891B7BF7E2EBD4314F2985ACD9D98B3A2D7749C418782

Function 00C9F28F Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

E, xrefs: 00C9F49A

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: 043abe9dc47c43b601cb7b004f0f127ab856a53ccbd0ad7ae45c945da5f43b57
Instruction ID: c90d5338e88eb3d8ff5c3474289246ee25157b514c36e8806c352fe5f1899a34
Opcode Fuzzy Hash: 043abe9dc47c43b601cb7b004f0f127ab856a53ccbd0ad7ae45c945da5f43b57
Instruction Fuzzy Hash: B8A15AF7F2122547F7984929CC5836226539BE1314F2F82788F4CAB7C5E97E9D0A5388

Function 00C1F088 Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

X, xrefs: 00C1F157

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: X
API String ID: 0-3081909835
Opcode ID: 47a0a3190aad315a536a480ddfdfd428ba83b8fd9c7dbfdaa444f659f5b177f1
Instruction ID: 6a9e7f4b95e6dd8b08199d11fa1f0374f6457e95c723daf780a747681a95abc5
Opcode Fuzzy Hash: 47a0a3190aad315a536a480ddfdfd428ba83b8fd9c7dbfdaa444f659f5b177f1
Instruction Fuzzy Hash: 00A18EB3F102244BF3584D39CD983627682DBD6321F2F827C8E59AB7C9D97E5D0A5284

Function 00BEC0C0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON

Download Yara Rule

Strings

W, xrefs: 00BEC1F5

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 9d863db3723d698aa9aa40e001299841dce058cb2d2adc4767998ecfeba1affc
Instruction ID: 42d537f7c4b1ae0072c80c4ee4f8a3a6182fb0450b20284227cac7ffcb2b4923
Opcode Fuzzy Hash: 9d863db3723d698aa9aa40e001299841dce058cb2d2adc4767998ecfeba1affc
Instruction Fuzzy Hash: 9B91D23160C3908FC3158F29C89066EBFE2ABD6314F19C6ADE8E55B392C735D846CB52

Function 00BB60D0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,, xrefs: 00BB6206

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 8e80273843b8b12b0da27f0199e73b9be926389291d48202406f56c6ee8f46e6
Instruction ID: 4d65eeb6564890b696b90b6b93075857968c3b670c8ac3f6ece3654e05c92705
Opcode Fuzzy Hash: 8e80273843b8b12b0da27f0199e73b9be926389291d48202406f56c6ee8f46e6
Instruction Fuzzy Hash: 24B138711083819FC325CF18C88066BFBE0AFA9704F444E6DE5D997382D675E918CB67

Function 00BDA5B0 Relevance: 1.5, Strings: 1, Instructions: 257COMMON

Download Yara Rule

Strings

", xrefs: 00BDA874

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: f8bc580afdc40864a8f7028a7881a27717299395e5ce4967c6b484ccc47411bb
Instruction ID: 98193a187d0610ff258c8f7806ed30be35fbe44b7eb634b4fca001372dba6a82
Opcode Fuzzy Hash: f8bc580afdc40864a8f7028a7881a27717299395e5ce4967c6b484ccc47411bb
Instruction Fuzzy Hash: 2C81D632A086514BC7249D3C88C021AF6D7ABD5330F2DC7AAE8B49B3E5F675CC464782

Function 00BE2360 Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

0, xrefs: 00BE23B6

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 87ec1ded6fba8c0fbaa764674764c17bd806d3581ae82b539ab745979a9ea5b2
Instruction ID: d06c0e60b0ee4648cbb594b54ad0340827b1d6a34b12e7cf4a2505a622e29acb
Opcode Fuzzy Hash: 87ec1ded6fba8c0fbaa764674764c17bd806d3581ae82b539ab745979a9ea5b2
Instruction Fuzzy Hash: 99811833E599E00BC3289A3D4C512A679D74BD6330B2EC3BDADB59B3E5C6698D054380

Function 00CAC3E2 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

LGuj, xrefs: 00CAC569

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: LGuj
API String ID: 0-2054989353
Opcode ID: c06648222da6bd4e86b6ea40f72f7095cad1b110475618e6f704f5aa8a2c0fe6
Instruction ID: 7b408cc2e852fc0bf05c42c6a9d2a820edf4ab9fc72bbebb60c5035fb44c538b
Opcode Fuzzy Hash: c06648222da6bd4e86b6ea40f72f7095cad1b110475618e6f704f5aa8a2c0fe6
Instruction Fuzzy Hash: A181CDB3F5122547F3144E28CC583A1B692DBD6320F2F82788E9C6B7C5E97E6D0992C4

Function 00C7F246 Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

Q, xrefs: 00C7F30A

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: Q
API String ID: 0-3463352047
Opcode ID: baa6ff2b758110772696827e8a225e7b7de75ce0daf9ae422b71a126650a9812
Instruction ID: 4f8eb2256fd87da7dbff80511458a65b3bd036531999c3786645b9d0adc0abd3
Opcode Fuzzy Hash: baa6ff2b758110772696827e8a225e7b7de75ce0daf9ae422b71a126650a9812
Instruction Fuzzy Hash: 638187B7F1162447F3444929CC583A172839BE5324F2F81788F9C6B7C6D97E6D4A9384

Function 00CB9339 Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

a-!O, xrefs: 00CB95D6

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: a-!O
API String ID: 0-4172796715
Opcode ID: 487896cca213e74e3fe56d7fa7583be071a7df80ce99ec23c66b9e7ef789a930
Instruction ID: 8fbe560da4889ae0681d78e0c64a9b2da371f6e546861676927965001a245443
Opcode Fuzzy Hash: 487896cca213e74e3fe56d7fa7583be071a7df80ce99ec23c66b9e7ef789a930
Instruction Fuzzy Hash: 528198B3F5122547F7544878CC983A22693DB96320F2F42788F986BBC6D97E4E0A53C4

Function 00BDB120 Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

", xrefs: 00BDB31E

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: a3c45a116d1bcfb82e13fe65b12956e147a2fd8ad73a016dda39fbd2ee11f08e
Instruction ID: 372869788fb245582836f8abb428bd4de6c15c3f288abcf40560ee9f4004e18b
Opcode Fuzzy Hash: a3c45a116d1bcfb82e13fe65b12956e147a2fd8ad73a016dda39fbd2ee11f08e
Instruction Fuzzy Hash: DF71E532A18355CBD714CE2DC890B1EFBE2EBC9720F1A85AEE4949B395E330DC459785

Function 00CF92E7 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

ru, xrefs: 00CF947F

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: ru
API String ID: 0-1282297722
Opcode ID: de28e3426e28858136e4e9fa83f2a5cefb644148e4286e8e1c9f316d7680b0d9
Instruction ID: fc7cb0c00060f018bb4856425c5260735734b70eef1b0223d89f456abc8b94e8
Opcode Fuzzy Hash: de28e3426e28858136e4e9fa83f2a5cefb644148e4286e8e1c9f316d7680b0d9
Instruction Fuzzy Hash: E07115F3A182045FF3146A2CDC8573AFBE5EF94320F1A4A3DDB9593384E9799C108686

Function 00C810F3 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

}, xrefs: 00C811AB

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-4239843852
Opcode ID: 73de97171a8456fc8496067be0644286d48d95a56fcc7f7ffe12f90d5cb70ad7
Instruction ID: 77919c02fea33ef92fcd580ecdf0d2e7cb451b21b41ebebb0b7635ee91f18bf8
Opcode Fuzzy Hash: 73de97171a8456fc8496067be0644286d48d95a56fcc7f7ffe12f90d5cb70ad7
Instruction Fuzzy Hash: 2A71CEB7F1222547F3444D28CC583627693DBD1324F2F82388B88ABBC9D97E9D469384

Function 00CB33CD Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

r*8:, xrefs: 00CB3604

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: r*8:
API String ID: 0-70979956
Opcode ID: a91312083c5b9eef88bb29371a2add44ae2bdb64a334f98f8b39e88256d91529
Instruction ID: f1a4ea5dffc749a3154e6362e83c5be0c93fb129dd60cbaba398401d141bd892
Opcode Fuzzy Hash: a91312083c5b9eef88bb29371a2add44ae2bdb64a334f98f8b39e88256d91529
Instruction Fuzzy Hash: 76719AB3F1122547F3044929DCA83A27293DBE1324F2F81788F886B7C6D97E9D0A5385

Function 00C533AF Relevance: 1.5, Strings: 1, Instructions: 221COMMON

Download Yara Rule

Strings

-%a,, xrefs: 00C53590

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: -%a,
API String ID: 0-61086449
Opcode ID: bdafe221f828dc83c778780365fa863a4660d77a170af9c84939a29bf83f04e8
Instruction ID: fc2a148f9893bb087bf5ed911871cb220bba6ebc5ba4f58b868a477f168dcae9
Opcode Fuzzy Hash: bdafe221f828dc83c778780365fa863a4660d77a170af9c84939a29bf83f04e8
Instruction Fuzzy Hash: 0C71DAB7F1162547F3588979CC983A16283DBD5324F2F82388F5C6BBC5E8BE5D0A5284

Function 00C8F135 Relevance: 1.5, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

i7tO, xrefs: 00C8F2B7

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: i7tO
API String ID: 0-3950933107
Opcode ID: ee61c6243a89f51a64cc28ed2312e58540826f319cfd86443bca2d882525e936
Instruction ID: 01dd246f40ab69108cbcb2c0ff20db05170aa2e3545b910e9ed3e081484ef32d
Opcode Fuzzy Hash: ee61c6243a89f51a64cc28ed2312e58540826f319cfd86443bca2d882525e936
Instruction Fuzzy Hash: 94717AF7F216254BF3444969DC983617683DBE1324F2F81388F986B3C6E97E9D0A5284

Function 00BC6274 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

t, xrefs: 00BC6338

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: e5a4f521271488b8c43733d07db8a82ebe091abe0b7414a21321ce1a3aca2aa0
Instruction ID: 1c762d5f3dd94d497a7a8a73c70a6617b88ce742f1e70e563c9ef2f3e2ded539
Opcode Fuzzy Hash: e5a4f521271488b8c43733d07db8a82ebe091abe0b7414a21321ce1a3aca2aa0
Instruction Fuzzy Hash: D351333210C3818BE315CF39D451B2BBFE1EF9A344F1889ADE4D6972A2DB388545CB42

Function 00C4C18C Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

E, xrefs: 00C4C277

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: bb5cabf5fdff462b200bf974dabe24adc2cea3e983e7ad1739cd4d606b8cce56
Instruction ID: aeaba85524833749ab20644f15c6fee9a67e3a6320119118254bb0c5cc75ad93
Opcode Fuzzy Hash: bb5cabf5fdff462b200bf974dabe24adc2cea3e983e7ad1739cd4d606b8cce56
Instruction Fuzzy Hash: 29513BB3F112244BF3904979CD883526693EBD5320F2F82788E9C6BBC9D87E5D0A52C4

Function 00BD8328 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

(+, xrefs: 00BD85C0

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: (+
API String ID: 0-2956477717
Opcode ID: 278b6d815f066f1d1959759d730eb6cdbf9173e94c42848dec5e30723ef0549b
Instruction ID: 3c3eb9fe8f177377a2eaf5a2dbb83dbe64009572d28bd123566366df761450cc
Opcode Fuzzy Hash: 278b6d815f066f1d1959759d730eb6cdbf9173e94c42848dec5e30723ef0549b
Instruction Fuzzy Hash: 434130B6A083518BC320CF6198C039FBAE1FBD6304F094D3DE99567341EB7589058B97

Function 00BE90C0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

EFG@, xrefs: 00BE91C2

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID: EFG@
API String ID: 0-813506099
Opcode ID: afe3f4eb2f15dffddb78fe9fd44431411114a56d9fa8be4e2fb62d3e1dbe17a6
Instruction ID: 0d23f9d6cea7f90cc423e0e0cc309cc17c5979fe7322f2e503f1455aca00f6a7
Opcode Fuzzy Hash: afe3f4eb2f15dffddb78fe9fd44431411114a56d9fa8be4e2fb62d3e1dbe17a6
Instruction Fuzzy Hash: 5D3137756083457BDB10AA2AEC86B3BB3E9EFC1748F04446CFA8597252E721DC089363

Function 00BB8520 Relevance: .8, Instructions: 796COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fb1bbc1e7a57b74a7213f19b14692a2197b940f51fa5c325c366aebee6d008e
Instruction ID: 30c8f60c8a0e26511b1d331263dcc35474c72ed650f4cb08e8eaba8bfead19b0
Opcode Fuzzy Hash: 0fb1bbc1e7a57b74a7213f19b14692a2197b940f51fa5c325c366aebee6d008e
Instruction Fuzzy Hash: 654203316083158BC725DF18E8802BEB3E6FFD4304F29896ED99697285EB74E951CB42

