Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ziprar.exe

Overview

General Information

Sample Name:ziprar.exe
Analysis ID:1331994
MD5:e7a3d727e15edc55f3082c77db10cb33
SHA1:40a8f1c4f9645120a31a4c1fd468c150d281c44f
SHA256:c071e0b67e4c105c87b876183900f97a4e8bc1a7c18e61c028dee59ce690b1ac
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to log keystrokes (.Net Source)
.NET source code contains potential unpacker
.NET source code contains very large strings
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to communicate with device drivers
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Binary contains a suspicious time stamp
Queries disk information (often used to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • ziprar.exe (PID: 2516 cmdline: C:\Users\user\Desktop\ziprar.exe MD5: E7A3D727E15EDC55F3082C77DB10CB33)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: ziprar.exeReversingLabs: Detection: 22%
Source: ziprar.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 45.79.152.80:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: ziprar.exeStatic PE information: certificate valid
Source: ziprar.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: ziprar.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: ziprar.exe
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: GET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_PRONTO_APP_NAME HTTP/1.1Host: start.searcharchiver.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_BRAND_NAME HTTP/1.1Host: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_SIGNATURE HTTP/1.1Host: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_OSOU HTTP/1.1Host: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366 HTTP/1.1Host: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366 HTTP/1.1Host: start.searcharchiver.comConnection: Keep-Alive
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: ziprar.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: ziprar.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ziprar.exeString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: ziprar.exeString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: ziprar.exeString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0$
Source: ziprar.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: ziprar.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
Source: ziprar.exeString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: ziprar.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: ziprar.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: ziprar.exeString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: ziprar.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: ziprar.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ziprar.exeString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: ziprar.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ziprar.exe, 00000000.00000002.4416848632.0000000002EF3000.00000004.00000800.00020000.00000000.sdmp, ziprar.exe, 00000000.00000002.4416848632.0000000002EEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dsc.searcharchiver.com?713e8dc9e0537b8b2442cba2d7a23104=H1xAXFNHXl5ZVFQNEQQwBw9cQ1pQRldZU1ZDX
Source: ziprar.exeString found in binary or memory: http://james.newtonking.com/projects/json
Source: ziprar.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: ziprar.exeString found in binary or memory: http://ocsp.digicert.com0K
Source: ziprar.exeString found in binary or memory: http://ocsp.digicert.com0N
Source: ziprar.exeString found in binary or memory: http://ocsp.digicert.com0O
Source: ziprar.exeString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: ziprar.exeString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
Source: ziprar.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: ziprar.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: ziprar.exe, 00000000.00000002.4416848632.0000000002E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ziprar.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
Source: ziprar.exeString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: ziprar.exe, 00000000.00000002.4416848632.0000000002EF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://start.searcharchiver.com
Source: ziprar.exe, 00000000.00000002.4416848632.0000000002EF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=16128787
Source: ziprar.exeString found in binary or memory: https:////support.google.com/chrome_webstore/answer/2664769?hl=en
Source: ziprar.exeString found in binary or memory: https:////support.mozilla.org/en-US/kb/disable-or-remove-add-ons
Source: ziprar.exeString found in binary or memory: https:////www.searcharchiver.com/eula
Source: ziprar.exeString found in binary or memory: https://app.ziprararchiver.com/
Source: ziprar.exe, 00000000.00000002.4416848632.0000000002E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://start.searcharchiver.com
Source: ziprar.exe, 00000000.00000002.4416825413.0000000002E7D000.00000040.00000800.00020000.00000000.sdmpString found in binary or memory: https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC
Source: ziprar.exeString found in binary or memory: https://start.searcharchiver.com/nav?string_interpolation=GET_OSOU&appId=1612878710864450&emid=
Source: ziprar.exe, 00000000.00000002.4416848632.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, ziprar.exe, 00000000.00000002.4416848632.0000000002EF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878
Source: ziprar.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: ziprar.exeString found in binary or memory: https://www.globalsign.com/repository/0
Source: ziprar.exeString found in binary or memory: https://www.newtonsoft.com/json
Source: ziprar.exeString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: ziprar.exeString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: ziprar.exeString found in binary or memory: https://www.searcharchiver.com/eulaMhttps://www.searcharchiver.com/privacy=https://www.searcharchive
Source: ziprar.exeString found in binary or memory: https://www.searcharchiver.com/sorry=Brand
Source: ziprar.exeString found in binary or memory: https://www.ziprararchiver.com/eulaMhttps://www.ziprararchiver.com/privacy
Source: ziprar.exeString found in binary or memory: https://ziprararchiver.com/thankyou?tyid=yTesting
Source: unknownDNS traffic detected: queries for: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_PRONTO_APP_NAME HTTP/1.1Host: start.searcharchiver.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_BRAND_NAME HTTP/1.1Host: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_SIGNATURE HTTP/1.1Host: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_OSOU HTTP/1.1Host: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366 HTTP/1.1Host: start.searcharchiver.com
Source: global trafficHTTP traffic detected: GET /time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366 HTTP/1.1Host: start.searcharchiver.comConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 45.79.152.80:443 -> 192.168.2.5:49715 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to log keystrokes (.Net Source)
Source: ziprar.exe, InterceptKeys.cs.Net Code: SetHook

System Summary

barindex
.NET source code contains very large strings
Source: ziprar.exe, SecondScreen.csLong String: Length: 13157
Source: ziprar.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_02C5B4E80_2_02C5B4E8
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_02C5BDB80_2_02C5BDB8
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_02C5B1A00_2_02C5B1A0
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_02C5D6000_2_02C5D600
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_02C5D5EF0_2_02C5D5EF
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_065E4DB80_2_065E4DB8
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_065E4DA70_2_065E4DA7
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_068882000_2_06888200
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_0688A5F00_2_0688A5F0
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_068881F40_2_068881F4
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_081B4BB80_2_081B4BB8
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_081BAC780_2_081BAC78
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_081B3EF80_2_081B3EF8
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_081BF6F80_2_081BF6F8
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_081B51100_2_081B5110
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_02C57C6C: DeviceIoControl,0_2_02C57C6C
Source: C:\Users\user\Desktop\ziprar.exeProcess Stats: CPU usage > 49%
Source: ziprar.exe, 00000000.00000002.4415747805.000000000103E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ziprar.exe
Source: ziprar.exe, 00000000.00000000.1969833397.0000000000A3B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs ziprar.exe
Source: ziprar.exe, 00000000.00000002.4420797771.0000000003E31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs ziprar.exe
Source: ziprar.exe, 00000000.00000002.4422615143.00000000053D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs ziprar.exe
Source: ziprar.exe, 00000000.00000000.1969833397.0000000000B5A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZipRarArchiver.exe> vs ziprar.exe
Source: ziprar.exeBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs ziprar.exe
Source: ziprar.exeBinary or memory string: OriginalFilenameZipRarArchiver.exe> vs ziprar.exe
Source: ziprar.exeReversingLabs: Detection: 22%
Source: ziprar.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ziprar.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeFile created: C:\Users\user\AppData\Local\Temp\ZipRarArchiverJump to behavior
Source: classification engineClassification label: mal48.spyw.evad.winEXE@1/2@1/1
Source: ziprar.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\ziprar.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
Source: ziprar.exeString found in binary or memory: s settings. See applicable information here: <a href="https:////support.google.com/chrome_webstore/answer/2664769?hl=en">Google Chrome</a>; <a href="https:////support.mozilla.org/en-US/kb/disable-or-remove-add-ons">Mozilla Firefox</a>; <a href="https:////support.microsoft.com/en-gb/help/17447/windows-internet-explorer-11-manage-add-ons">Explorer</a>. </p><p> The Company may terminate this EULA and discontinue, or terminate the Services at any time, without notice, and for any or no reason. The Company shall not be liable to you or any third party for any of the foregoing. The Company does not assume any responsibility with respect to, or in connection with, the termination, as set forth above. The license granted to you will automatically terminate if you fail to comply with the terms of this EULA. </p><h5> (J) INDEMNIFICATION </h5><p> You will indemnify, defend and hold the Company harmless, as well as its respective affiliates, officers, directors, shareholders, or representatives from any and all demands, judgments, awards, losses, damages, expenses, claims and liabilities, and all related costs, including reasonable attorney
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\ziprar.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: ziprar.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: ziprar.exeStatic file information: File size 7059176 > 1048576
Source: ziprar.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: ziprar.exeStatic PE information: certificate valid
Source: ziprar.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x654000
Source: ziprar.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: ziprar.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: ziprar.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: ziprar.exe

Data Obfuscation

barindex
.NET source code contains potential unpacker
Source: ziprar.exe, EmbeddedAssembly.cs.Net Code: Load System.Reflection.Assembly.Load(byte[])
Source: 0.2.ziprar.exe.3e39550.0.raw.unpack, DynamicUtils.cs.Net Code: CreateSharpArgumentInfoArray
Source: 0.2.ziprar.exe.3e39550.0.raw.unpack, LateBoundReflectionDelegateFactory.cs.Net Code: CreateDefaultConstructor
Source: 0.0.ziprar.exe.a3baa8.1.raw.unpack, DynamicUtils.cs.Net Code: CreateSharpArgumentInfoArray
Source: 0.0.ziprar.exe.a3baa8.1.raw.unpack, LateBoundReflectionDelegateFactory.cs.Net Code: CreateDefaultConstructor
Source: 0.2.ziprar.exe.53d0000.1.raw.unpack, DynamicUtils.cs.Net Code: CreateSharpArgumentInfoArray
Source: 0.2.ziprar.exe.53d0000.1.raw.unpack, LateBoundReflectionDelegateFactory.cs.Net Code: CreateDefaultConstructor
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_065EA19B push eax; ret 0_2_065EA1A1
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_06884731 push es; ret 0_2_06884740
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_081BA850 pushad ; ret 0_2_081BA866
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_0B573DE5 push esp; ret 0_2_0B573DED
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_0B5731B7 push esp; ret 0_2_0B573219
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_0B571498 push esp; retf 0_2_0B571499
Source: C:\Users\user\Desktop\ziprar.exeCode function: 0_2_0B571CB8 pushfd ; iretd 0_2_0B571CB9
Source: ziprar.exeStatic PE information: 0xA48F0A3B [Wed Jun 27 03:21:31 2057 UTC]
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\ziprar.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599890s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599781s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599672s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599562s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599453s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599344s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599234s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599125s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -599016s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598906s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598797s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598687s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598578s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598469s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598344s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598234s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598125s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -598016s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597906s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597797s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597688s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597563s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597453s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597344s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597219s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597109s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -597000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596891s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596781s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596672s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596562s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596450s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596344s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596219s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596109s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -596000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -595891s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -595781s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -595672s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -595563s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -595438s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -595313s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -595203s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -595094s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -594969s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -594859s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -594750s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -594641s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exe TID: 5368Thread sleep time: -594531s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599890Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599781Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599672Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599562Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599453Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599344Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599234Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599125Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599016Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598906Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598797Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598687Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598578Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598469Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598344Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598234Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598125Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598016Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597906Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597797Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597688Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597563Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597453Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597344Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597219Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597109Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597000Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596891Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596781Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596672Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596562Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596450Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596344Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596219Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596109Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596000Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595891Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595781Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595672Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595563Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595438Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595313Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595203Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595094Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594969Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594859Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594750Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594641Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594531Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeWindow / User API: threadDelayed 7856Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeWindow / User API: threadDelayed 1890Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599890Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599781Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599672Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599562Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599453Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599344Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599234Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599125Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 599016Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598906Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598797Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598687Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598578Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598469Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598344Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598234Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598125Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 598016Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597906Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597797Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597688Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597563Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597453Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597344Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597219Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597109Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 597000Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596891Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596781Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596672Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596562Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596450Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596344Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596219Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596109Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 596000Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595891Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595781Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595672Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595563Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595438Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595313Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595203Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 595094Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594969Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594859Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594750Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594641Jump to behavior
Source: C:\Users\user\Desktop\ziprar.exeThread delayed: delay time: 594531Jump to behavior
Source: ziprar.exe, 00000000.00000002.4425560194.0000000006462000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\ziprar.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeQueries volume information: C:\Users\user\Desktop\ziprar.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ziprar.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		Path InterceptionPath Interception1
Disable or Modify Tools		1
Input Capture		111
Security Software Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts131
Virtualization/Sandbox Evasion		LSASS Memory131
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Software Packing		NTDS122
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ziprar.exe23%ReversingLabsByteCode-MSIL.Browser.MediaArena

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC0%Avira URL Cloudsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
https://start.searcharchiver.com0%Avira URL Cloudsafe
http://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=161287870%Avira URL Cloudsafe
https://start.searcharchiver.com/nav?string_interpolation=GET_OSOU&appId=1612878710864450&emid=0%Avira URL Cloudsafe
https://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=16128780%Avira URL Cloudsafe
https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_BRAND_NAME0%Avira URL Cloudsafe
https://www.ziprararchiver.com/eulaMhttps://www.ziprararchiver.com/privacy0%Avira URL Cloudsafe
https://app.ziprararchiver.com/0%Avira URL Cloudsafe
https:////www.searcharchiver.com/eula0%Avira URL Cloudsafe
https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_OSOU0%Avira URL Cloudsafe
http://start.searcharchiver.com0%Avira URL Cloudsafe
http://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=20497933660%Avira URL Cloudsafe
https://www.searcharchiver.com/eulaMhttps://www.searcharchiver.com/privacy=https://www.searcharchive0%Avira URL Cloudsafe
https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_PRONTO_APP_NAME0%Avira URL Cloudsafe
http://dsc.searcharchiver.com?713e8dc9e0537b8b2442cba2d7a23104=H1xAXFNHXl5ZVFQNEQQwBw9cQ1pQRldZU1ZDX0%Avira URL Cloudsafe
https:////support.google.com/chrome_webstore/answer/2664769?hl=en0%Avira URL Cloudsafe
https://www.searcharchiver.com/sorry=Brand0%Avira URL Cloudsafe
https:////support.mozilla.org/en-US/kb/disable-or-remove-add-ons0%Avira URL Cloudsafe
https://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=20497933660%Avira URL Cloudsafe
https://ziprararchiver.com/thankyou?tyid=yTesting0%Avira URL Cloudsafe
https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_SIGNATURE0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
start.searcharchiver.com
45.79.152.80
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_BRAND_NAMEfalse
    • Avira URL Cloud: safe
    		unknown
    https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_OSOUfalse
    • Avira URL Cloud: safe
    		unknown
    https://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366false
    • Avira URL Cloud: safe
    		unknown
    https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_PRONTO_APP_NAMEfalse
    • Avira URL Cloud: safe
    		unknown
    http://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366false
    • Avira URL Cloud: safe
    		unknown
    https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_SIGNATUREfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://start.searcharchiver.com/nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DCziprar.exe, 00000000.00000002.4416825413.0000000002E7D000.00000040.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://start.searcharchiver.comziprar.exe, 00000000.00000002.4416848632.0000000002E7E000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.ziprararchiver.com/eulaMhttps://www.ziprararchiver.com/privacyziprar.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=16128787ziprar.exe, 00000000.00000002.4416848632.0000000002EF3000.00000004.00000800.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://app.ziprararchiver.com/ziprar.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.newtonsoft.com/jsonziprar.exefalse
      		high
      https://start.searcharchiver.com/nav?string_interpolation=GET_OSOU&appId=1612878710864450&emid=ziprar.exefalse
      • Avira URL Cloud: safe
      		unknown
      https://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878ziprar.exe, 00000000.00000002.4416848632.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, ziprar.exe, 00000000.00000002.4416848632.0000000002EF3000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https:////www.searcharchiver.com/eulaziprar.exefalse
      • Avira URL Cloud: safe
      		low
      http://start.searcharchiver.comziprar.exe, 00000000.00000002.4416848632.0000000002EF3000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://james.newtonking.com/projects/jsonziprar.exefalse
      • URL Reputation: safe
      		unknown
      https:////support.google.com/chrome_webstore/answer/2664769?hl=enziprar.exefalse
      • Avira URL Cloud: safe
      		low
      https://www.searcharchiver.com/sorry=Brandziprar.exefalse
      • Avira URL Cloud: safe
      		unknown
      http://dsc.searcharchiver.com?713e8dc9e0537b8b2442cba2d7a23104=H1xAXFNHXl5ZVFQNEQQwBw9cQ1pQRldZU1ZDXziprar.exe, 00000000.00000002.4416848632.0000000002EF3000.00000004.00000800.00020000.00000000.sdmp, ziprar.exe, 00000000.00000002.4416848632.0000000002EEB000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://www.newtonsoft.com/jsonschemaziprar.exefalse
        		high
        https://www.nuget.org/packages/Newtonsoft.Json.Bsonziprar.exefalse
          		high
          https://www.searcharchiver.com/eulaMhttps://www.searcharchiver.com/privacy=https://www.searcharchiveziprar.exefalse
          • Avira URL Cloud: safe
          		unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameziprar.exe, 00000000.00000002.4416848632.0000000002E7E000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https:////support.mozilla.org/en-US/kb/disable-or-remove-add-onsziprar.exefalse
            • Avira URL Cloud: safe
            		low
            https://ziprararchiver.com/thankyou?tyid=yTestingziprar.exefalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            45.79.152.80
            		start.searcharchiver.comUnited States
            		63949LINODE-APLinodeLLCUSfalse