Function 00BB34C0 Relevance: .6, Instructions: 613COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0663c8968d24a9f145b0ebabf2d1c592de7866b804b84f867f3bd49e92e284a3
Instruction ID: b51fbe40aea2fd9ab7f2537d4a9c7d98e5af2a009dd809afd33b94da05a778fb
Opcode Fuzzy Hash: 0663c8968d24a9f145b0ebabf2d1c592de7866b804b84f867f3bd49e92e284a3
Instruction Fuzzy Hash: 424201B0A14B108FC378CF29C5D05AABBF1FB45B10B644A6ED69787B90D7B6B944CB10

Function 00C7B368 Relevance: .6, Instructions: 610COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de1fc097148f755560d500273fd6e691ca089edc8a324383c0b21dc0253828df
Instruction ID: beb76e1f88ca8686b16fe7a45730017f765c1eb311eeb0b91a647d1176f5e607
Opcode Fuzzy Hash: de1fc097148f755560d500273fd6e691ca089edc8a324383c0b21dc0253828df
Instruction Fuzzy Hash: 81128AF3E5192507F7680878CD693B6598297A1324F2F82798F6E27BC5DDBE1D0602C4

Function 00CBE285 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa969054603345eb520aa88b1e866febbf5d8a2a4464694fc4c3bc46a1345ae3
Instruction ID: b79744b738e3ef5927b683265f70141feb6cbf1448933abbbe7982a031ac93cc
Opcode Fuzzy Hash: fa969054603345eb520aa88b1e866febbf5d8a2a4464694fc4c3bc46a1345ae3
Instruction Fuzzy Hash: D002D2F7F106144BF7085D29DC943767692EBD4324F2F863C9A89977C8E93E980A8285

Function 00C4849C Relevance: .5, Instructions: 486COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 787faec0c5ba34397301a08ea2c3e4acb48b169b0b482e87abeefc59810f49da
Instruction ID: c52ee123273bb8c3ba39c2f28cab4d1fd72fb932b506945cd2547e459ee6e741
Opcode Fuzzy Hash: 787faec0c5ba34397301a08ea2c3e4acb48b169b0b482e87abeefc59810f49da
Instruction Fuzzy Hash: 18F1D6B7F042148BF3144D29DC98766B692EBD5324F2F823DDE88977C4D97E6C0A8285

Function 00BD910B Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8080ed3e836ea772aef5e281f02aff7bc9bdb01a8f2a2e0de98d4ef1c7fab3b9
Instruction ID: 49e03c878b0281dd22bca10c38f60babd1a38b6ff7b78a0b9faffded847144d2
Opcode Fuzzy Hash: 8080ed3e836ea772aef5e281f02aff7bc9bdb01a8f2a2e0de98d4ef1c7fab3b9
Instruction Fuzzy Hash: BCE1DC705083159BD710CF64C89136BF7F1EFA2754F089AADE8D55B3A0E3B89905CB86

Function 00C7B465 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b7cc52b2bcd2a21555b9dc060b126c717a7240eab06527d78fb1319c411a970
Instruction ID: 3eb4a9d6bb89fa203ff3ff611efb05f7af75032d01ab642848881c983a129cfc
Opcode Fuzzy Hash: 7b7cc52b2bcd2a21555b9dc060b126c717a7240eab06527d78fb1319c411a970
Instruction Fuzzy Hash: 76F18AE3E1192503FBAC0478C9693B6598293A1325F2F827DCF6E277C6DDAE1D4602C4

Function 00C3E5D3 Relevance: .4, Instructions: 446COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb62754de970e20dc0241c1462f75c68319beb7d571253875edd9df12902f60
Instruction ID: 0dce99f685745f3e06311cd977683252aee1fbf1f64118db1ec208abedd60131
Opcode Fuzzy Hash: 2eb62754de970e20dc0241c1462f75c68319beb7d571253875edd9df12902f60
Instruction Fuzzy Hash: 20E1E3F3E142248BF3045E39CC84366BB92EB95720F2F463C9A88A77C4D97D9C059785

Function 00C55009 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b55f7634bba47e4525d4a7b5e5a9ddba1f13e7d54e54db1027e8098d577b7b17
Instruction ID: 8785d23ecff8f632b1de93400f69bba6c253afaff0dd118f57d1753ad0bb84cb
Opcode Fuzzy Hash: b55f7634bba47e4525d4a7b5e5a9ddba1f13e7d54e54db1027e8098d577b7b17
Instruction Fuzzy Hash: 0AD1E1B3F142154BF3048E39DD89376B6D6EB94324F1A823DDE88977C8E93E9C058285

Function 00C22432 Relevance: .4, Instructions: 411COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0462e690b097ef2b638924052ebb9bbbc778df28cbd61eb10041005a4033658
Instruction ID: e48efa301092dd20af6a640eee19414ead351189ea22f991c2b080f2a9e1263a
Opcode Fuzzy Hash: b0462e690b097ef2b638924052ebb9bbbc778df28cbd61eb10041005a4033658
Instruction Fuzzy Hash: 5BD1E0F3F042144BF3449E39DC98366B6D2EBD4724F2B863CDB899B3C4E93958058686

Function 00C3C2CA Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b67aa32a2618cbf7b5675b1ffa556f5112acf434f1acd70cd48ec9a0bdcac877
Instruction ID: 7d5347c96e7e763e2788e212447996db2a4b4bf0c9d82c635d6d2679b4b3fb2e
Opcode Fuzzy Hash: b67aa32a2618cbf7b5675b1ffa556f5112acf434f1acd70cd48ec9a0bdcac877
Instruction Fuzzy Hash: 5CD1BFF3F152248BF3444928DC583667692DB94320F2F863C9E9DAB7C4E97E9C054385

Function 00C651DE Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 547cf2b096502fc4726a14c2327b29244b9d4cebf64c9d7d47fc2dabb77d11e7
Instruction ID: 9f4303f0fd4983143c5ce69a09a5e250fb30e0a1b5cf5d8870d4eeb9623fe0b3
Opcode Fuzzy Hash: 547cf2b096502fc4726a14c2327b29244b9d4cebf64c9d7d47fc2dabb77d11e7
Instruction Fuzzy Hash: 8AD188B7F116214BF3444968CD683A22583DBD5324F2F82388F59AB7C9D8BE8C0A5380

Function 00C9E1B3 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36f9075906d8ad15b0b9daa23cf2f011babe7e82b4aacbab58cceacf396090c
Instruction ID: e29f4525454e9f78d767f3c2a4d400d9888136901d40552342936d8197402390
Opcode Fuzzy Hash: f36f9075906d8ad15b0b9daa23cf2f011babe7e82b4aacbab58cceacf396090c
Instruction Fuzzy Hash: E0C1BEF7F1162547F3584939DC583A222439BE5324F3F82788B9C5BBCAD87E9C0A5284

Function 00CC0050 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063119529e2cd389369d4583ca20adecab392f59245404ac8691af2632ebdefc
Instruction ID: e6bfc50638ce1d16cd547c00f4b0e9c7859edb0af8f79e9b7da7a7801aa3989c
Opcode Fuzzy Hash: 063119529e2cd389369d4583ca20adecab392f59245404ac8691af2632ebdefc
Instruction Fuzzy Hash: 6FC1DCB3F512254BF3484978DCA83A16643DBD5324F2F42788F9CAB7C6D8BE5D0A5284

Function 00CB716A Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56a92ee84029ebf3dccc5e224f95694ab966fabb20306cd65e1a3fc184339f6c
Instruction ID: e73a4a9e0bd0a57af7dbfc62d4f69341791177ad3966ddbfabd6f3e9c0954a12
Opcode Fuzzy Hash: 56a92ee84029ebf3dccc5e224f95694ab966fabb20306cd65e1a3fc184339f6c
Instruction Fuzzy Hash: 1DC178F3F1162547F3584878CD583A265829BE5324F2F82788F5CABBC6E87E4D0A52C4

Function 00C8F491 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1f5972810806d4e913d3275fba38024686936e48cccbd010d4d0761b7b942ce
Instruction ID: 8b80e02941327a2613039feb140cb57097a4c318704a8d861361e6ac661a3995
Opcode Fuzzy Hash: c1f5972810806d4e913d3275fba38024686936e48cccbd010d4d0761b7b942ce
Instruction Fuzzy Hash: 3AC189E7F116254BF3844878CD883626683DBD5325F2F82788F586BBCADC7D5D0A5284

Function 00C7A101 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c1ed2c309c15e06b68049342bea2bd72689ddfb453c320c50e73cd6fedbfb39
Instruction ID: cb88ae5876282255811b4f1ef6c3b6aa0e21d3db2929260245e3c0163226ac83
Opcode Fuzzy Hash: 8c1ed2c309c15e06b68049342bea2bd72689ddfb453c320c50e73cd6fedbfb39
Instruction Fuzzy Hash: BDC19CB7F516254BF3544839DD9836265839BD1324F2F82388FAC6BBCADC7E4D0A4284

Function 00C2C5CD Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3462f935813181a5637d9478875d1670bde364c9e5c1da667e4ffa96792ab498
Instruction ID: 2cc0cfacaca6094ac8ed1bb9bd0a2e0508f3f268587c392b51c67152f36d3236
Opcode Fuzzy Hash: 3462f935813181a5637d9478875d1670bde364c9e5c1da667e4ffa96792ab498
Instruction Fuzzy Hash: A3C15AB3F2122547F3584929CC5836666839BD5321F2F82388F9CABBC5D97E9D0A5284

Function 00CB21C4 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc910eb1515f973e34cd4150c68e1f8e7b4600fe3b1a2d3aad0224eab6b36a90
Instruction ID: 7c2c0b5b6c7f777013ea54be856bde93691886883245ca552d18f1fc271d6294
Opcode Fuzzy Hash: bc910eb1515f973e34cd4150c68e1f8e7b4600fe3b1a2d3aad0224eab6b36a90
Instruction Fuzzy Hash: 5FC158B7F116350BF35448B9CD98362A5829795324F2F82788F5C6BBC6D8BE5C0A52C4

Function 00CA42DB Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c59c8b1660d51f196b6ef6fd18bc70bd84510f0af9531ba0c1e3a3338b3896fb
Instruction ID: 0ef13b4a513a53f19b6ffa55031fbe6ecaf7f31c3502ba725f2c7af94353e726
Opcode Fuzzy Hash: c59c8b1660d51f196b6ef6fd18bc70bd84510f0af9531ba0c1e3a3338b3896fb
Instruction Fuzzy Hash: 37B18AF3F5122547F3484839CD993A26583DBE5320F2F82388F599B7C6D97E9D0A5284

Function 00C24466 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ecbbbb73b623b8a5d3f1dd95bf26dd173c3c848cccf544f5fe8ddaaa946f280
Instruction ID: a7fd85994b0aad005f6f1be33fc41cd80ebb4b274a17af26bfd39f36d85339b9
Opcode Fuzzy Hash: 4ecbbbb73b623b8a5d3f1dd95bf26dd173c3c848cccf544f5fe8ddaaa946f280
Instruction Fuzzy Hash: 9BB159F7F102244BF3444929CD583627683DBD5314F2F82788F48ABBCAD97E9D0A5284

Function 00C7006D Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4062942dda030f9e0fbbda76d921e3381464b04b0ed1ecb47ce99a6fd7291726
Instruction ID: f092a5d78f21362401690858dfb3eccb48dedcbab2fc82cfab73a5e0d1667d1a
Opcode Fuzzy Hash: 4062942dda030f9e0fbbda76d921e3381464b04b0ed1ecb47ce99a6fd7291726
Instruction Fuzzy Hash: 7AB199B3F1122547F3584D39CC583A266439BD1320F2F82788F9D6BBC9D87E9D0A5284

Function 00C8258A Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28d08b73021f04c21e9cdc835722ac1e2617595c6b2ef8ea3863e8c8694f0706
Instruction ID: 3cf483ff3747089f2899938e9180a36478cf64b096b58903ade4b834c0321768
Opcode Fuzzy Hash: 28d08b73021f04c21e9cdc835722ac1e2617595c6b2ef8ea3863e8c8694f0706
Instruction Fuzzy Hash: 5DB16FB7F5062547F3544839DD983A265839BE5324F2F82388F9CAB7C6D87E9C0A5284

Function 00C555AB Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fb9f00691102cc3bd72c97b58ae947e998bd96f6d43b45b185d7e69ca96f784
Instruction ID: c3a9c8b5fc3f90f93c36911996cf35a051fefa833b870387f73a5d73c2d33ff0
Opcode Fuzzy Hash: 5fb9f00691102cc3bd72c97b58ae947e998bd96f6d43b45b185d7e69ca96f784
Instruction Fuzzy Hash: 4CB1ACB7F1162587F3448D68CC943A27243DBD6324F2F82788E586BBC9D97E5D0A5384