            General Information

            Joe Sandbox Version:38.0.0 Ammolite
            Analysis ID:1331994
            Start date and time:2023-10-25 17:37:48 +02:00
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 8m 29s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:6
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample file name:ziprar.exe
            Detection:MAL
            Classification:mal48.spyw.evad.winEXE@1/2@1/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 99%
            • Number of executed functions: 201
            • Number of non-executed functions: 8
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
            • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.
            • VT rate limit hit for: ziprar.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            17:38:35API Interceptor5629705x Sleep call for process: ziprar.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            45.79.152.80pdfhubonline.exeGet hashmaliciousUnknownBrowse
              pdfhubonline.exeGet hashmaliciousUnknownBrowse
                HjWAr8N06l.exeGet hashmaliciousUnknownBrowse
                  HjWAr8N06l.exeGet hashmaliciousUnknownBrowse

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    start.searcharchiver.comziprar.exeGet hashmaliciousUnknownBrowse
                    • 168.119.254.45
                    ziprar.exeGet hashmaliciousUnknownBrowse
                    • 45.55.57.132
                    LivRQPWnUZ.exeGet hashmaliciousUnknownBrowse
                    • 45.55.57.132
                    LivRQPWnUZ.exeGet hashmaliciousUnknownBrowse
                    • 45.55.57.132
                    LivRQPWnUZ.exeGet hashmaliciousUnknownBrowse
                    • 45.55.57.132
                    6kld3q3POP.exeGet hashmaliciousUnknownBrowse
                    • 45.55.57.132
                    ziprar.exeGet hashmaliciousUnknownBrowse
                    • 45.55.57.132
                    ziprar.exeGet hashmaliciousUnknownBrowse
                    • 45.55.57.132
                    ziprar.exeGet hashmaliciousUnknownBrowse
                    • 45.55.57.132

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    LINODE-APLinodeLLCUSlegal requirements for a credit note 32312.jsGet hashmaliciousUnknownBrowse
                    • 172.104.248.173
                    SecuriteInfo.com.Heur.15818.11772.xlsxGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.33.42.226
                    UNILEVER_PURCHASE_ORDER_#109332.xlsGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.33.42.226
                    BLM_Inqury_PO009116420231024.xlsGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.33.42.226
                    Doc002355.xlsGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.33.42.226
                    New_Order_enquiry.xla.xlsxGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.33.42.226
                    Purchase_Order_022502_-_0002.xla.xlsxGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.33.42.226
                    3RJv63AEc5.rtfGet hashmaliciousUnknownBrowse
                    • 45.33.6.223
                    RFQ.docGet hashmaliciousUnknownBrowse
                    • 45.33.6.223
                    SecuriteInfo.com.ELF.Gafgyt-NI.30943.11537.elfGet hashmaliciousUnknownBrowse
                    • 172.105.112.197
                    AWB_#191023.docGet hashmaliciousUnknownBrowse
                    • 45.33.6.223
                    TotalXTunisiaXRFQ.docx.docGet hashmaliciousUnknownBrowse
                    • 45.33.6.223
                    arm.elfGet hashmaliciousUnknownBrowse
                    • 172.105.6.88
                    xwm6JTdNbd.elfGet hashmaliciousGafgyt, MiraiBrowse
                    • 23.239.26.165
                    xGqBU7Fake.elfGet hashmaliciousGafgyt, MiraiBrowse
                    • 23.239.26.165
                    okogPEJ42Y.elfGet hashmaliciousGafgyt, MiraiBrowse
                    • 23.239.26.165
                    tmhWPShOKl.elfGet hashmaliciousGafgyt, MiraiBrowse
                    • 23.239.26.165
                    84S4XU2InE.elfGet hashmaliciousGafgyt, MiraiBrowse
                    • 23.239.26.165
                    N1FIAJvNR1.elfGet hashmaliciousGafgyt, MiraiBrowse
                    • 23.239.26.165
                    LvnCjqFTzZ.elfGet hashmaliciousGafgyt, MiraiBrowse
                    • 23.239.26.165

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousGlupteba, SmokeLoader, XmrigBrowse
                    • 45.79.152.80
                    legal requirements for a credit note 32312.jsGet hashmaliciousUnknownBrowse
                    • 45.79.152.80
                    legal requirements for a credit note 32312.jsGet hashmaliciousUnknownBrowse
                    • 45.79.152.80
                    BOQ-_AE200039828.exeGet hashmaliciousAgentTeslaBrowse
                    • 45.79.152.80
                    VINLISTS.exeGet hashmaliciousAgentTeslaBrowse
                    • 45.79.152.80
                    file.exeGet hashmaliciousGlupteba, RedLine, SmokeLoader, XmrigBrowse
                    • 45.79.152.80
                    Invoice 1654.htmGet hashmaliciousUnknownBrowse
                    • 45.79.152.80
                    TRANSAKTIONSBESTATIGUNG_20231019162300.EXE.exeGet hashmaliciousAgentTeslaBrowse
                    • 45.79.152.80
                    osYVRj28Rp.exeGet hashmaliciousAgentTeslaBrowse
                    • 45.79.152.80
                    POfdp.exeGet hashmaliciousAgentTeslaBrowse
                    • 45.79.152.80
                    Acct#_SOA.pdf________________________________________________________________________________.exeGet hashmaliciousAgentTeslaBrowse
                    • 45.79.152.80
                    SecuriteInfo.com.Win32.PWSX-gen.14129.8680.exeGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.79.152.80
                    8.ps1Get hashmaliciousUnknownBrowse
                    • 45.79.152.80
                    RFQ10.25.20235PDF.exeGet hashmaliciousLokibotBrowse
                    • 45.79.152.80
                    SecuriteInfo.com.Win32.PWSX-gen.26200.3198.exeGet hashmaliciousAgentTeslaBrowse
                    • 45.79.152.80
                    luoves.vbsGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.79.152.80
                    SecuriteInfo.com.Win32.PWSX-gen.16337.5313.exeGet hashmaliciousAgentTesla, zgRATBrowse
                    • 45.79.152.80
                    COSCO_DN_5874_fdp.exeGet hashmaliciousAgentTeslaBrowse
                    • 45.79.152.80
                    SecuriteInfo.com.Trojan.MulDrop14.2762.17284.16267.exeGet hashmaliciousUnknownBrowse
                    • 45.79.152.80
                    file.exeGet hashmaliciousGlupteba, RedLine, SmokeLoader, XmrigBrowse
                    • 45.79.152.80

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\ZipRarArchiver\favicon.ico

                    Download File
                    Process:C:\Users\user\Desktop\ziprar.exe
                    File Type:MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                    Category:dropped
                    Size (bytes):410598
                    Entropy (8bit):4.462037127666373
                    Encrypted:false
                    SSDEEP:3072:NGoSB/EiHr9GMrUA2jqQW6UEA48xsyEzedQhSOQ7oPm8jwlxq2XzKN0e:N
                    MD5:C979B1455DB21F8886DAB3D3892CB64B
                    SHA1:D00720B6391DAC9F7231D75AB51A5A11E85353C8
                    SHA-256:EC3FFC8A5C733DFED8078E22D4BA7A8C4E41583D139C9F936172AD2E4714957A
                    SHA-512:1FCF586B4B55D9F5298037FDF23D3DC4E69F1C931CAFFC3E712C92F68D68111A9BADD9DE06EF7C9BEF00E04DCE5118648DF28285A891B433F0ED4B9FE2902D49
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:............ .h............. ......... .... .....v...00.... ..%......@@.... .(B...D..``.... .............. .(............. .( ...#..(....... ..... .....@...................................m/.1o/..n/..n/..n/..n/..o/..m/.1........................f3..n0..n/..n/..n/..n/..n/..n/..n/..n/..n0..f3...............3..z5..p0..n/..n/..n/..n/..n/..n/..n/..n/..n/..n/..f3...........@..:..x4..o/..n/..n/..n/..n/..n/..n/..n/..n/..n/..n0.......I.1.F...@...E...Y...V...V...V...V...V..r4...V..v;..n/..n/..m/.1.Q...L...E...H..................................s6..n/..n/..o/...W..Q...K...D...i.......Z..n/..n/...}.......G..n/..n/..n/..n/...]...V...P...J...C.........u7...[..............n/..n/..n/..n/...b...\...U...O...I...F..........r3..r5...f......}E..n/..n/..n/...g...a...[...T...N...G...Y......z7..o/...V.......I..n/..n/..n/...k...g...`....................................n/..n/..n/..o/...m}1.l...f...j...x...s...n...i...c...^...H..n/..n/..n/..n/..m/.1.....p{..k...d...^...X...Q...K...D...>...8..s1..n/..n/..n0

                    C:\Users\user\AppData\Local\Temp\ZipRarArchiver\installer_loader.gif

                    Download File
                    Process:C:\Users\user\Desktop\ziprar.exe
                    File Type:GIF image data, version 89a, 900 x 600
                    Category:dropped
                    Size (bytes):62302
                    Entropy (8bit):7.918564033074584
                    Encrypted:false
                    SSDEEP:1536:mcGgIrDwCEKb9rhhJ77cXpKWvQ1DcHC86GdEYehi6Ww8:QDwCEufd7c5e1DciBkExcnw8
                    MD5:75FE3240A546F8CEB8E513E18D404F2C
                    SHA1:5C614060FB7765CDAF26EB6A50F6306E0FBE40F1
                    SHA-256:EA1D5E14222178C61EFA65C01A4B60DEC5F3DD801BD26CE00979DE4B54019020
                    SHA-512:7C0924C5A5324461A090BA2B5C5531F7A973BE6DFAD830F0D9CE6A108A137B6E213EBC575939B0A91251F70EC8E5C761E4C3F5C15F4627E9FF8AB9DAA6D41BDC
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:GIF89a..X.......OVe..4......EK\......t......,6M...N......................wwxos............................................u.....+K......t...q.........{...f.................}.....gff..."c..t..............................9....7@U.........P........N.....yv............[..Dx....*y.......................lry.......j..Y^n........................102...~.......fjr.............w....eb]...yropki......]XU.......{.}.........7.......{.......'......rms$.....&............D.......;..................................:.. |..5q...=..`]b......oro]..>:9.....,C<EFDA[_^:..../...d.........................N!....._.....;AC...$.....................................................................................................................4...........4......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="h

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.185855698264055
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    • Win32 Executable (generic) a (10002005/4) 49.97%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    • DOS Executable Generic (2002/1) 0.01%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:ziprar.exe
                    File size:7'059'176 bytes
                    MD5:e7a3d727e15edc55f3082c77db10cb33
                    SHA1:40a8f1c4f9645120a31a4c1fd468c150d281c44f
                    SHA256:c071e0b67e4c105c87b876183900f97a4e8bc1a7c18e61c028dee59ce690b1ac
                    SHA512:7d35b49542965e6a9cf9068d5f7d8b686f0518ed12cb89acccd23dfbe5d0c2a3fc596455527d57a0af2ad67464830d7a2753f3c977e74b88fcf1ad938b05d03b
                    SSDEEP:98304:I45UEXPwQmPCOiMEto9cHP9dkuHz9M6lP:b5UEXmIWaP9d9P
                    TLSH:5666E123ADB407C3EF9943787873C574CB786C99A8D6AAAB1403BDB929357510D8CB13
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.................0..@e..N......2^e.. ...`e...@.. ........................k.....h.l...`................................

                    File Icon

                    Icon Hash:f89ef04b69f8c6e8

                    Static PE Info

                    General

                    Entrypoint:0xa55e32
                    Entrypoint Section:.text
                    Digitally signed:true
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0xA48F0A3B [Wed Jun 27 03:21:31 2057 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Authenticode Signature

                    Signature Valid:true
                    Signature Issuer:CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
                    Signature Validation Error:The operation completed successfully
                    Error Number:0
                    Not Before, Not After
                    • 22/12/2020 15:38:38 23/12/2023 15:38:38
                    Subject Chain
                    • E=product@mediaarenaltd.com, CN=MEDIA ARENA LTD, O=MEDIA ARENA LTD, STREET=11 Hamanofim, L=Herzliya, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516070034, OID.2.5.4.15=Private Organization
                    Version:3
                    Thumbprint MD5:D99A0028EB69BC88AD5CFF7295D791B3
                    Thumbprint SHA-1:1D4887FCEE216C87907C5D427C9774E4368BBB7D
                    Thumbprint SHA-256:A3FB349CE87816FBE4D52209C63BACD303AA5ABB302FAEA6E90ADF79684E0BB8
                    Serial:3BED5B5D7855573934DDE042

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    push ebp
                    mov ebp, esp
                    push edi
                    mov edi, dword ptr [ebp+10h]
                    push 00000001h
                    pop eax
                    push ebx
                    cpuid
                    mov dword ptr [edi], eax
                    mov dword ptr [edi+04h], edx
                    pop ebx
                    pop edi
                    mov esp, ebp
                    pop ebp
                    retn 0010h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    push ebx
                    dec eax
                    mov eax, 00000001h
                    cpuid
                    inc ecx
                    mov dword ptr [eax], eax
                    inc ecx
                    mov dword ptr [eax+04h], edx
                    pop ebx
                    ret
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax-1BFBF6FCh], dh
                    add al, 09h
                    add al, 00h
                    add byte ptr [ecx], cl
                    add al, 00h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x655de00x4f.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x6560000x64ba0.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x6b90000x26e8
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x6bc0000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x655dc40x1c.text
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x653e800x654000unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0x6560000x64ba00x64c00False0.07623972549627792data4.469973698930368IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x6bc0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_ICON0x6561e00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.5833333333333334
                    RT_ICON0x6566580x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.47704918032786886
                    RT_ICON0x656ff00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.38320825515947465
                    RT_ICON0x6580a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.25778008298755184
                    RT_ICON0x65a6600x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.18380963627775154
                    RT_ICON0x65e8980x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.14066113096489383
                    RT_ICON0x667d500x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.08875547143026144
                    RT_ICON0x6785880x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2703360.040632304642423886
                    RT_GROUP_ICON0x6ba5c00x76data0.7288135593220338
                    RT_VERSION0x6ba6480x356data0.41569086651053866
                    RT_MANIFEST0x6ba9b00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 25, 2023 17:38:35.504868984 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:35.504933119 CEST4434971545.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:35.505006075 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:35.520215988 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:35.520252943 CEST4434971545.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:35.754030943 CEST4434971545.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:35.754182100 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:35.757893085 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:35.757924080 CEST4434971545.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:35.758177996 CEST4434971545.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:35.803566933 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:35.824774027 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:35.866446018 CEST4434971545.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.181854963 CEST4434971545.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.181919098 CEST4434971545.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.182111979 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.187767029 CEST49715443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.230247021 CEST49718443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.230312109 CEST4434971845.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.230408907 CEST49718443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.230668068 CEST49718443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.230700970 CEST4434971845.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.454700947 CEST4434971845.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.457449913 CEST49718443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.457510948 CEST4434971845.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.704807043 CEST4434971845.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.705493927 CEST4434971845.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.705785990 CEST49718443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.706213951 CEST49718443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.707658052 CEST49719443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.707745075 CEST4434971945.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.707839966 CEST49719443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.708110094 CEST49719443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.708143950 CEST4434971945.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.934782028 CEST4434971945.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:36.936475039 CEST49719443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:36.936537981 CEST4434971945.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.443404913 CEST4434971945.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.443572998 CEST4434971945.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.443650007 CEST49719443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:37.444022894 CEST49719443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:37.445327044 CEST49720443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:37.445408106 CEST4434972045.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.445496082 CEST49720443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:37.445753098 CEST49720443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:37.445784092 CEST4434972045.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.669609070 CEST4434972045.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.671049118 CEST49720443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:37.671087027 CEST4434972045.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.947797060 CEST4434972045.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.947860003 CEST4434972045.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:37.947945118 CEST49720443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:37.948456049 CEST49720443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:37.962526083 CEST4972280192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.062632084 CEST804972245.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.062858105 CEST4972280192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.063051939 CEST4972280192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.162727118 CEST804972245.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.163132906 CEST804972245.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.164880037 CEST49723443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.164932966 CEST4434972345.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.165004969 CEST49723443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.165342093 CEST49723443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.165364027 CEST4434972345.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.209795952 CEST4972280192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.390660048 CEST4434972345.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.392263889 CEST49723443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.392327070 CEST4434972345.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.826946974 CEST4434972345.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.827014923 CEST4434972345.79.152.80192.168.2.5
                    Oct 25, 2023 17:38:38.827156067 CEST49723443192.168.2.545.79.152.80
                    Oct 25, 2023 17:38:38.829210997 CEST49723443192.168.2.545.79.152.80
                    Oct 25, 2023 17:40:17.960098028 CEST4972280192.168.2.545.79.152.80
                    Oct 25, 2023 17:40:18.061273098 CEST804972245.79.152.80192.168.2.5
                    Oct 25, 2023 17:40:18.061512947 CEST4972280192.168.2.545.79.152.80