Function 00C1E0AA Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 179392b8c73f561442edcc0a07af326ec16a5d4161fc3da15929c44480dfcbe1
Instruction ID: c1b93b469b79f7d4614dcc37f502a798d914e53b300d7e9d0073b0257703417e
Opcode Fuzzy Hash: 179392b8c73f561442edcc0a07af326ec16a5d4161fc3da15929c44480dfcbe1
Instruction Fuzzy Hash: 49B1AEB3F5122547F3444839CC6836265839BD5324F3F82798F59ABBC5DC7E8D0A5284

Function 00BDE450 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf7bd81006eba4d20ad7ccf5d691fa2c7c8abd4812b1d9896fcbe1944d340c9
Instruction ID: 856d90e7d36091b490f78ee1b4692e0173caa4599db47786616692b1474ee376
Opcode Fuzzy Hash: 0bf7bd81006eba4d20ad7ccf5d691fa2c7c8abd4812b1d9896fcbe1944d340c9
Instruction Fuzzy Hash: B9E138B16067009FC759CF28D8557A7BBEAFB89304F14496EE0AE8B390DB712905CF91

Function 00C54310 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc751025a54e97806671353eb8dd8fe7a9ba7940e127cea04142b9cb9994fd16
Instruction ID: 65e91761710af1c5f668a70e96da1c8187ffcc86bcc351835ffad737f4779366
Opcode Fuzzy Hash: dc751025a54e97806671353eb8dd8fe7a9ba7940e127cea04142b9cb9994fd16
Instruction Fuzzy Hash: 41B16CB7F2152507F3444838CD583A265839BD5324F2F82788F9CAB7C9D97E9D0A5388

Function 00BDD052 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc46b2f979732aba43e7139bb150686a0a6ebe7b74d0a1efedf2e1bae558c335
Instruction ID: 67d985f36a782e527547110cd2ed202dae6d7a7a27039a9f07418028eab966fd
Opcode Fuzzy Hash: bc46b2f979732aba43e7139bb150686a0a6ebe7b74d0a1efedf2e1bae558c335
Instruction Fuzzy Hash: 80A17374508B818ED726CF3980607A3FBE1AF57314F1489AEC0EB4B792D736A509CB55

Function 00C76433 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a21de297618d6a32eec00bdd10848e79444a4efb505f4420063422522aeee5a
Instruction ID: 7ad3af374f39b467402322cf93403d8a97f50297e9d9ea3de806794f0979b495
Opcode Fuzzy Hash: 4a21de297618d6a32eec00bdd10848e79444a4efb505f4420063422522aeee5a
Instruction Fuzzy Hash: 7CB198F7F1062507F3580839DDA83A265829BD5324F2F82388F9D6B7C6E87E5C0A52C4

Function 00C50424 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1617129e695e947a72e80cf192cc835559ff781e3e844845fa469257453e679e
Instruction ID: 1ebdfe29845e5d5e68649c5ddc0aa5553876aac8b3631cf35fb1259340e801dc
Opcode Fuzzy Hash: 1617129e695e947a72e80cf192cc835559ff781e3e844845fa469257453e679e
Instruction Fuzzy Hash: 4CB19DF3F116254BF3484938CDA83A26682DBE5320F2F42788F5D6B7C6D87E5C0A5284

Function 00C5E1F6 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ef64f0d36c5e2d7a92e899359510eb67edd31b56a8468f319f209a4570ab2a7
Instruction ID: 9b223de0952bf92887b829804add374e68c1e4be4c4cfa388ec11e890118dcb3
Opcode Fuzzy Hash: 2ef64f0d36c5e2d7a92e899359510eb67edd31b56a8468f319f209a4570ab2a7
Instruction Fuzzy Hash: B2B1ADB3F5122547F3544969CC983A2A1839BD5324F2F82788F9CAB7C5E87E9D0A53C4

Function 00C6B303 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3130a67839cd6ef597c6d8858f42b161a3f3c718ff21d75ad8cf644dcef52a8d
Instruction ID: 2d669ae95c3d2e211d94e99cb8fc338421f81d706d25e7afe732df69168c4092
Opcode Fuzzy Hash: 3130a67839cd6ef597c6d8858f42b161a3f3c718ff21d75ad8cf644dcef52a8d
Instruction Fuzzy Hash: 25B17AB7F1122547F3944838CC993A2658397D5321F2F82788F69AB7C6DC7E9D0A1384

Function 00CBC4CD Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d98cdd9b41e7c53553df430c21f2fd983f827ffe9b6886fc1a0bff2295a3ce12
Instruction ID: 2326f08bf672f6048a9db5e7a0bab8866ac635c447b95fd652bdf7cd7b97400b
Opcode Fuzzy Hash: d98cdd9b41e7c53553df430c21f2fd983f827ffe9b6886fc1a0bff2295a3ce12
Instruction Fuzzy Hash: E1B18BB7F512254BF3444878CD983A266929BD5324F2F8278CE4CAB7C6D97E9C0A53C4

Function 00BDD067 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61ce8ac0b8938d9da9509cfecc8d55b73bd1bd9183f7b6b9166ae623fe760372
Instruction ID: 1451da7e4743b4a28f2fc90891e5cdab23aecac30cac0592bee8897a29c26d3b
Opcode Fuzzy Hash: 61ce8ac0b8938d9da9509cfecc8d55b73bd1bd9183f7b6b9166ae623fe760372
Instruction Fuzzy Hash: E1A17374508B818ED726CF3980607A3FBE1AF57314F1489AEC0EB4B792D736A509CB55

Function 00BBC3D4 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81ccc4902217b69c09f21ce18130191cf5bfe36a1c3053aee7f0bf03f7c59220
Instruction ID: 2d075f7e5cfad578f337e673612b9de83b7367ebf8f5f892e05b62f93a5fd1af
Opcode Fuzzy Hash: 81ccc4902217b69c09f21ce18130191cf5bfe36a1c3053aee7f0bf03f7c59220
Instruction Fuzzy Hash: E2B1AC75201B02DFC7248F29DC95A26BBF2FF89311B15897DE56AC7AA0DB74E811CB40

Function 00C303B7 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2453c9c2490ca56c53533d92971459f6d87618cd46d0d5d56d2efe6334e8bb0f
Instruction ID: 035e59e29ff4a104fa57c63a0f7f67b0eaaa3b405763e06d97696a5acc72e5e5
Opcode Fuzzy Hash: 2453c9c2490ca56c53533d92971459f6d87618cd46d0d5d56d2efe6334e8bb0f
Instruction Fuzzy Hash: 9FA1ACB3F6062547F3644878CD993A26582DB95324F2F43388FA9AB7C6D87E9D0953C0

Function 00C2D43C Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23b6d4be967f74a8c99845c3d5c237acf020a37ac385fc25d8de61c91396f2b
Instruction ID: 48f47bfd13676a2f0b8dd42c3beb2069525a4f09c09a6c9b9695bb58b94b5508
Opcode Fuzzy Hash: e23b6d4be967f74a8c99845c3d5c237acf020a37ac385fc25d8de61c91396f2b
Instruction Fuzzy Hash: 97B19BB7F5122547F3544D28CC983A276839BD5324F2F82788F986B7C6D97E9C0A5384

Function 00CBB273 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 605f3073bc4b8d1de05f57f169af3e4c4e4cdce2927919a71fbc0cf28e8bc137
Instruction ID: 023eb10a206122fb5f4ba6b7366c244410e2d35526ab3b93b78ee2fa45565d44
Opcode Fuzzy Hash: 605f3073bc4b8d1de05f57f169af3e4c4e4cdce2927919a71fbc0cf28e8bc137
Instruction Fuzzy Hash: 8CB17BB7F102254BF3844939CD683627693DBD5314F2B81788F89AB7C9D87E9D0A5384

Function 00BF11B0 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73c8a2ec76141df1b745dbd70ea94916502203c97f7a63b8465d9ad5fe0075dc
Instruction ID: 2700152141cca7a5ed51267ae1bc9b4f5870033cb9cbd0ef6f8e7665d6733553
Opcode Fuzzy Hash: 73c8a2ec76141df1b745dbd70ea94916502203c97f7a63b8465d9ad5fe0075dc
Instruction Fuzzy Hash: 648144726083058BD728CE59D88063BB7E3EBD4314F198D7CEA9587392DA359C49CB92

Function 00C8D0FF Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d2403809d5579440e49abd4b6b14451ed3c20f61a06301970ef8c75dcb58c6b
Instruction ID: f6bfabcf410e04d9bae70aa091732c8a9411cc0834a4ecd8ba5ba751d66b91fd
Opcode Fuzzy Hash: 1d2403809d5579440e49abd4b6b14451ed3c20f61a06301970ef8c75dcb58c6b
Instruction Fuzzy Hash: 74A18CB3F1022547F3544938CD983A26683EBD5324F2F82788E8DAB7C5D97E5D0A5384

Function 00CB50C0 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d6cce66f7a2d43c9dfc49e40a1a26fcaf7db7b92c63df8bc64bb90803fbda45
Instruction ID: 82098f4efe61c8787a7d283c5f957506ef2c0f9e3b889a80b8df41e6670bc7db
Opcode Fuzzy Hash: 6d6cce66f7a2d43c9dfc49e40a1a26fcaf7db7b92c63df8bc64bb90803fbda45
Instruction Fuzzy Hash: A2A1ACB3F6162547F3944838CCA83626583DBD6320F2F82788E9CAB7C5D87E5D0A5384

Function 00C201AD Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af5595d7f5ea88e8f30ef267cdeab0b2af880a8f57f89135f9adfbf2bece942
Instruction ID: 4035e5ed8a092d90237159f63df40bc47e5c55522788a45e28deabb74697bc7f
Opcode Fuzzy Hash: 3af5595d7f5ea88e8f30ef267cdeab0b2af880a8f57f89135f9adfbf2bece942
Instruction Fuzzy Hash: E9A16BB3F112258BF3544A29CC943A17693ABD5314F3F41788B8C6BBC6D9BE5D0A9384

Function 00CAF5BA Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c86e9432caaef21ca904fadda87a468d9544a767f5a5023d9d2d6a5a02e10e2c
Instruction ID: 7e494cdb8c39bcfa95f3db5c3f9789d3b507c5d6cbd6d34b5e5048b2ee94976f
Opcode Fuzzy Hash: c86e9432caaef21ca904fadda87a468d9544a767f5a5023d9d2d6a5a02e10e2c
Instruction Fuzzy Hash: 25A19BB7F202258BF3504D78CC983A27652EB96310F2F82788F986B7C5D97E5D099384

Function 00C3F03F Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab925fe4529cc8d211dbcc4e0c5f2e26db8f80e1529c2f600a4ab0c649522136
Instruction ID: aed0d4d49c04eb4373376133edb2e89b848c25056eb22ecebe90af4bf0bbd731
Opcode Fuzzy Hash: ab925fe4529cc8d211dbcc4e0c5f2e26db8f80e1529c2f600a4ab0c649522136
Instruction Fuzzy Hash: 98A178B7F5062547F3984839CD983622583DBD1328F2F82788F996B7C9DC7E5D0A5284

Function 00C3A25C Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2331059e286eec49b672015fd5b05f820d52ff26ac9c47c1c7d5f1da4dd3fb12
Instruction ID: 0b396bffebf2a3d9be4c973def097f4e139b33ef59f0e2a2155beef4bfea7ca1
Opcode Fuzzy Hash: 2331059e286eec49b672015fd5b05f820d52ff26ac9c47c1c7d5f1da4dd3fb12
Instruction Fuzzy Hash: C8A16AB7F116244BF3544D28CC943A27682DBA5324F2F42789F9DAB3C5E97E5C095388

Function 00C8B1F2 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3e6465d2d72d6a515ebe84e3f07fd1258aeb7e0a54c4e899cf0449aab60c602
Instruction ID: 04f852a2a7636b2a3042972a877ce8768c5971faa885cd232b70d3c04409c605
Opcode Fuzzy Hash: c3e6465d2d72d6a515ebe84e3f07fd1258aeb7e0a54c4e899cf0449aab60c602
Instruction Fuzzy Hash: 85A16AB3F1122547F3508979CD48362A693ABD5324F2F82788F8C6BBC9D97E5D0A52C4

Function 00C32266 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5be9c4ef45b6607c0836d382756c0981bb4835b5c8a84264e881943dd2e6a140
Instruction ID: 7a432bdc86fb0b00c1829301342bf917b2faf2e7097438e641a7f1592b7aafe5
Opcode Fuzzy Hash: 5be9c4ef45b6607c0836d382756c0981bb4835b5c8a84264e881943dd2e6a140
Instruction Fuzzy Hash: 51A16BB7F1121447F7484D29CCA83A26683DBD5324F2F81788B996B7CADC7E5D0A5284

Function 00CBC023 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c293acd5dedbb867d9ac0981b03970acdd5fcfd4cd20efeb0e3b225b92ccdcc
Instruction ID: 350cc5363a380b6f739abc347bb34a270d7bac6d673e284dcb66c4cc2155898f
Opcode Fuzzy Hash: 9c293acd5dedbb867d9ac0981b03970acdd5fcfd4cd20efeb0e3b225b92ccdcc
Instruction Fuzzy Hash: 8AA1B9B7F103254BF3584978C9A83626A82DB95320F2F42388F9D6B7C6E97E0D0653C4

Function 00CC847C Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479a74bd090737f18ae3b202a17e0606b68d007c24d9db94ab12e8c340bc5d39
Instruction ID: 7c9a54bc748f06fb035982c812ef8ac31e6351a5c70655b3fdb1b13427b70756
Opcode Fuzzy Hash: 479a74bd090737f18ae3b202a17e0606b68d007c24d9db94ab12e8c340bc5d39
Instruction Fuzzy Hash: 05A18DB7F112254BF3544D38DD983622683DBD5320F2F42389B98AB7CAE97E9D065384

Function 00C4F200 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f404154ea3e2a6e26bc50dfb219697dc94c6086fc709daca5af0a2a2bf8d6be7
Instruction ID: a8021ad6049915f3f50af8a07a60ee184a574abd8c0fb2b80f261679331ee392
Opcode Fuzzy Hash: f404154ea3e2a6e26bc50dfb219697dc94c6086fc709daca5af0a2a2bf8d6be7
Instruction Fuzzy Hash: C6A187F7F2122547F3444924DC983A262839BD6325F2F82788F5C2B7C9D97E5C0A9388

Function 00CC12F8 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4827943974a0da4319081ec9adbc77957cc77a1592d66eaf67cfa6ee278d3d
Instruction ID: ca7f0bbfa554a778780e2bdc238873851aea481d1b80a6202dcbc298addd9ce7
Opcode Fuzzy Hash: 0d4827943974a0da4319081ec9adbc77957cc77a1592d66eaf67cfa6ee278d3d
Instruction Fuzzy Hash: F8919CE3F2162507F3584C39CD583A66583DBD1320F2F82784F59A7BC9D97E8E0A4284

Function 00C71336 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84fd8368e0c0b7aada38d06cbd8a8c4af6256b93ef52c235e4379bb2224d5532
Instruction ID: 6605f23b03e2234c303fcc166f2a5bf69818868b6fa96e4896f91f894dbe8cf5
Opcode Fuzzy Hash: 84fd8368e0c0b7aada38d06cbd8a8c4af6256b93ef52c235e4379bb2224d5532
Instruction Fuzzy Hash: 21A19CB7F1022447F3484928DC993617652EBA5324F2F82788F8DAB3C6D97E5D0996C4

Function 00CC4093 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d2edf1f3df623bc0b929bc827a3cbcd03441e54693f1811e9ee2456bb017e1
Instruction ID: ad878a8462018791c41420dd0061f87116ff1f7b54b5b0b94edf3c80c765cc5b
Opcode Fuzzy Hash: 52d2edf1f3df623bc0b929bc827a3cbcd03441e54693f1811e9ee2456bb017e1
Instruction Fuzzy Hash: A791A9B7F112254BF3544D69CC98361B693DBD5320F2F81788E4CAB7C6D9BE9C0A5284

Function 00CAB266 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ab5c06d7d9b6afba72aff1fa5ec550c81c441683c7cd4b648b05a47f6c59fdb
Instruction ID: 8e9b663e641ecfaf0e60a0f38389d4b083713d8a03799c8030340216ff39c9ce
Opcode Fuzzy Hash: 5ab5c06d7d9b6afba72aff1fa5ec550c81c441683c7cd4b648b05a47f6c59fdb
Instruction Fuzzy Hash: 7CA18DB3F102254BF3544D78CD983617682DB96324F2F82788E89AB7C6D97F6D099384

Function 00C5C485 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c05fa7471d86979e6fa92d7f3f58c448c5b65974d4d9df910f2c3a15cd1bdc4f
Instruction ID: 04078b0e4bce4060c5f6162ddab0b1d07c691a41d0129e538bf0841dc2be1f94
Opcode Fuzzy Hash: c05fa7471d86979e6fa92d7f3f58c448c5b65974d4d9df910f2c3a15cd1bdc4f
Instruction Fuzzy Hash: DBA1AAB7F212254BF3444838CD583626A83DBE1310F2F82388F886B7C5D9BE9D0A5384

Function 00C4207F Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6961d5ad21e8f72635c0f24188c08ecb5eb305189a28bb36bb7b31c15eb08a0
Instruction ID: ec52b626708d6dbbefa31c78e5a8bd8e3c86e4c1682c60656567155fbba2df8e
Opcode Fuzzy Hash: b6961d5ad21e8f72635c0f24188c08ecb5eb305189a28bb36bb7b31c15eb08a0
Instruction Fuzzy Hash: 019135F7F1162547F3544868DD593A26182DBE1325F2F82788F9CAB7C9D87E9C0A42C8

Function 00CB12E8 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b5eac84f295c398ed1b385545d03e4b8dddd6605f2126bae394eb0aaf7e6c6
Instruction ID: 19248d4bcbdcc0c0d35d24dad17651e91c21fd89a6d5b21e0d43b4edd799ac8c
Opcode Fuzzy Hash: 40b5eac84f295c398ed1b385545d03e4b8dddd6605f2126bae394eb0aaf7e6c6
Instruction Fuzzy Hash: C69166F3F1122547F3544879CCA83A266829BD5324F2F82788F5D6B7C5E8BE5D0A52C4

Function 00C913BE Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e7075de6d01397625d1a24cf4d1aa64df563156c1a559f8cb08212be4b6be1f
Instruction ID: 8f37b33cbf73f9e5818d9702166a4b3bdcd076fcf01e6ed5c56021bce05b0900
Opcode Fuzzy Hash: 8e7075de6d01397625d1a24cf4d1aa64df563156c1a559f8cb08212be4b6be1f
Instruction Fuzzy Hash: 93916CB3F2122547F3944D68CC583A26293DBD5320F2F82788E9C6B7C5D97E5D4952C4

Function 00BE83C0 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5269549ac9b7baea1e910864d82851976b004a50c15f19f426719137253b5fa9
Instruction ID: 235e8be005827c85e0de180db2ae4d1a6ec828af4b28d92b614ddf835d9a65fc
Opcode Fuzzy Hash: 5269549ac9b7baea1e910864d82851976b004a50c15f19f426719137253b5fa9
Instruction Fuzzy Hash: 897115326087909FE301DF69D888A6BB7D6EBD4704F19846CD98897252EFB58C04D3D2

Function 00C4805E Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 529efd0410a78eb57f0f48d41777f3c5685eb2572d8e012d4e20c74f894c543a
Instruction ID: 911396a27d5bf5b6460fe9f93215fa0029e8e52d9e2e342a92f81cf239e26b39
Opcode Fuzzy Hash: 529efd0410a78eb57f0f48d41777f3c5685eb2572d8e012d4e20c74f894c543a
Instruction Fuzzy Hash: 59918DB7F506244BF3444969DC983626283DBE5325F2F41788F9CAB3C5D97E5C0A5384

Function 00C37488 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54511adcf23613748d7775008376baa56c1a0d5fd82f84a0e095fb37ab435e4
Instruction ID: 9f892f3f28522a00760c669b4ae979500478869d07ea21064e1662f38a84fa67
Opcode Fuzzy Hash: d54511adcf23613748d7775008376baa56c1a0d5fd82f84a0e095fb37ab435e4
Instruction Fuzzy Hash: 279159B3F112258BF3544E29CC943627692DBD5320F2F82788E886B7C5D97E6D0A97C4

Function 00C16364 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 640d935f1b2b7d86d64bf874594f5af7655e389da630b2f9a3d817aa86f5a7da
Instruction ID: f82114b031193b10940cafe6a0b9c69347499caed8ec097198541c1e393597fb
Opcode Fuzzy Hash: 640d935f1b2b7d86d64bf874594f5af7655e389da630b2f9a3d817aa86f5a7da
Instruction Fuzzy Hash: 2691BBB7F1022547F3544D28DC843A1B6939BD1324F2F42788E8C6B7C6E97E6D0A8384

Function 00C924AA Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 608a217a6470eb1a2840f62098ddecb00d66b8412da1b31748308333292b776e
Instruction ID: 661022b475ace9a12a0d903401340e2d82a0e74f1f1aadefaf1bb468ef1f49bc
Opcode Fuzzy Hash: 608a217a6470eb1a2840f62098ddecb00d66b8412da1b31748308333292b776e
Instruction Fuzzy Hash: 8691A8B7F1122587F3504938CC583A266839BE1320F3F82388E9C6B7C5D97E9D0A9384

Function 00C2F276 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1e66b4cf34a7b9f951a09c253caf5bef066285054537508684dc03e440486b
Instruction ID: 88c751e6bc115d2b17ed3f2b9d61493e6566c7bb62a23fa3c6035cf0cf0cae37
Opcode Fuzzy Hash: 5c1e66b4cf34a7b9f951a09c253caf5bef066285054537508684dc03e440486b
Instruction Fuzzy Hash: A8915AB3F1022547F3644D68CC583A276929B95324F2F42788E8CAB7C5D9BE9D0A97C4

Function 00C59454 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 833ef0762f27a2c68f4ce7ef101bf0502e8cfad62a2fc5699422a2ce4d08bc9b
Instruction ID: dc95f99ffc961164298b41bbd43a4aed4adbed02148dda1f27d6a986474db7ee
Opcode Fuzzy Hash: 833ef0762f27a2c68f4ce7ef101bf0502e8cfad62a2fc5699422a2ce4d08bc9b
Instruction Fuzzy Hash: E891ADB7F112298BF3444E28CC583A17293DBD6324F2F42788A8C9B7C5D97E5D4A9384

Function 00C97540 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d65eef02d3f1c00576475e04ccda9fb97cea85bc984ec38c98301ba6002eb04e
Instruction ID: 4f07c7c3b14222d2c10595966402520a2bd20242330a701dfceebc69c4b72157
Opcode Fuzzy Hash: d65eef02d3f1c00576475e04ccda9fb97cea85bc984ec38c98301ba6002eb04e
Instruction Fuzzy Hash: 4D918BB3F1122947F3544D68CC983A27293DBD6321F2F82788F986B7C9D97E5D099284

Function 00CBA23D Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9dd7c001605b6b55e56ca8a408397530e681d2c92aa98829cdbc83b00c060c4
Instruction ID: 23b666e71dc043ebbd17823f2c22970637c1793e39a8bba37ac9a41a9431cf1d
Opcode Fuzzy Hash: a9dd7c001605b6b55e56ca8a408397530e681d2c92aa98829cdbc83b00c060c4
Instruction Fuzzy Hash: 1E9155B7E112258BF3544E28CC94361B253ABD1324F2F41388E886B7C5EA7F6D199784

Function 00CA31EA Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14972a42523b3fb20b96a1e6f4cfbc1d6e5eb3c3f79816f4303a2a75113ce590
Instruction ID: e4d57152b1ac137c26c3bd91ff746e3b4db0c90036f046841b045c6db83db6f8
Opcode Fuzzy Hash: 14972a42523b3fb20b96a1e6f4cfbc1d6e5eb3c3f79816f4303a2a75113ce590
Instruction Fuzzy Hash: A8916CB7F112154BF3484928CC543627693EBE9314F3F81788B496B7CAE97EAC0A5384

Function 00CB4277 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7174aad72831941656116d8376f8f549049b1569e06e0365bf6d337eb4a2f56
Instruction ID: 355a43c2afd9b018346d9292a318c80561cc12ffa20a528bf0d34d2a8f3e8b66
Opcode Fuzzy Hash: c7174aad72831941656116d8376f8f549049b1569e06e0365bf6d337eb4a2f56
Instruction Fuzzy Hash: 51918BB7F112254BF3544D28CC983A17692ABD5324F2F82788E9CAB3C5D97E5D4A83C4

Function 00C15387 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60a9feaf71beb708fb82043a6ba3b41538a7d9593b5ff0212bf9fe9004728b29
Instruction ID: 34436a2254a61a1a08efa52660065a7fad6c3817bb3d9d42c679560e85496995
Opcode Fuzzy Hash: 60a9feaf71beb708fb82043a6ba3b41538a7d9593b5ff0212bf9fe9004728b29
Instruction Fuzzy Hash: FB916CB3F5162447F7584839CD5836265839BD5324F2F82788F9DAB7C9ECBE4D0A4284

Function 00BCE1D0 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82aeef2e81e92184949c86899c72ee1d836cc9b2e46aba135f8adbf1e788a456
Instruction ID: 0121f20b2c0d8e0f8795132c387ebb212c6f1cfeda50661289b43c83b8e96931
Opcode Fuzzy Hash: 82aeef2e81e92184949c86899c72ee1d836cc9b2e46aba135f8adbf1e788a456
Instruction Fuzzy Hash: 6A813633759AD18BE328853C9C927AA6AC34BD6330F2DC3ADD5B58B3E1D569C8058351