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 25, 2023 17:38:35.391015053 CEST5405353192.168.2.51.1.1.1
                    Oct 25, 2023 17:38:35.498090029 CEST53540531.1.1.1192.168.2.5

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Oct 25, 2023 17:38:35.391015053 CEST192.168.2.51.1.1.10x5618Standard query (0)start.searcharchiver.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Oct 25, 2023 17:38:35.498090029 CEST1.1.1.1192.168.2.50x5618No error (0)start.searcharchiver.com45.79.152.80A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • start.searcharchiver.com

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.54971545.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.54971845.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.54971945.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.54972045.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    4192.168.2.54972345.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    5192.168.2.54972245.79.152.8080C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData
                    Oct 25, 2023 17:38:38.063051939 CEST11OUTGET /time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366 HTTP/1.1
                    Host: start.searcharchiver.com
                    Connection: Keep-Alive
                    Oct 25, 2023 17:38:38.163132906 CEST12INHTTP/1.1 301 Moved Permanently
                    Location: https://start.searcharchiver.com/time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366
                    Date: Wed, 25 Oct 2023 15:38:38 GMT
                    Content-Length: 17
                    Content-Type: text/plain; charset=utf-8
                    Data Raw: 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79
                    Data Ascii: Moved Permanently


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.54971545.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData
                    2023-10-25 15:38:35 UTC0OUTGET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_PRONTO_APP_NAME HTTP/1.1
                    Host: start.searcharchiver.com
                    Connection: Keep-Alive
                    2023-10-25 15:38:36 UTC0INHTTP/1.1 200 OK
                    Access-Control-Allow-Origin: *
                    Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
                    Content-Type: application/json;charset=ISO-8859-1
                    Date: Wed, 25 Oct 2023 15:38:35 GMT
                    Server: Nginx
                    Content-Length: 41
                    Connection: close
                    2023-10-25 15:38:36 UTC0INData Raw: 7b 22 47 45 54 5f 50 52 4f 4e 54 4f 5f 41 50 50 5f 4e 41 4d 45 22 3a 22 5a 69 70 52 61 72 41 72 63 68 69 76 65 72 22 7d 0a
                    Data Ascii: {"GET_PRONTO_APP_NAME":"ZipRarArchiver"}


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.54971845.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData
                    2023-10-25 15:38:36 UTC0OUTGET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_BRAND_NAME HTTP/1.1
                    Host: start.searcharchiver.com
                    2023-10-25 15:38:36 UTC0INHTTP/1.1 200 OK
                    Access-Control-Allow-Origin: *
                    Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
                    Content-Type: application/json;charset=ISO-8859-1
                    Date: Wed, 25 Oct 2023 15:38:36 GMT
                    Server: Nginx
                    Vary: Accept-Encoding
                    Content-Length: 36
                    Connection: close
                    2023-10-25 15:38:36 UTC0INData Raw: 7b 22 47 45 54 5f 42 52 41 4e 44 5f 4e 41 4d 45 22 3a 22 73 65 61 72 63 68 61 72 63 68 69 76 65 72 22 7d 0a
                    Data Ascii: {"GET_BRAND_NAME":"searcharchiver"}


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.54971945.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData
                    2023-10-25 15:38:36 UTC1OUTGET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_SIGNATURE HTTP/1.1
                    Host: start.searcharchiver.com
                    2023-10-25 15:38:37 UTC1INHTTP/1.1 200 OK
                    Access-Control-Allow-Origin: *
                    Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
                    Content-Type: application/json;charset=ISO-8859-1
                    Date: Wed, 25 Oct 2023 15:38:37 GMT
                    Server: Nginx
                    Content-Length: 51
                    Connection: close
                    2023-10-25 15:38:37 UTC1INData Raw: 7b 22 47 45 54 5f 53 49 47 4e 41 54 55 52 45 22 3a 22 47 53 5f 4d 45 44 49 41 41 52 45 4e 41 5f 5a 49 50 52 41 52 5f 53 49 47 4e 41 54 55 52 45 22 7d 0a
                    Data Ascii: {"GET_SIGNATURE":"GS_MEDIAARENA_ZIPRAR_SIGNATURE"}


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.54972045.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData
                    2023-10-25 15:38:37 UTC1OUTGET /nav?emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&appId=1612878710864450&string_interpolation=GET_OSOU HTTP/1.1
                    Host: start.searcharchiver.com
                    2023-10-25 15:38:37 UTC1INHTTP/1.1 200 OK
                    Access-Control-Allow-Origin: *
                    Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
                    Content-Type: application/json;charset=ISO-8859-1
                    Date: Wed, 25 Oct 2023 15:38:37 GMT
                    Server: Nginx
                    Vary: Accept-Encoding
                    Content-Length: 239
                    Connection: close
                    2023-10-25 15:38:37 UTC2INData Raw: 7b 22 47 45 54 5f 4f 53 4f 55 22 3a 22 68 74 74 70 3a 2f 2f 64 73 63 2e 73 65 61 72 63 68 61 72 63 68 69 76 65 72 2e 63 6f 6d 3f 37 31 33 65 38 64 63 39 65 30 35 33 37 62 38 62 32 34 34 32 63 62 61 32 64 37 61 32 33 31 30 34 3d 48 31 78 41 58 46 4e 48 58 6c 35 5a 56 46 51 4e 45 51 51 77 42 77 39 63 51 31 70 51 52 6c 64 5a 55 31 5a 44 58 46 6c 43 57 31 70 65 55 56 51 4a 44 42 30 4c 55 31 73 6e 53 69 34 6e 4e 69 6b 6f 57 31 46 43 56 46 46 43 4b 56 5a 64 55 55 4a 63 41 6b 5a 57 58 41 6c 58 52 31 52 57 54 51 6b 49 58 31 5a 46 44 56 63 56 43 56 68 62 56 55 4e 64 55 68 4a 61 56 69 34 69 4e 46 67 6a 4e 6c 70 5a 4c 79 4a 4c 53 67 49 63 44 67 41 46 42 42 34 7a 43 42 42 53 58 67 25 32 35 33 44 25 32 35 33 44 22 7d 0a
                    Data Ascii: {"GET_OSOU":"http://dsc.searcharchiver.com?713e8dc9e0537b8b2442cba2d7a23104=H1xAXFNHXl5ZVFQNEQQwBw9cQ1pQRldZU1ZDXFlCW1peUVQJDB0LU1snSi4nNikoW1FCVFFCKVZdUUJcAkZWXAlXR1RWTQkIX1ZFDVcVCVhbVUNdUhJaVi4iNFgjNlpZLyJLSgIcDgAFBB4zCBBSXg%253D%253D"}


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    4192.168.2.54972345.79.152.80443C:\Users\user\Desktop\ziprar.exe
                    TimestampkBytes transferredDirectionData
                    2023-10-25 15:38:38 UTC2OUTGET /time?session_id=1640c995-2049-4d62-a150-e0b741766344&app_id=1612878710864450&emid=0F8BFBFF000806F86000c292b65879ff477a6af604113f58ECF4BB57DC9&install_version=1111&identity=searcharchiver&sig=GS_MEDIAARENA_ZIPRAR_SIGNATURE&download_browser=edge_chrome&os_version=10.0.19041&r=2049793366 HTTP/1.1
                    Host: start.searcharchiver.com
                    2023-10-25 15:38:38 UTC2INHTTP/1.1 200 OK
                    Access-Control-Allow-Origin: *
                    Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
                    Content-Type: application/json;charset=UTF-8
                    Date: Wed, 25 Oct 2023 15:38:38 GMT
                    Server: Nginx
                    Vary: Accept-Encoding
                    Content-Length: 26
                    Connection: close
                    2023-10-25 15:38:38 UTC2INData Raw: 7b 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 64 61 74 61 22 3a 22 6f 6b 22 7d
                    Data Ascii: {"status":200,"data":"ok"}


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    System Behavior

                    General

                    Target ID:0
                    Start time:17:38:32
                    Start date:25/10/2023
                    Path:C:\Users\user\Desktop\ziprar.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\Desktop\ziprar.exe
                    Imagebase:0x4a0000
                    File size:7'059'176 bytes
                    MD5 hash:E7A3D727E15EDC55F3082C77DB10CB33
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:14.8%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:2.4%
                      Total number of Nodes:291
                      Total number of Limit Nodes:20
                      execution_graph 60825 6883fe8 60826 6884036 DrawTextExW 60825->60826 60828 688408e 60826->60828 60950 a0910b8 60951 a0910c6 60950->60951 60952 a0910ca 60950->60952 60956 a091148 SendMessageW 60952->60956 60958 a091140 60952->60958 60953 a091131 60957 a0911b4 60956->60957 60957->60953 60959 a091148 SendMessageW 60958->60959 60960 a0911b4 60959->60960 60960->60953 60593 b570040 KiUserCallbackDispatcher 60594 b5700b4 60593->60594 60751 688f8a0 60752 688f8e8 SetWindowTextW 60751->60752 60753 688f8e2 60751->60753 60754 688f919 60752->60754 60753->60752 60755 a092220 60756 a09223a 60755->60756 60759 a09224d 60755->60759 60761 a09127c 60756->60761 60758 a092293 60759->60758 60760 a09127c OleInitialize 60759->60760 60760->60758 60762 a091287 60761->60762 60763 a0922be 60762->60763 60766 a0922e8 60762->60766 60774 a0922f8 60762->60774 60763->60759 60767 a09229b 60766->60767 60769 a0922f2 60766->60769 60768 a0922be 60767->60768 60772 a0922e8 OleInitialize 60767->60772 60773 a0922f8 OleInitialize 60767->60773 60768->60763 60771 a092329 60769->60771 60779 a09131c 60769->60779 60771->60763 60772->60768 60773->60768 60775 a092320 60774->60775 60778 a09234c 60774->60778 60776 a092329 60775->60776 60777 a09131c OleInitialize 60775->60777 60776->60763 60777->60778 60778->60763 60780 a091327 60779->60780 60782 a092643 60780->60782 60783 a091338 60780->60783 60782->60771 60784 a092678 OleInitialize 60783->60784 60785 a0926dc 60784->60785 60785->60782 60786 a095e20 60788 a095e32 60786->60788 60787 a095e6f 60788->60787 60791 a095fd8 60788->60791 60796 a095fc7 60788->60796 60792 a095ffb 60791->60792 60793 a096130 60792->60793 60801 a096368 60792->60801 60806 a096360 60792->60806 60793->60787 60797 a095ffb 60796->60797 60798 a096130 60797->60798 60799 a096368 2 API calls 60797->60799 60800 a096360 2 API calls 60797->60800 60798->60787 60799->60798 60800->60798 60802 a09637f 60801->60802 60803 a0963c0 60802->60803 60811 688b388 60802->60811 60815 688b360 60802->60815 60803->60793 60807 a09637f 60806->60807 60808 a0963c0 60807->60808 60809 688b388 KiUserCallbackDispatcher 60807->60809 60810 688b360 KiUserCallbackDispatcher 60807->60810 60808->60793 60809->60808 60810->60808 60813 688b39c 60811->60813 60812 688b3d3 60812->60803 60813->60812 60814 688b444 KiUserCallbackDispatcher 60813->60814 60814->60812 60816 688b37a 60815->60816 60817 688b444 KiUserCallbackDispatcher 60816->60817 60818 688b3d3 60816->60818 60817->60818 60818->60803 60819 a095130 60820 a095175 GetClassInfoW 60819->60820 60822 a0951bb 60820->60822 60829 a09d4a3 60830 a09d4b6 60829->60830 60834 a09d628 PostMessageW 60830->60834 60836 a09d601 60830->60836 60831 a09d4d9 60835 a09d694 60834->60835 60835->60831 60837 a09d610 60836->60837 60837->60831 60838 a09d628 PostMessageW 60837->60838 60839 a09d694 60838->60839 60839->60831 60595 2c576d8 60596 2c576eb 60595->60596 60599 2c57710 60596->60599 60597 2c576f7 60600 2c5774a 60599->60600 60601 2c57922 60600->60601 60608 2c57fe5 60600->60608 60614 2c57f98 60600->60614 60626 2c5802b 60600->60626 60630 2c5c920 60601->60630 60635 2c5c913 60601->60635 60602 2c579df 60602->60597 60609 2c57ff5 60608->60609 60640 2c58f71 60609->60640 60610 2c58013 60613 2c5c6ab CreateFileA 60610->60613 60611 2c58059 60611->60601 60613->60611 60615 2c57fb9 60614->60615 60616 2c57fc2 60615->60616 60648 2c58410 60615->60648 60653 2c58420 60615->60653 60658 2c5875f 60616->60658 60662 2c58770 60616->60662 60617 2c57fcd 60620 2c58f71 CreateFileA 60617->60620 60618 2c58013 60666 2c5c6ab 60618->60666 60619 2c58059 60619->60601 60620->60618 60627 2c5803b 60626->60627 60629 2c5c6ab CreateFileA 60627->60629 60628 2c58059 60628->60601 60629->60628 60631 2c5c931 60630->60631 60717 2c5ca58 60631->60717 60722 2c5ca4b 60631->60722 60632 2c5c948 60632->60602 60636 2c5c91b 60635->60636 60637 2c5c948 60635->60637 60638 2c5ca58 4 API calls 60636->60638 60639 2c5ca4b 4 API calls 60636->60639 60637->60602 60638->60637 60639->60637 60641 2c58fab 60640->60641 60644 2c57ca4 60641->60644 60643 2c58fba 60645 2c57caf CreateFileA 60644->60645 60647 2c58dbf 60645->60647 60649 2c58420 60648->60649 60670 2c58519 60649->60670 60674 2c58528 60649->60674 60650 2c58450 60650->60616 60654 2c58444 60653->60654 60656 2c58519 VirtualProtect 60654->60656 60657 2c58528 VirtualProtect 60654->60657 60655 2c58450 60655->60616 60656->60655 60657->60655 60659 2c5877f 60658->60659 60682 2c587d8 60658->60682 60688 2c587cb 60658->60688 60659->60617 60663 2c5877f 60662->60663 60664 2c587d8 4 API calls 60662->60664 60665 2c587cb 4 API calls 60662->60665 60663->60617 