Function 00BE05C0 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed608f079a3dae0efd0be4fb46be5e05dcc8ba281b6b52fe8b706e84fb211cbb
Instruction ID: 23f6087128b6ff1048cee8b6f52a8a013c5b581849c81c0508cafd15ec2cd16c
Opcode Fuzzy Hash: ed608f079a3dae0efd0be4fb46be5e05dcc8ba281b6b52fe8b706e84fb211cbb
Instruction Fuzzy Hash: 07812C26B696D14BC318693D4C6137979D38FD6330F2D83ADE5F2873E5CA994C419390

Function 00C29318 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f330e6cc617ffab45da548078ef950ed0cec71e48ebd3569daeecd75928ee2df
Instruction ID: 11b97d073846f95b9127a69df2a754956093f504268c385db8de6432bab30cb7
Opcode Fuzzy Hash: f330e6cc617ffab45da548078ef950ed0cec71e48ebd3569daeecd75928ee2df
Instruction Fuzzy Hash: 58916AB7F112254BF3544D29CC943A17693ABD5320F2F42788E8CAB7D1E97E9D0A9384

Function 00BE020C Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c90e203ac465625aae8c68642fd1390b03d3cf4e0ba5547471b96fb946e07f
Instruction ID: c6dfbb1c5d5299045c1b9c64bf5490b250fb3bb4662ee3032b25ff565995342c
Opcode Fuzzy Hash: 13c90e203ac465625aae8c68642fd1390b03d3cf4e0ba5547471b96fb946e07f
Instruction Fuzzy Hash: 26A10871604B804BD3559A38C4953FABFD2AB99318F5C89BCC4EB87387EA795445C702

Function 00C992F6 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a9d3b372b8514598d419c943c88ba03216abab4446db4984774b840cb02f19
Instruction ID: 78d02f109a26f6cfe9dcbad13f785f1382dfb675f87e1c61cbe1db82e7eb61f9
Opcode Fuzzy Hash: c7a9d3b372b8514598d419c943c88ba03216abab4446db4984774b840cb02f19
Instruction Fuzzy Hash: 1C81CEB3F5022547F3444839CD983A666839BD5320F2F82388F5CABBC9DD7E9D0A5284

Function 00C6341A Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82562de1ef5178c9ed6c2a9fbb3647e21c0d63dc9fb01af6cbb4ce4cfbae0eea
Instruction ID: beac5a280c659e46bb0e6a5892e5980b113511830d388c3ddb9dce427edc7521
Opcode Fuzzy Hash: 82562de1ef5178c9ed6c2a9fbb3647e21c0d63dc9fb01af6cbb4ce4cfbae0eea
Instruction Fuzzy Hash: F191ABB7F1122547F3548938CC9836276939BD5324F2F82388E9C6B7C5E97E5D0A52C4

Function 00CA144E Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43f68c360e24e4902d95c2fac45c9c8078c2aaf21188df5872613d753b5a2d19
Instruction ID: 5fc26f38784db88cad1606bb9cc723c2f07b6c860ba24df3fef6959ffbe4103a
Opcode Fuzzy Hash: 43f68c360e24e4902d95c2fac45c9c8078c2aaf21188df5872613d753b5a2d19
Instruction Fuzzy Hash: 6A818CB3F606244BF3444979CD983A26583DBD5314F2F82388F99AB7C9DC7E9D0A5284

Function 00C87450 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84ac2b4ce11710ba073205c070c1cdb963dd81493dd1e9c9e2d6dc68a59534a3
Instruction ID: f456bd43d6aa1b89a87400942d13b83fc17210f034254f7301df279d9a8203c7
Opcode Fuzzy Hash: 84ac2b4ce11710ba073205c070c1cdb963dd81493dd1e9c9e2d6dc68a59534a3
Instruction Fuzzy Hash: 3F9136B7F1122547F3644E29CC583A17293EBD5320F2F86788E986B3C5D97E6D069384

Function 00C9420E Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeb6d395070ef0059a9cd5a8ffcad4faa1612a6e3ee91443a438a77ae40c9b76
Instruction ID: e08e5d592413c1c588a1c4a9c56a472af9c3f690c352aae4f40250eac9ec2bf1
Opcode Fuzzy Hash: eeb6d395070ef0059a9cd5a8ffcad4faa1612a6e3ee91443a438a77ae40c9b76
Instruction Fuzzy Hash: 15819DF7F606254BF3544D78CC98361A6829BE5324F2F42788F5CAB7C6D8BE5C0A5284

Function 00C28264 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ee6839ef3aeb5fe2686f4af54afa114c835f165190f34e84669493de25b1d0
Instruction ID: f300029104e4a666a0560b5db71553867a0f44a2c54de6bee73cad4e2439d376
Opcode Fuzzy Hash: 95ee6839ef3aeb5fe2686f4af54afa114c835f165190f34e84669493de25b1d0
Instruction Fuzzy Hash: 86815BB7F112254BF3508D29DC843A276939BD5320F3F82788E9C6B7C5D97E5C0A9684

Function 00CAF1CB Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19393f018ecdb311566d6848d294ba2366a34d5f84b448861bfc4076bda8d53a
Instruction ID: 31bf38c1363b493ab1911fb2a6737936d6d127336af444394dd234b7a4d37ea4
Opcode Fuzzy Hash: 19393f018ecdb311566d6848d294ba2366a34d5f84b448861bfc4076bda8d53a
Instruction Fuzzy Hash: 10816BB3F1122547F3544D69CC98362A683EBE5320F2F81788F5CAB7C5D9BE9C465284

Function 00BD2320 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90c88b263cd27e29dbb5016f416f790d63b216e4774d944798bbfe965c05e800
Instruction ID: 27f239022a53cb83bee915afce4ea7ebac9b1edd9ac5d95c5420a56b3c89a6a4
Opcode Fuzzy Hash: 90c88b263cd27e29dbb5016f416f790d63b216e4774d944798bbfe965c05e800
Instruction Fuzzy Hash: E851CFB1600344ABDB209B24CC96BB7B3F4EFA2768F048599FA858B390F375D904C765

Function 00C56326 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b3c51422adfc4495d58b2eacf84542e634babd013fc8d2b1f2b308987e0da2a
Instruction ID: 88ff1036e807763fd3de2813a0bd7ce23db72b1b3d04ac0680f3292cdbb2da85
Opcode Fuzzy Hash: 7b3c51422adfc4495d58b2eacf84542e634babd013fc8d2b1f2b308987e0da2a
Instruction Fuzzy Hash: 888199B7F1123547F3504D68CD583626293ABC2320F2F82788E986BBC9D97E5D4A93C4

Function 00CC65C8 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43c23301269d6c48cb5ccbe4bc20b710b0f55434e93fe5db425200ec70867b1
Instruction ID: 0fb73e5caa732b080774787d954ac2f632e14e12bdb0f56848357bd11e084bb4
Opcode Fuzzy Hash: b43c23301269d6c48cb5ccbe4bc20b710b0f55434e93fe5db425200ec70867b1
Instruction Fuzzy Hash: 14818DB7F512258BF3544D68DC983627282DBD5320F2F42788F98AB3C5D97E9D0A9384

Function 00CA7352 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0335a7a603ed821b78b1dcad6bb5de4da49d20b734bd10b3f966cd46b776fd0
Instruction ID: dab978aa5495ccd4d051eb1fdf5d73a2fbd8f2687894099f3f187e961e9ab729
Opcode Fuzzy Hash: b0335a7a603ed821b78b1dcad6bb5de4da49d20b734bd10b3f966cd46b776fd0
Instruction Fuzzy Hash: B18168B3F112254BF3548D68CC58362B682EBD5324F2F82788F996B7C5E97E5D0982C4

Function 00CAD4A9 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e3043961f467a04b0808ec41cf61c4ee6701c8a67ad25acd48290162c661749
Instruction ID: 5aab418b9c7b81f6a18c1d260b4fc5c7737713d4eb536cf1505fe047176ecfe0
Opcode Fuzzy Hash: 5e3043961f467a04b0808ec41cf61c4ee6701c8a67ad25acd48290162c661749
Instruction Fuzzy Hash: B8815AB3F1122447F3884939CC683626693ABD1320F2F82398EAD6B7C5DD7E5D0A52C4

Function 00C474F8 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d21f23c3926b750fc381d425faf36096920cd8199561773ddd7a40f1a52ded1
Instruction ID: 1c9e84190095920e9a9adc8d9aa9ae5da12ccf5d04847e984fb3cb3afd2b955d
Opcode Fuzzy Hash: 4d21f23c3926b750fc381d425faf36096920cd8199561773ddd7a40f1a52ded1
Instruction Fuzzy Hash: 4E819CB7F212254BF3984938CD583A26683DBD1310F2F82388E99AB7C5DD7E5D0A5384

Function 00C7E23E Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 208151cc0c5530cc373f0adb2bafcf547ed21b37e8262d739c4012c3c7a78426
Instruction ID: 1b575538095014de83a5562f5e8d0439bd22c68041ea4899a28ec8bd1bb957b7
Opcode Fuzzy Hash: 208151cc0c5530cc373f0adb2bafcf547ed21b37e8262d739c4012c3c7a78426
Instruction Fuzzy Hash: E78179B7F1123447F3144968DC843A272929BD5324F2F42788F9CABBC9E97E5D0A92C4

Function 00C7923B Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ac5ae86dd0c98525b22e0313744ef34822ae46319449840b5af4d8785ad7966
Instruction ID: 9929dc51fca3f713971355b1710d64ab6f1427ac1172216d7f4e6cbfc675c130
Opcode Fuzzy Hash: 6ac5ae86dd0c98525b22e0313744ef34822ae46319449840b5af4d8785ad7966
Instruction Fuzzy Hash: 668159B7F202244BF7544D38CD983A27692DB95310F2E827C8F89AB7C9D97E5D099384

Function 00C585B3 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d45e9fa98374d86e2a157458b78654f13dea5c3db98fb3b1dbbc33788e2740
Instruction ID: 8f6b9b42f62c4361de677957ef0009bce4a19fb8af0c142e80d6e2e961f353e0
Opcode Fuzzy Hash: 11d45e9fa98374d86e2a157458b78654f13dea5c3db98fb3b1dbbc33788e2740
Instruction Fuzzy Hash: 14818BB7F1062447F3544D39CDA83626682EBD5328F2F82788F986B7C5D87E5D099388

Function 00C573E9 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676b54b395070b2832028c867ff811a60c8a868c724868568690a2a5fff3d6d9
Instruction ID: c677916edab535333b189dbe07076534790fef11129e624055aa6139c8468946
Opcode Fuzzy Hash: 676b54b395070b2832028c867ff811a60c8a868c724868568690a2a5fff3d6d9
Instruction Fuzzy Hash: 7A8148B3F212254BF3544839CC683626683EBE1324F2F827D8E99A77C5DC7E5D0A5284

Function 00C4B5E3 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b27677e214e5400943cfdfd05028d56f05e5af2688be4c7b290f4cbfef92855
Instruction ID: 2013ee28247686be1b5d39b807976bb1302040754b8bf2fda310b0d601f1b0ba
Opcode Fuzzy Hash: 4b27677e214e5400943cfdfd05028d56f05e5af2688be4c7b290f4cbfef92855
Instruction Fuzzy Hash: 77717EB7F6162547F3544879CD983A225839BD5324F2F82788E5CABBCADCBD5C0A12C4

Function 00C751F2 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fe32259902226160adfbcda884054ea87c4117b21a3107d8a382223cc41ce9c
Instruction ID: e9e3a99d90c9297e3e20916c45582820ac3780770664caa35c5076f2750b21c3
Opcode Fuzzy Hash: 2fe32259902226160adfbcda884054ea87c4117b21a3107d8a382223cc41ce9c
Instruction Fuzzy Hash: FE8159B7F1122547F3544D29CC58366A283ABD1320F3F82388EAD6B7C5E93E5D0A5284

Function 00C8D5DA Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d270da3e8d3334347571937f871ae0c12258e32e85f7b7d494934025e1aea1
Instruction ID: c4eadcf07daf3fdb72d6a381dda1d318d1d82b3f9c62b3434ffa89da9c6ab309
Opcode Fuzzy Hash: 66d270da3e8d3334347571937f871ae0c12258e32e85f7b7d494934025e1aea1
Instruction Fuzzy Hash: 3981C0F7F1062547F3448D68CC893627282DBD5324F2F82789F58AB3C5E97EAC095284

Function 00C1C265 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6dd0bcbeed937e221af28488e49b31aa3ca2867f5d1d81de43396b4127c4fb6
Instruction ID: 9bc361cc9ecdb5f92d0b031e6c58a70b75599bbf096b757cc15a735527370739
Opcode Fuzzy Hash: d6dd0bcbeed937e221af28488e49b31aa3ca2867f5d1d81de43396b4127c4fb6
Instruction Fuzzy Hash: A2718BB7F1162487F3544E28DC94361B292DBA6320F2F42788E9C6B3C1D97E6D0693C5

Function 00C5707F Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43bc5e4cd9de161d714beb954001e7ac1d64945b7acca42616104ae8a1e22eab
Instruction ID: 3718a692f392d1401f1247abbf05f644e6872b7a329e49bd84ab5453e9998fd2
Opcode Fuzzy Hash: 43bc5e4cd9de161d714beb954001e7ac1d64945b7acca42616104ae8a1e22eab
Instruction Fuzzy Hash: 6E718DB7F116254BF3A04D68CC843627283DBD5320F2F82788E98AB7C9D97E5D095284

Function 00C2512D Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a226644c585277fb7835ebe1a2ceb286bb23c544df0e51a6e088e29996dadf39
Instruction ID: 74dd4188368eb5f55d58bb0d453a692cc4b45586196780a9ca61c158f6f87502
Opcode Fuzzy Hash: a226644c585277fb7835ebe1a2ceb286bb23c544df0e51a6e088e29996dadf39
Instruction Fuzzy Hash: 23715AB3F2123547F3504929CC983A176929B96320F2F42B88E9C6B7C6D97E5D0A53C5

Function 00C945E5 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79772036d9b5fdca965740ff7d4bd1b8b590de84f4ddb96339fa92d8fb07f603
Instruction ID: 63e7868c9cf20bb990707049d5e54df28092178feee421fed06a6c833c672971
Opcode Fuzzy Hash: 79772036d9b5fdca965740ff7d4bd1b8b590de84f4ddb96339fa92d8fb07f603
Instruction Fuzzy Hash: 36717CB7F216244BF3544D28DC583A272839BD5324F2F82788E9DAB7C5D97E9D0A5380

Function 00C6F119 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f727abfdaaf62b9a1ab1e1820db245fde2528b0b61a87fc217926833955ab0b
Instruction ID: 60e1d79f81571ef9cd595b1f5168d5cadfd6fc072f4adfcfe872a5f6e859a16c
Opcode Fuzzy Hash: 7f727abfdaaf62b9a1ab1e1820db245fde2528b0b61a87fc217926833955ab0b
Instruction Fuzzy Hash: 137167B7F112258BF3448E28CC843A17252DBDA720F2F81788F585B7C5D9BE6C0A9284

Function 00C9B1D3 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee7cee0ef5ef714fbfa539804bc1ec5b550b8ced66328cd498b933dc28a8e6e9
Instruction ID: 6244ba8bd75c6bc26de5f9b9476e56f676f90e37e87f3986327d5459a51f46a0
Opcode Fuzzy Hash: ee7cee0ef5ef714fbfa539804bc1ec5b550b8ced66328cd498b933dc28a8e6e9
Instruction Fuzzy Hash: 2F71DCB7F1022547F7404978DDA83A2B6829B95320F2F02788E9C6B7C5E9BE5D0992C4

Function 00C612CB Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc258c47096a109d6789c8a1406e6a185a62505bf943578d9d4812e9a6e23b81
Instruction ID: f2cb3a4ae34cc850305e03f2a14427e81a3454c3fb1851a764a0fee56583d461
Opcode Fuzzy Hash: cc258c47096a109d6789c8a1406e6a185a62505bf943578d9d4812e9a6e23b81
Instruction Fuzzy Hash: 1A7178B3F1122947F3544D29CC983627693EBE5314F2F41788F886B7C5D97EAD0A9284

Function 00CC623A Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ebb614f04e870e6c45a4b038144bc2262996fdfcfb5f6c1b2730834ead2abcb
Instruction ID: 7cfdb85223b391a89b86a861f142cb3d6a5791bdeb56da67bf4335c3f5398fdd
Opcode Fuzzy Hash: 0ebb614f04e870e6c45a4b038144bc2262996fdfcfb5f6c1b2730834ead2abcb
Instruction Fuzzy Hash: 8A71A9B3F112254BF3544D38CC593626683EBD1324F2F82798F496B7C5D97E5D0A9284

Function 00C7C4E7 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca268a14c72209dd7a409a3d149355183b059b9c36512d5409c7a8ee6bfb1127
Instruction ID: 91b34adabef821cb6041bbb1baeaf89406b9b5baa877bfd2a17e56a14d99bb03
Opcode Fuzzy Hash: ca268a14c72209dd7a409a3d149355183b059b9c36512d5409c7a8ee6bfb1127
Instruction Fuzzy Hash: B9716DB7F102244BF7548929CD983622683DBD6314F2F82788F886B7C5D87E5D0A9388

Function 00C16001 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61042cc8aa1dde8946fab72742affc46babfcbe35a8d534eec6ac2d263588aa7
Instruction ID: 2adf987072d38e7570bc44da1ca4aa7a57053b88153ca59b381555d866c39ad4
Opcode Fuzzy Hash: 61042cc8aa1dde8946fab72742affc46babfcbe35a8d534eec6ac2d263588aa7
Instruction Fuzzy Hash: C47171B7F2122547F3544E24CC583A27292EBD5314F2F41788F88AB7C5D97E9D0A9384

Function 00C53010 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b3a0bc51c9f81d0c426b078833cfaebb71a10e8ece3f83aa998d74a28960a60
Instruction ID: 1ce17568a879d3677db28801c99a1a38ea1a24efeb7ffde13103ee442b1f0e48
Opcode Fuzzy Hash: 5b3a0bc51c9f81d0c426b078833cfaebb71a10e8ece3f83aa998d74a28960a60
Instruction Fuzzy Hash: 16719BF7F2162447F3544924DC683A262829BE1324F2F82798F9C6B7C6D97E5D0A53C4

Function 00C6F465 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71d02e4bf50184f8bc6e3c42b4910fbb68b21dc0314a9bdf9ba0a88ffe318ba2
Instruction ID: aaada8e14483aa0668dbd66bcfe418653a7e180664a62328b0b68c8dc1865582
Opcode Fuzzy Hash: 71d02e4bf50184f8bc6e3c42b4910fbb68b21dc0314a9bdf9ba0a88ffe318ba2
Instruction Fuzzy Hash: 91714BB7F112254BF3504E29DC94362B292DBDA310F2F41788F986B7C5D97E6D0A9388

Function 00C80097 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acf66aaff737fb62b544c0d4fc5c4264a7e65c447d272c7830a380dd1b70a153
Instruction ID: 263b939020e5f7c6fc9e96415d3310cf76c6018feb7932890ac064967fc1d99e
Opcode Fuzzy Hash: acf66aaff737fb62b544c0d4fc5c4264a7e65c447d272c7830a380dd1b70a153
Instruction Fuzzy Hash: 6B71C0B7F202254BF3844D29CC593A27283DBD6310F2F81798A899B7D5DD7E9D095384

Function 00C4A1E0 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 920f88585f94f616afe2b06f653010166df21f19617a2925325970555902cea7
Instruction ID: 48129a55cb86dcd38d956799b3fa0a24b3f155ac2e6536750cc22db70a3ef38a
Opcode Fuzzy Hash: 920f88585f94f616afe2b06f653010166df21f19617a2925325970555902cea7
Instruction Fuzzy Hash: 0271BBB3F5022587F3544D78CD583A2B692ABD6320F2F42788F4C6BBC5D97E5D0A9284

Function 00C77275 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca2be9bc38e8fbf0efc218ce550b6cded0cf5fb1176044e5c031f75a608bf6c
Instruction ID: 76fca952887643d1d8af00b25248085b4080122d24bc16e61e250a7359d510d5
Opcode Fuzzy Hash: 4ca2be9bc38e8fbf0efc218ce550b6cded0cf5fb1176044e5c031f75a608bf6c
Instruction Fuzzy Hash: 34716FB7F2122887F3544D29CC543A27652EBD5320F2F81788E886B7C5D97E6D09A7C4

Function 00C393E3 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 685f09850aa98b02d451c5cd63b728bf87136de1afced7401c391b072e941d4c
Instruction ID: 0fbb3f2b3cf408473d7bbb3a3a2822b73a242735a81ac40add58b81681772a34
Opcode Fuzzy Hash: 685f09850aa98b02d451c5cd63b728bf87136de1afced7401c391b072e941d4c
Instruction Fuzzy Hash: 017147B3F2122847F3544929CC583A26683ABD5320F2F42788F9D6B7C5D97E6D4A52C4

Function 00C1A338 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1011b52418dfcb45ab5008332f77b3d4b715f441bfe69348a8c7189c292d3fe9
Instruction ID: 95e687a81c6492eadfe60e3f95198b56c92fa6ac47df6cfbde8166b9b87ac6c2
Opcode Fuzzy Hash: 1011b52418dfcb45ab5008332f77b3d4b715f441bfe69348a8c7189c292d3fe9
Instruction Fuzzy Hash: 5B719AB3F5023947F7540929CC983A1A6839BD6320F2F42788F9C6B3C5C8BE5D0A5385

Function 00CB6156 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7461fdaaaea526af93e960a5f7ab7deee98e8d10a5b4bce4f89d3f9b9ae50cf3
Instruction ID: e0699f26c2a9ce2268e9f743ceb736b75c6e4bfec9c16c4778f25f96acc5af44
Opcode Fuzzy Hash: 7461fdaaaea526af93e960a5f7ab7deee98e8d10a5b4bce4f89d3f9b9ae50cf3
Instruction Fuzzy Hash: AD716CB3F101254BF3944A39CD583A67692ABC5320F2F42788F8CAB7C5D97E5D0A9384

Function 00C254B1 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b46f756bf83f70e8b84f0b8449ac46e1d31225ac43fa6625c0371ab1a72d3e7
Instruction ID: e08efcc3415ed07d459e7c32018cb5acb3f263ce0f62a0e02c5f6f7f49fcd0c8
Opcode Fuzzy Hash: 0b46f756bf83f70e8b84f0b8449ac46e1d31225ac43fa6625c0371ab1a72d3e7
Instruction Fuzzy Hash: CD618BB3F612254BF3544D28CC983627292DBA5320F2F42788F98A73C5D97E5D0A57C4

Function 00BCF1D0 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dc2191b43898b2d366ec5e7d5db0d2aa1f011b516e0bb13fac16fef5149d560
Instruction ID: 41c4fc46abf104bc2e30e811fb8e9adb523ce0024082175429db39ac7738ee7b
Opcode Fuzzy Hash: 8dc2191b43898b2d366ec5e7d5db0d2aa1f011b516e0bb13fac16fef5149d560
Instruction Fuzzy Hash: 3161077560C3929FC3158F29C891A3ABFE2AFD5314F1883FEE4A487392D6359906C751

Function 00BCB390 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dd45b051a66220d13c5a46ac6f8b75f6f317d47b3e5459f28957429de114a50
Instruction ID: cd782be78d7f05bac9a080390ce0b35024eba02630adb58081a45b3913aac8e5
Opcode Fuzzy Hash: 0dd45b051a66220d13c5a46ac6f8b75f6f317d47b3e5459f28957429de114a50
Instruction Fuzzy Hash: D451D82774998147D72C893C5CA3B7DAAD38BE6334F2DC3AEE5B5873E5DA6588058300

Function 00C45415 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5fb129759d7f2b62d17dfb686493b69e9172b2ee895b30ca93e794e50d7c2c8
Instruction ID: c17d6243a2785785bdbe467acb3e1d69e994a3423940294913d5ee6021d81049
Opcode Fuzzy Hash: a5fb129759d7f2b62d17dfb686493b69e9172b2ee895b30ca93e794e50d7c2c8
Instruction Fuzzy Hash: 5161A0B3F212244BF7544D68CDA83A17693DBD6320F2F82788E986B3C5D97E5D099384

Function 00C1E5C9 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c12b1e3765f75898db4c6e9ea8916e3a7211f0f675fa8e1d8f7c4ba5f598592
Instruction ID: c49879b00407619cfaee9212d72d3a5173e5b69968fbcccf7c5463a3186abe94
Opcode Fuzzy Hash: 2c12b1e3765f75898db4c6e9ea8916e3a7211f0f675fa8e1d8f7c4ba5f598592
Instruction Fuzzy Hash: 9A6135B7F1222587F3504929CC54352B293ABE6721F3F42788E9C6B3C5E97E5D0A52C4

Function 00C6A1F9 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8bee591b516dcc72ea7c11d044e2dc132c793165a60f638b640bff5327b031e
Instruction ID: cfbaf249f5ed1970e223450db8a75efc6ff2eb8e797d574958987b8e90959651
Opcode Fuzzy Hash: e8bee591b516dcc72ea7c11d044e2dc132c793165a60f638b640bff5327b031e
Instruction Fuzzy Hash: BD5136F3A082085BE3082E29EC5577AB6D6DBC4320F1A863DDB89D7784ED7E58054286

Function 00C97230 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 507096d0e3aa513c23d05cb8a1b9839be2a7ece1961bffac0fb201ccb6bcdf90
Instruction ID: 64912592f3538bc70fa5efd615ba6710af7de18c94b676eb00b24d018b4aa687
Opcode Fuzzy Hash: 507096d0e3aa513c23d05cb8a1b9839be2a7ece1961bffac0fb201ccb6bcdf90
Instruction Fuzzy Hash: D5619CB3F1022547F7484939CDA83A27682DBD6324F2F82788F59AB7C5D97E5C0A5284