60664->60663 60665->60663 60667 2c5c6e3 60666->60667 60668 2c57ca4 CreateFileA 60667->60668 60669 2c5c6f2 60668->60669 60671 2c58522 60670->60671 60673 2c5856b 60670->60673 60678 2c57bf4 60671->60678 60673->60650 60675 2c58548 60674->60675 60676 2c57bf4 VirtualProtect 60675->60676 60677 2c5856b 60676->60677 60677->60650 60679 2c585b8 VirtualProtect 60678->60679 60681 2c5864d 60679->60681 60681->60673 60695 2c58bf8 60682->60695 60702 2c58beb 60682->60702 60683 2c587fd 60709 2c57c6c 60683->60709 60685 2c58a5b 60689 2c587d8 60688->60689 60693 2c58bf8 2 API calls 60689->60693 60694 2c58beb 2 API calls 60689->60694 60690 2c587fd 60691 2c57c6c DeviceIoControl 60690->60691 60692 2c58a5b 60691->60692 60693->60690 60694->60690 60696 2c58c08 60695->60696 60713 2c57c78 60696->60713 60698 2c58c4a 60698->60683 60699 2c58c3a 60699->60698 60700 2c58d63 CreateFileA 60699->60700 60701 2c58dbf 60700->60701 60703 2c58c08 60702->60703 60704 2c57c78 CreateFileA 60703->60704 60706 2c58c3a 60704->60706 60705 2c58c4a 60705->60683 60706->60705 60707 2c58d63 CreateFileA 60706->60707 60708 2c58dbf 60707->60708 60710 2c58e58 DeviceIoControl 60709->60710 60712 2c58f03 60710->60712 60715 2c58c88 CreateFileA 60713->60715 60716 2c58dbf 60715->60716 60718 2c5ca8b 60717->60718 60727 2c5cbe8 60718->60727 60735 2c5cbdb 60718->60735 60719 2c5caa7 60719->60632 60723 2c5ca8b 60722->60723 60725 2c5cbe8 3 API calls 60723->60725 60726 2c5cbdb 3 API calls 60723->60726 60724 2c5caa7 60724->60632 60725->60724 60726->60724 60728 2c5cc07 60727->60728 60743 2c5c30c 60727->60743 60731 2c5cc2b 60728->60731 60747 2c5c318 60728->60747 60732 2c5ce94 GetFileVersionInfoSizeW 60731->60732 60734 2c5ccae 60731->60734 60733 2c5cec2 60732->60733 60733->60719 60734->60719 60736 2c5c30c GetFileVersionInfoSizeW 60735->60736 60737 2c5cc07 60736->60737 60738 2c5c318 GetFileVersionInfoW 60737->60738 60739 2c5cc2b 60737->60739 60738->60739 60740 2c5ce94 GetFileVersionInfoSizeW 60739->60740 60742 2c5ccae 60739->60742 60741 2c5cec2 60740->60741 60741->60719 60742->60719 60745 2c5ce40 GetFileVersionInfoSizeW 60743->60745 60746 2c5cec2 60745->60746 60746->60728 60748 2c5cef8 GetFileVersionInfoW 60747->60748 60750 2c5cf9f 60748->60750 60750->60731 60840 2c54668 60841 2c5467a 60840->60841 60847 2c54eb0 60841->60847 60842 2c546e3 60852 688d748 60842->60852 60856 688d750 60842->60856 60848 2c54ed5 60847->60848 60860 2c54fc0 60848->60860 60864 2c54fb0 60848->60864 60849 2c54edf 60849->60842 60853 688d750 60852->60853 60872 6888494 60853->60872 60857 688d762 60856->60857 60858 6888494 3 API calls 60857->60858 60859 2c54718 60858->60859 60861 2c54fe7 60860->60861 60863 2c550c4 60861->60863 60868 2c545d8 60861->60868 60866 2c54fc0 60864->60866 60865 2c550c4 60866->60865 60867 2c545d8 CreateActCtxA 60866->60867 60867->60865 60869 2c56450 CreateActCtxA 60868->60869 60871 2c56513 60869->60871 60874 688849f 60872->60874 60876 688d7ac 60874->60876 60875 688dc9c 60875->60875 60879 688d7b7 60876->60879 60877 688d9c8 3 API calls 60878 688df08 60877->60878 60882 688df42 60878->60882 60892 81bf6e9 60878->60892 60896 81bf6f8 60878->60896 60881 688ddae 60879->60881 60879->60882 60885 688d9c8 60879->60885 60881->60877 60881->60878 60882->60875 60886 688d9d3 60885->60886 60900 688e158 60886->60900 60906 688e457 60886->60906 60912 688e147 60886->60912 60919 688e4b8 60886->60919 60887 688e144 60887->60881 60894 81bf6f8 60892->60894 60893 81bee98 PeekMessageW 60893->60894 60894->60893 60895 81bf7aa 60894->60895 60895->60882 60898 81bf75d 60896->60898 60897 81bf7aa 60897->60882 60898->60897 60899 81bee98 PeekMessageW 60898->60899 60899->60898 60904 688e17e 60900->60904 60902 688e40d 60903 688e192 60902->60903 60924 81be600 60902->60924 60903->60887 60904->60902 60904->60903 60929 688db14 PeekMessageW KiUserCallbackDispatcher KiUserCallbackDispatcher 60904->60929 60909 688e3d3 60906->60909 60907 688e447 60907->60887 60908 688e40d 60908->60907 60911 81be600 2 API calls 60908->60911 60909->60907 60909->60908 60938 688db14 PeekMessageW KiUserCallbackDispatcher KiUserCallbackDispatcher 60909->60938 60911->60907 60913 688e0cc 60912->60913 60915 688e14b 60912->60915 60913->60887 60914 688e192 60914->60887 60915->60914 60917 688e40d 60915->60917 60939 688db14 PeekMessageW KiUserCallbackDispatcher KiUserCallbackDispatcher 60915->60939 60917->60914 60918 81be600 2 API calls 60917->60918 60918->60914 60920 688e4bb 60919->60920 60921 688e43c 60919->60921 60920->60887 60923 81be600 2 API calls 60921->60923 60922 688e447 60922->60887 60923->60922 60925 81be605 60924->60925 60925->60903 60926 81be755 60925->60926 60930 a0932e0 60925->60930 60934 a0932b0 60925->60934 60926->60903 60929->60902 60931 a09339e 60930->60931 60932 a093324 60930->60932 60931->60926 60932->60931 60933 a09339c KiUserCallbackDispatcher 60932->60933 60933->60931 60935 a09339e 60934->60935 60936 a093324 60934->60936 60935->60926 60936->60935 60937 a09339c KiUserCallbackDispatcher 60936->60937 60937->60935 60938->60908 60939->60917 60823 b570508 DispatchMessageW 60824 b570574 60823->60824 60940 b5712f8 60941 b571308 60940->60941 60945 a095d40 SendMessageW 60941->60945 60947 a095d38 60941->60947 60942 b571319 60946 a095dac 60945->60946 60946->60942 60948 a095d40 SendMessageW 60947->60948 60949 a095dac 60948->60949 60949->60942