Function 00BC8385 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 706e0858e00691c13fd0c3c03ce5172211c45bd4a417bac8076a1a6b5ddfcf16
Instruction ID: f56fac58f2087b7877f56ba798d7fc1963302c0849d7e7ae07e0e37febd6f427
Opcode Fuzzy Hash: 706e0858e00691c13fd0c3c03ce5172211c45bd4a417bac8076a1a6b5ddfcf16
Instruction Fuzzy Hash: 7B51C4716483808BE3358F3498957EBB7E2FBEA314F1D9A7CC5CA87251DBB048468752

Function 00C263B5 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aeebf3e1c2e614a86cad79b39bee8c5e7a50a74006013756d359d312d807f6
Instruction ID: 1c9b8d2cd25cc1b1e298df7d8c5b7695699031cdb879fd2d8bae5ca2b3ce4224
Opcode Fuzzy Hash: d7aeebf3e1c2e614a86cad79b39bee8c5e7a50a74006013756d359d312d807f6
Instruction Fuzzy Hash: DB515AF3F6162847F7480838DD683A1658397E5325F2F827C8B696B7CADC7E4D0A5284

Function 00CA95FA Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87ac3baaba80dabc70d38d01095073b9f76b227fdbf16ed3f4e98ce295e18820
Instruction ID: 21827939317790fa2f69253ca490888bc88b08b6b780a63a7111a54153aa93db
Opcode Fuzzy Hash: 87ac3baaba80dabc70d38d01095073b9f76b227fdbf16ed3f4e98ce295e18820
Instruction Fuzzy Hash: 70516CB7F106244BF3584878DC9835266939BD5324F2F82788F986B7C6D97E4D4A4384

Function 00CC2253 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5a32aaaee38a4a018e1bb9f61fa95d8c4fcb33615970adfd559c82d251c0000
Instruction ID: 04a628a79876ba07a6e3031b8d290df341b27e048b9ed94ca6aa950248001834
Opcode Fuzzy Hash: a5a32aaaee38a4a018e1bb9f61fa95d8c4fcb33615970adfd559c82d251c0000
Instruction Fuzzy Hash: 94517DB7F513254BF3544DB8DC883926682DB95320F2F82788F98AB7C5D9BE5C065380

Function 00C4D3D1 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f18274879ea875d69e0f1769deb44f651245f670839548cd612a93230733cc2a
Instruction ID: e62c5d9119f3266b2ff8b6840da45e37c990f4dbc08778e3d98485ff8f89d8f8
Opcode Fuzzy Hash: f18274879ea875d69e0f1769deb44f651245f670839548cd612a93230733cc2a
Instruction Fuzzy Hash: 43519CB7F616244BF3484D28CC943617282DBE5320F2F82788B99AB3D5D97E6D095784

Function 00C7617B Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a3107abd0a49ccbef2d75d43887f10299a928c0a1a12011acc2266623decd45
Instruction ID: 60e9ddbd18d4a6222f8c6e15afed8c31b9a8c71619f4b8bc1755644610c13afc
Opcode Fuzzy Hash: 0a3107abd0a49ccbef2d75d43887f10299a928c0a1a12011acc2266623decd45
Instruction Fuzzy Hash: F9517AB7F2062547F3584D29CC58361B682DBD5320F2F423C8F89AB3C6E97EAD055284

Function 00C814FE Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0dae4728d312b5973d73f64569aba7ebef1dd12025d3d6dbed62bc2b875a9e2
Instruction ID: e6d8cc2b150489453d8416f9d0ea54a896358e9f02e3e6012db27fcd33b9a380
Opcode Fuzzy Hash: d0dae4728d312b5973d73f64569aba7ebef1dd12025d3d6dbed62bc2b875a9e2
Instruction Fuzzy Hash: F7519EB3F1062547F3484879CDA836265839BD5324F2F827C8FA9AB7C6DC7E5D0A5284

Function 00BB5593 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8c97e625b06de131c01609d7939fecde4de7923901a4da67df5e3bb53e23fbc
Instruction ID: 5f8804a64cbc7fad7576d70129652256bd4b6a31de7fca8bc85927579adb3562
Opcode Fuzzy Hash: d8c97e625b06de131c01609d7939fecde4de7923901a4da67df5e3bb53e23fbc
Instruction Fuzzy Hash: B3710135205B81DFC324CF29C580A52BBF2BF59314B488A5CD5968BB52CB71F859CF90

Function 00C1C5C9 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b76722f7d29f94b642f1e99750170aa23c963c6274100e30834dced8935273c1
Instruction ID: 854c2b83d9c218b0578cbb4a86bc94e95a619fe09c4cf1e51d70863d3309a805
Opcode Fuzzy Hash: b76722f7d29f94b642f1e99750170aa23c963c6274100e30834dced8935273c1
Instruction Fuzzy Hash: CB5163B3F112244BF7944E25CC893617292EBD6310F6F41788E885B3C5DA7E6D0A9785

Function 00CBF25D Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15d5721f994e1d468f58b9bbd47911c516aa35a404a1337167fcc1f8ef6511d1
Instruction ID: b77adc7ef554efbb514b44e7d89f25316f140d7dbbfd2807a00e887e562db6b0
Opcode Fuzzy Hash: 15d5721f994e1d468f58b9bbd47911c516aa35a404a1337167fcc1f8ef6511d1
Instruction Fuzzy Hash: A0516AF7F1122947F3484978CD983626683DBE5321F2F82384F586B7C9E97E6D0A5284

Function 00BDD44F Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c08d4b9068a231ec858e8d77be24d4a9ad31f9b85e2ddd5e0c2f5fa6f494a7fb
Instruction ID: 78c3439505a9881641610764b087d5171f03b2172f740c39176013885f692209
Opcode Fuzzy Hash: c08d4b9068a231ec858e8d77be24d4a9ad31f9b85e2ddd5e0c2f5fa6f494a7fb
Instruction Fuzzy Hash: 11414B716447818FE3258B3A98A0773FBD2EF96308F98499EC0D787752E7746806C711

Function 00C203FC Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c99f3822db25eee43ade34ee73b7f176fcc3e727912af4bd476664f9a3fef0bf
Instruction ID: aabad4a6520d8a1298276148745f9eaa43807ca988629efa3d73e6ff31d7ef7b
Opcode Fuzzy Hash: c99f3822db25eee43ade34ee73b7f176fcc3e727912af4bd476664f9a3fef0bf
Instruction Fuzzy Hash: 1B418DB3F1162547F3408929DD9836266439BD9324F3F81748B5C6BBCAD9BE8C0B5388

Function 00C413F8 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a76961eea22939e3e8e5698dff31876b411e2635fee03c97bc622e851c6150b
Instruction ID: cc283c540395264915e9028f591fa08cb5619c5539d0113704e77170318210ee
Opcode Fuzzy Hash: 3a76961eea22939e3e8e5698dff31876b411e2635fee03c97bc622e851c6150b
Instruction Fuzzy Hash: B2415CB3F102294BF7484978CCA83717652DB86324F2E417C8F89AB7C5D97E6D095385

Function 00BC929E Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8439a1e4b344effb0c75eb670e999e50648402a898cf282b9def80a6143ae871
Instruction ID: 8c45ac8a9f0d3b07e1640868d2909f6e9ec390f9e35fee8d223ca63876ee9e2b
Opcode Fuzzy Hash: 8439a1e4b344effb0c75eb670e999e50648402a898cf282b9def80a6143ae871
Instruction Fuzzy Hash: E431D737B453508BE7388A658DC47BAA6D3EBE9320F5E93ADC9CA57751C7B04C018386

Function 00C5922D Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cabfb42bd14ed78eb8dc53bd92b7695b925ac6fd15212fec42a00eb2c39bd65d
Instruction ID: a492581e5d9fcdf96b92988e6bf667baea0ba6b7f2cb6177b124ce5ca5767877
Opcode Fuzzy Hash: cabfb42bd14ed78eb8dc53bd92b7695b925ac6fd15212fec42a00eb2c39bd65d
Instruction Fuzzy Hash: 65417CB7F512258BF3540968DD983926643DBD1324F2F82788F9C2B7C9D97E5C0A62C4

Function 00CAA5CE Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2270ebb66f2616894a38b7024635c7e82b26fa0015670f942bb261db43cc58b5
Instruction ID: 4074d9587edee29d4793deb4c6d931c204db66b72e492b06c8c1d6382646d5bf
Opcode Fuzzy Hash: 2270ebb66f2616894a38b7024635c7e82b26fa0015670f942bb261db43cc58b5
Instruction Fuzzy Hash: 9D417AB3F102254BF7188929CD683726193DBD5320F2F42388F5EAB7C5D97E5D0A9284

Function 00C391FC Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4aa132a7d5cda42d1e157aba66ece80605b63179da1351cce97f8f0626f3d0f
Instruction ID: 7886e88dca48e24e2a95779a2fb8ea05547605bebcf890bb5174afa30952b798
Opcode Fuzzy Hash: a4aa132a7d5cda42d1e157aba66ece80605b63179da1351cce97f8f0626f3d0f
Instruction Fuzzy Hash: 25416DF3F216254BF3684869CD98366A682DBD4324F2F42788F4CA77C5D9BE5D0542C4

Function 00C9E5F5 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7edd99c5c50ee6a7dc30e7c35c34307c7166e97bcce5e8a3f1928e25979e1aab
Instruction ID: 36ac6031f091c2992bc3e3d0a10026b8164944e6d9a9ea966ed763c0e91afe49
Opcode Fuzzy Hash: 7edd99c5c50ee6a7dc30e7c35c34307c7166e97bcce5e8a3f1928e25979e1aab
Instruction Fuzzy Hash: BB31CEB7F1162447F7584839DC683A261839BD5334F3F82788A9D6B7C6DC7E9C065284

Function 00C730F4 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29ff2746e9f6888bc22239ca540ddb904d9f1166e9e4e1b1d147712a449c686a
Instruction ID: dc0316191f6ca4d89c3e4ba7cd14ff0f5355cfea9798e1f9aac076e2e2a19b47
Opcode Fuzzy Hash: 29ff2746e9f6888bc22239ca540ddb904d9f1166e9e4e1b1d147712a449c686a
Instruction Fuzzy Hash: EF3149B7F5162607F3444879CD883A214839BD5325F2F82388F1CAB7C9DCBE8C465284

Function 00CB7573 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43ac34b12b24a21e44f0d73e41bd9aeab5e6af372f743de9bb064e0baef02fab
Instruction ID: 6ff5d0293d2b6af4bd2c2709193e23d8957eed7d68d847ab01b146a17f9f7a36
Opcode Fuzzy Hash: 43ac34b12b24a21e44f0d73e41bd9aeab5e6af372f743de9bb064e0baef02fab
Instruction Fuzzy Hash: 913181F3F5162547F3544879CC943A261839BE5324F2F82388F5CA7BC5E8BE4C061280

Function 00C9828D Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbac059b2864ed04a6e0ea2cf40cd445ae1a0ff71f898142e8360761df84722d
Instruction ID: 31f9df85ca66f7c16543a3266c7b8b07b328561ec558b9998f0f7ba65c92ef55
Opcode Fuzzy Hash: dbac059b2864ed04a6e0ea2cf40cd445ae1a0ff71f898142e8360761df84722d
Instruction Fuzzy Hash: E3318BF7F1122047F7584939CDA43226243EBD6324F2F827E8B9A6B7C5D87E5C0A5284

Function 00C9D5EA Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d51826cd2aad843162106ba600be5b51478e91043df131b5b3f26a9b147c1de
Instruction ID: 7e256216c02286ad1172489e98b558355e5af392036a2265ab992522bfc5f9e1
Opcode Fuzzy Hash: 0d51826cd2aad843162106ba600be5b51478e91043df131b5b3f26a9b147c1de
Instruction Fuzzy Hash: A6317CE3F1162143F7584839DEAA3665543A7D5324F2F823D4B9DA7BCADC7E4C090284

Function 00BBF3EF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e339d0afe3f9e436eedbc7688ed7fc3ad89e2d92d621ca90c6cf601365d14c26
Instruction ID: df9b026258efa73adaf25a6e6e5361e20dc3166c0a5a98d2805183dc6f560b8f
Opcode Fuzzy Hash: e339d0afe3f9e436eedbc7688ed7fc3ad89e2d92d621ca90c6cf601365d14c26
Instruction Fuzzy Hash: 093195345183419BD768DB28CC91AFFB7E2FFD1314F5405ACD19207262DBB09D06CA96

Function 00C9918C Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77164fe28716dd0656458811d591a6bef93ba6d7113867024a12793ebfd28fbf
Instruction ID: 862cc3cbb31828595ca42d6f5eece328960bf036e08eeb46060c5599ad9bbc09
Opcode Fuzzy Hash: 77164fe28716dd0656458811d591a6bef93ba6d7113867024a12793ebfd28fbf
Instruction Fuzzy Hash: 13216AB3F1062547F7584839CD68366668297A9325F2F42398FA9A77C6ECBD4C0546C0

Function 00E2C0AB Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d4f8594e486d1132b72d2572905add00f1a8344e081b2e1fe6bed8447ddbebc
Instruction ID: a4aa0125602e1a32ed28fd5a31fa604ae0a99229a29751d2f6641d858b434129
Opcode Fuzzy Hash: 4d4f8594e486d1132b72d2572905add00f1a8344e081b2e1fe6bed8447ddbebc
Instruction Fuzzy Hash: 93317C7151D318DFD314BF64E8425BEF3F8EF14700F31582DA6D666201EAA51950EB87

Function 00C8C0AD Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873cd064dc49f4414cded65f5c95df6f0f1f962b7db1ead3dd724cb6a163d89c
Instruction ID: e8135bfdbdb198ed6104479bf48a4b4280e5b27ae116026a5501f0386cf9a1f1
Opcode Fuzzy Hash: 873cd064dc49f4414cded65f5c95df6f0f1f962b7db1ead3dd724cb6a163d89c
Instruction Fuzzy Hash: AE211DB3F1161247F3A8882ACD6936251C3DBD5320F2E81398E89D7BC9DC7E9C0B1284

Function 00C1F3AB Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab8d92ea84ce48f5f278d7e66089b1c121c248cd2f86fa9694281febcfada646
Instruction ID: f59cfd493b60aa85c7ba0482a851499c9cdb00110630c9e4924419bc2e695212
Opcode Fuzzy Hash: ab8d92ea84ce48f5f278d7e66089b1c121c248cd2f86fa9694281febcfada646
Instruction Fuzzy Hash: 112181B3F616250BF3584879CC8435265839BE5320F2F82789E6CD7BC9DCBD9C061244

Function 00C314C6 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def4f0855f3fa8cc84a58c4396e2c19d5012ee3ce6ee7c0e6b2f12c6d5a6680f
Instruction ID: 8e603327dfdffdfad2fedb3b9c7047f6a093778342173c3155a7be0d52d9f236
Opcode Fuzzy Hash: def4f0855f3fa8cc84a58c4396e2c19d5012ee3ce6ee7c0e6b2f12c6d5a6680f
Instruction Fuzzy Hash: 57215EB7F616264BF3544878CD993A665829BD5320F2F83388FACA7BC5D87D8D061284

Function 00C750A3 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 852db2b4c1b455f0630b7b796366f7e905061b15e420972fa24c3652b18652b0
Instruction ID: 1e99a05525e567bf9427c17df02c71335a4e6f94d24d80beb9b26fbb654737c2
Opcode Fuzzy Hash: 852db2b4c1b455f0630b7b796366f7e905061b15e420972fa24c3652b18652b0
Instruction Fuzzy Hash: 1E216DF3F2152447F75C4835CD6A3626583D7D5320F2F833A4BAA976C4DCBD49060284

Function 00C3527A Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34ce0140787be80306669a1705a477f3d8629ee4c5f9a734562c7804c9b98650
Instruction ID: bd2cdefd1644d9c3389b0ef3be2428fc5f6d31f608a2798dc8e4f2421049259e
Opcode Fuzzy Hash: 34ce0140787be80306669a1705a477f3d8629ee4c5f9a734562c7804c9b98650
Instruction Fuzzy Hash: B72147F3F2162447F7584825DC643A2618397D4721F2F82798F996BBCADC7E5D0612C8

Function 00C5326F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e108d11145559f9f3ca5e3642ded5bf5740650eaf15093dee300a67ad1f75b0
Instruction ID: 16b705ca972b38ef49df49b5ed0b303d0c1533b6ed325d1637dab5986da62564
Opcode Fuzzy Hash: 5e108d11145559f9f3ca5e3642ded5bf5740650eaf15093dee300a67ad1f75b0
Instruction Fuzzy Hash: 2F2158F7F2062547F35448A5CC54362A6429BE1320F1F41398F5DAB3C6C9BD6D0A4285

Function 00CC55EF Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ef9a7d3a7d6ec23929dbff9846c58ff7bd4dcc11e3c462a8e5b6756f52a67bb
Instruction ID: ecce34ca4a097619c1117040c87d621355057053fdeef19eb65a08f94d175206
Opcode Fuzzy Hash: 9ef9a7d3a7d6ec23929dbff9846c58ff7bd4dcc11e3c462a8e5b6756f52a67bb
Instruction Fuzzy Hash: 48218CF7F21A2007F3484425DC68366618387EA329F2F823D8F2A6B3C5DCBE0C461280

Function 00C1B222 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9790b0e75a98552ac34fc22855ca358c76cde52f991a04a191024459a648d2fe
Instruction ID: a1e1c2498b4b0b1fa06a67ec33b0e50ebe0285d8adf837b8c6875b3d00a56919
Opcode Fuzzy Hash: 9790b0e75a98552ac34fc22855ca358c76cde52f991a04a191024459a648d2fe
Instruction Fuzzy Hash: 1B213AB7F6122507F3984879CC683A6A14397D1321F2F82788F68AB7C5DCBE5C495284

Function 00CC6488 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 528e20c274ccb82a305fa32e5e885d2b9a33cece8119b5a460b874532e551aac
Instruction ID: a4c0242577892f242700d1db489a952f51bfa951b701b4f6ccb317ec205798ea
Opcode Fuzzy Hash: 528e20c274ccb82a305fa32e5e885d2b9a33cece8119b5a460b874532e551aac
Instruction Fuzzy Hash: 7B2137B3F512254BF3984866CD993626582EBD5314F2F827C8F9D6BAC5D8BE080A5284

Function 00C671D2 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 853eee5a59dc12a1d729af949b332669fa47d38e4280731fccace600352e3ed3
Instruction ID: 3f2f9e55e844a700082beee93effd60dbaa36c425e31e0193d14f22ca5333820
Opcode Fuzzy Hash: 853eee5a59dc12a1d729af949b332669fa47d38e4280731fccace600352e3ed3
Instruction Fuzzy Hash: B021EFF7F41B264BF35848B8EC983B225839BE1314F2F82394F89677C2D8BD08061284

Function 00BE5580 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 22a14da2e873e5b8b3309121b9b6b1574442e06e19f3a8c3fba3bcc4f4b5df9e
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: CB11EC33A056D40EC3258D3D84405657FD34AA3239F5943D9F4B59B2D2D7228D8A9364

Function 00BDA510 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11df1b99e25c10154bf8137cc77ad1de635bc36fe4848d86a5353dcd85d1cabf
Instruction ID: 619af4a3a2395c596ad5931e1edb943e801d29ad842e9091606809a11fd79266
Opcode Fuzzy Hash: 11df1b99e25c10154bf8137cc77ad1de635bc36fe4848d86a5353dcd85d1cabf
Instruction Fuzzy Hash: A70152F170030147D620AE64A4C1777F2F89BA5708F1845ADE51857302FB65ED15C692

Function 00C1D5DF Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 164f2ba51528dd29eb5e71d16c50ea33acbb875ea8f694313f4e1cadeda8f6dd
Instruction ID: 8c799bf017ff5750c4396ce04ea9330f9e9ac37ea4d363e676091060be02908e
Opcode Fuzzy Hash: 164f2ba51528dd29eb5e71d16c50ea33acbb875ea8f694313f4e1cadeda8f6dd
Instruction Fuzzy Hash: 1C118CB3F101244BF7888838CD693A66643D7D5714F1F827D8E49AB7C8ECBE1C095280

Function 00C112F3 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70c2e7743609098f60af1dd7b7a44939c7dc82aee400bf79dea90aaa52b279ff
Instruction ID: c3becf5c1ab4af760676fa3323cd7a6b071e9d926f605e7c0ca93b720be1aeb0
Opcode Fuzzy Hash: 70c2e7743609098f60af1dd7b7a44939c7dc82aee400bf79dea90aaa52b279ff
Instruction Fuzzy Hash: 3DD05B7381C6309FEB01EA5DD4416D533E8DF05310F160569DE46C7540E6616C94DBD3

Function 00BBB432 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1346904986.0000000000BB1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BB0000, based on PE: true

Associated: 00000000.00000002.1346882272.0000000000BB0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346904986.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346966012.0000000000C07000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000C09000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000E9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EA6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1346983017.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347280320.0000000000EB4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347435209.0000000001053000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1347451551.0000000001054000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_bb0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abbb9b5d044175a3b8080c4e156f998de230171f36766e9f2f6bd4fd2eae3ac0
Instruction ID: 00a46b8ee916b0ee7a5902f795826b7c227d9976ba654bb3d97fe8a3f32ac490
Opcode Fuzzy Hash: abbb9b5d044175a3b8080c4e156f998de230171f36766e9f2f6bd4fd2eae3ac0
Instruction Fuzzy Hash: 69D012345089859FC715CF14C490DB0B776B74B314F116248D0566B6B2CB70E809C755

Source: https://occupy-blushi.sbs/=H3	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/apil8	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/apiS	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/api4	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs:443/api	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs:443/apiNs	Avira URL Cloud: Label: malware

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, edx	0_2_00BE8690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ebp+edx-05DD6E63h]	0_2_00BBAA50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], bl	0_2_00BBDBE5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], dl	0_2_00BBDBE5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then lea ecx, dword ptr [eax+eax]	0_2_00BEDC1F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ebx+0576C973h]	0_2_00BE90C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ebx	0_2_00BEC0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+edi]	0_2_00BEC0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi]	0_2_00BCF1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00BDB120
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+58h]	0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+00000100h]	0_2_00BC929E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edi*8], 2AFA9B37h	0_2_00BD32E2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00BD32E2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BD32E2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+78h]	0_2_00BD42E2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edi*8], 2AFA9B37h	0_2_00BD3247
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00BD3247
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BD3247
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00BBF3EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+58h]	0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+0576C96Fh]	0_2_00BE83C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+2Ch], ebp	0_2_00BEF3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-781FA937h]	0_2_00BD8328
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00BD2320
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+00000100h]	0_2_00BC929E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [eax+edi+23h], 00000000h	0_2_00BBB432
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], cl	0_2_00BDD44F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp+00h], 00000022h	0_2_00BDA5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-20h]	0_2_00BD2580
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00BE5580
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h]	0_2_00BB8520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ebp+edx*4+00h], ax	0_2_00BB8520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+34h]	0_2_00BB8520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00BDA510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+eax+18DEF997h]	0_2_00BDC6B7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00BDD6F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+edx+00h]	0_2_00BB2620
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [ecx]	0_2_00BD5672
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00BD6660
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00BDD65E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc eax	0_2_00BCE7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00BCE7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push esi	0_2_00BD17A3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, eax	0_2_00BD579D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 61813E67h	0_2_00BD67C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 61813E67h	0_2_00BD67C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-4EFF805Ch]	0_2_00BD67C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00BF07C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BD3730
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BDD72F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp edx	0_2_00BB48EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BB48EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh	0_2_00BEB840
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov esi, ecx	0_2_00BEB840
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+20h]	0_2_00BD9970
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, eax	0_2_00BD579D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ecx], al	0_2_00BCB940
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], cl	0_2_00BCB940
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00BCBAA8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00BC7AF1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00BBEAEB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], cl	0_2_00BDBA11
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push esi	0_2_00BCCA60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edx-0000009Ah]	0_2_00BEDA5A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov esi, ebx	0_2_00BD9A43
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BB4BF8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, byte ptr [esp+esi-56FE73B9h]	0_2_00BD5BD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-278BA32Fh]	0_2_00BD6B30
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00BC51D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00BF0B00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00BDDB6C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00BD2C6C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], si	0_2_00BD0DFC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ecx], dl	0_2_00BDCDF3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00BD5EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [eax+esi*8], 1B6183F2h	0_2_00BD5EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BDDE25
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx]	0_2_00BEEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+04h]	0_2_00BC9FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-45h]	0_2_00BC9FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+64h]	0_2_00BC9FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00BC8F1F

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49703 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49703 -> 172.67.187.240:443

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49705 -> 172.67.187.240:443

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
file.exe

Function 00BBDBE5 Relevance: 21.5, Strings: 17, Instructions: 296
COMMON

Function 00BE8690 Relevance: 18.1, APIs: 5, Strings: 5, Instructions: 584
memoryCOMMON

Function 00BBB890 Relevance: 5.4, Strings: 4, Instructions: 442
COMMON

Function 00BED930 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00BEDC1F Relevance: 1.4, Strings: 1, Instructions: 129
COMMON

Function 00BB9830 Relevance: 1.7, APIs: 1, Instructions: 178
COMMON

Function 00BEAE40 Relevance: 1.6, APIs: 1, Instructions: 75
memoryCOMMON

Function 00BEADE0 Relevance: 1.5, APIs: 1, Instructions: 38
memoryCOMMON

Function 00BBDBB3 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Function 00BBDB80 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Function 00BBABB8 Relevance: 1.5, APIs: 1, Instructions: 16
networkCOMMON