                      Executed Functions

                      Function 06888200 Relevance: 6.9, Strings: 5, Instructions: 620COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 295 6888200-688a628 298 688ab0b-688ab74 295->298 299 688a62e-688a633 295->299 306 688ab7b-688ac03 298->306 299->298 300 688a639-688a656 299->300 300->306 307 688a65c-688a660 300->307 350 688ac0e-688ac8e 306->350 308 688a66f-688a673 307->308 309 688a662-688a66c call 6888210 307->309 311 688a682-688a689 308->311 312 688a675-688a67f call 6888210 308->312 309->308 317 688a68f-688a6bf 311->317 318 688a7a4-688a7a9 311->318 312->311 328 688ae8e-688aea5 317->328 331 688a6c5-688a798 call 688821c * 2 317->331 320 688a7ab-688a7af 318->320 321 688a7b1-688a7b6 318->321 320->321 324 688a7b8-688a7bc 320->324 325 688a7c8-688a7f8 call 6888228 * 3 321->325 324->328 329 688a7c2-688a7c5 324->329 325->350 351 688a7fe-688a801 325->351 346 688ae63 328->346 347 688aea7-688aeb4 328->347 329->325 331->318 364 688a79a 331->364 356 688ae64-688ae86 346->356 353 688aec4 347->353 354 688aeb6-688aec2 347->354 374 688ac95-688ad17 350->374 351->350 357 688a807-688a809 351->357 358 688aec7-688aecc 353->358 354->358 356->328 357->350 359 688a80f-688a844 357->359 373 688a84a-688a853 359->373 359->374 364->318 376 688a859-688a8b3 call 6888228 * 2 call 6888238 * 2 373->376 377 688a9b6-688a9ba 373->377 379 688ad1f-688ada1 374->379 418 688a8c5 376->418 419 688a8b5-688a8be 376->419 377->379 380 688a9c0-688a9c4 377->380 383 688ada9-688add6 379->383 380->383 384 688a9ca-688a9d0 380->384 397 688addd-688ae5d 383->397 388 688a9d2 384->388 389 688a9d4-688aa09 384->389 393 688aa10-688aa16 388->393 389->393 396 688aa1c-688aa24 393->396 393->397 401 688aa2b-688aa2d 396->401 402 688aa26-688aa2a 396->402 397->346 408 688aa8f-688aa95 401->408 409 688aa2f-688aa53 401->409 402->401 414 688aab4-688aae2 408->414 415 688aa97-688aab2 408->415 441 688aa5c-688aa60 409->441 442 688aa55-688aa5a 409->442 434 688aaea-688aaf6 414->434 415->434 425 688a8c9-688a8cb 418->425 419->425 426 688a8c0-688a8c3 419->426 432 688a8cd 425->432 433 688a8d2-688a8d6 425->433 426->425 432->433 438 688a8d8-688a8df 433->438 439 688a8e4-688a8ea 433->439 434->356 452 688aafc-688ab08 434->452 445 688a981-688a985 438->445 446 688a8ec-688a8f2 439->446 447 688a8f4-688a8f9 439->447 441->328 450 688aa66-688aa69 441->450 449 688aa6c-688aa7d 442->449 453 688a9a4-688a9b0 445->453 454 688a987-688a9a1 445->454 455 688a8ff-688a905 446->455 447->455 487 688aa7f call 688af18 449->487 488 688aa7f call 688af28 449->488 450->449 453->376 453->377 454->453 461 688a90b-688a910 455->461 462 688a907-688a909 455->462 458 688aa85-688aa8d 458->434 465 688a912-688a924 461->465 462->465 469 688a92e-688a933 465->469 470 688a926-688a92c 465->470 472 688a939-688a940 469->472 470->472 475 688a942-688a944 472->475 476 688a946 472->476 478 688a94b-688a956 475->478 476->478 479 688a958-688a95b 478->479 480 688a97a 478->480 479->445 482 688a95d-688a963 479->482 480->445 484 688a96a-688a973 482->484 485 688a965-688a968 482->485 484->445 486 688a975-688a978 484->486 485->480 485->484 486->445 486->480 487->458 488->458
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: Haq$Haq$Haq$Haq$Haq
                      • API String ID: 0-1792267638
                      • Opcode ID: 8de0ae0b7ae809db6fbdb9eee0aa7a3761be630af97c88b95e1921451a0e3b91
                      • Instruction ID: ddc0fc7698b9955776c33d24419af717a84bb54c7a9b3627408d567be5bac963
                      • Opcode Fuzzy Hash: 8de0ae0b7ae809db6fbdb9eee0aa7a3761be630af97c88b95e1921451a0e3b91
                      • Instruction Fuzzy Hash: 80326670E402188FDB98EFA9C99076EBBB2AF84300F14856AD509EB395DF349D45CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 081BAC78 Relevance: 4.5, Strings: 3, Instructions: 707COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 551 81bac78-81bac8a 552 81bae28-81bae6b 551->552 553 81bac90-81bac98 551->553 559 81bae6f-81bae75 552->559 560 81bae6d 552->560 554 81bac9a-81bac9d 553->554 555 81bac9f-81bacaf 553->555 554->555 556 81bacb9-81bacc5 554->556 719 81bacb1 call 81bac69 555->719 720 81bacb1 call 81bac78 555->720 721 81bacb1 call 81bb0fe 555->721 564 81baccb-81bacd8 556->564 565 81bad86-81badac 556->565 562 81bae77-81bae7e 559->562 563 81baead-81baeb1 559->563 560->559 560->562 566 81bae8f-81baea6 562->566 567 81bae80-81bae88 562->567 571 81bace0-81bace4 564->571 565->552 583 81badae-81badd0 565->583 569 81baea8 566->569 570 81baeb2-81baf13 566->570 567->566 568 81bacb7 568->571 569->563 584 81baf16-81baf22 570->584 573 81bad16-81bad28 571->573 574 81bace6-81bad01 571->574 580 81bad2a-81bad3b 573->580 574->580 581 81bad03-81bad14 574->581 580->552 590 81bad41-81bad47 580->590 581->580 594 81badd7-81badfd 583->594 587 81baf28-81baf30 584->587 588 81bb6c3-81bb6e8 584->588 591 81baf4a-81baf4d 587->591 592 81baf32-81baf34 587->592 604 81bb6ea-81bb703 588->604 605 81bb675-81bb6bc 588->605 593 81bad4d-81bad85 call 81b9f10 590->593 590->594 596 81bb42f-81bb439 591->596 597 81baf53-81baf56 591->597 598 81baf63-81baf6c 592->598 599 81baf36-81baf39 592->599 594->552 634 81badff-81bae21 594->634 596->588 608 81bb43f-81bb44a 596->608 597->596 606 81baf5c-81baf5f 597->606 598->584 607 81baf6e-81baf81 call 81b9d20 598->607 601 81bb40f-81bb42a 599->601 602 81baf3f-81baf42 599->602 601->584 609 81baf48 602->609 610 81bb3e1-81bb40a 602->610 613 81bb72f-81bb73a 604->613 614 81bb705-81bb72a 604->614 605->588 615 81baf89-81baf95 606->615 616 81baf61 606->616 629 81bb46a-81bb4b2 607->629 630 81baf87 607->630 608->584 618 81bb450-81bb45a 608->618 609->584 610->584 637 81bb7d0-81bb7f5 613->637 638 81bb740-81bb761 613->638 635 81bb7f8-81bb803 614->635 622 81baf97-81bafa3 615->622 623 81bafa5 615->623 616->584 631 81bb462-81bb469 618->631 624 81bafaa-81bafac 622->624 623->624 632 81bb52d-81bb56f 624->632 633 81bafb2-81bafc2 624->633 680 81bb4e0-81bb526 629->680 681 81bb4b4-81bb4d9 629->681 630->584 686 81bb59d-81bb5e3 632->686 687 81bb571-81bb596 632->687 633->588 641 81bafc8-81bafda 633->641 634->552 637->635 643 81bb7b3-81bb7cd 638->643 644 81bb763-81bb769 638->644 646 81bb0ab-81bb0b2 641->646 647 81bafe0-81bafe7 641->647 643->637 651 81bb76b-81bb778 644->651 652 81bb77a-81bb783 644->652 656 81bb0d4-81bb0db 646->656 657 81bb0b4-81bb0bb 646->657 654 81bafed-81baff4 647->654 655 81bb087-81bb08e 647->655 673 81bb786-81bb789 651->673 652->673 660 81bb003 654->660 662 81baff6-81baffd 654->662 655->660 661 81bb094-81bb09b 655->661 666 81bb108 656->666 667 81bb0dd-81bb0e7 656->667 663 81bb0bd-81bb0c4 657->663 664 81bb0f4-81bb0f9 657->664 672 81bb007-81bb015 660->672 671 81bb5ea-81bb643 661->671 675 81bb0a1-81bb0a6 661->675 662->660 662->671 663->671 676 81bb0ca-81bb0cf 663->676 664->672 666->610 667->671 677 81bb0ed 667->677 671->605 712 81bb645-81bb66e 671->712 690 81bb06f-81bb082 672->690 691 81bb017-81bb040 672->691 678 81bb78b-81bb79e 673->678 679 81bb7a9-81bb7ac 673->679 675->672 676->672 677->664 678->679 697 81bb7a0 678->697 679->643 680->632 681->680 686->671 687->686 690->584 694 81bb053-81bb06c 691->694 695 81bb042-81bb047 691->695 694->690 695->694 697->679 712->605 719->568 720->568 721->568
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4430953881.00000000081B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_81b0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: (aq$(aq$(aq
                      • API String ID: 0-2593664646
                      • Opcode ID: 3b34d8a67afdef461ce66d670c37338e0a351a5595c1b0ee2d64b94a632ddcce
                      • Instruction ID: 7c33aeb5405b63fc4d4136fcf6c4d77a6a611d1093f0a39430251b28bb3c532a
                      • Opcode Fuzzy Hash: 3b34d8a67afdef461ce66d670c37338e0a351a5595c1b0ee2d64b94a632ddcce
                      • Instruction Fuzzy Hash: 31529F74A042158FCB14DFA9C494AAEBBF2FF88301F20856AE846E7755DB35EC41CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 081B3EF8 Relevance: 2.0, Strings: 1, Instructions: 702COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4430953881.00000000081B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_81b0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: fff?
                      • API String ID: 0-4136771917
                      • Opcode ID: a901c9953e788b6ce83f27251d7137d21e097c16ed459ea8d5a65cd7102e07ed
                      • Instruction ID: d2c0e83d7c4a068d0513ba2f4503c3ea7833dd52e5d75b182af31834cfb4fcfd
                      • Opcode Fuzzy Hash: a901c9953e788b6ce83f27251d7137d21e097c16ed459ea8d5a65cd7102e07ed
                      • Instruction Fuzzy Hash: CB620A3681061ADFCF11DF50C884AD9B7B2FF99300F1586D5E9086B166E772AAD6CF80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C57C6C Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                      Download Yara Rule
                      APIs
                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,?,?,?,?,?), ref: 02C58EF1
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: ControlDevice
                      • String ID:
                      • API String ID: 2352790924-0
                      • Opcode ID: 9778613932e1ba9dadcf44b4c819a3408f021de2283b683f1d2f5e0a396fd8ad
                      • Instruction ID: 4e63e5da95c277f2475c1635dc7b4b6633d79bb205763d98a9086b0f8ea832c7
                      • Opcode Fuzzy Hash: 9778613932e1ba9dadcf44b4c819a3408f021de2283b683f1d2f5e0a396fd8ad
                      • Instruction Fuzzy Hash: F53101B0901258EFCB10CF9AC984A9EBFF6BF48300F108169E908A7250C7759981CBA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5B4E8 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: \Vl
                      • API String ID: 0-682378881
                      • Opcode ID: ce90f0c72c3008f9e834c288945bec62bdb3336493caba847c5f015d0c78ccf6
                      • Instruction ID: b6c7f74fb37c4c1edba7f2eed882ff9fd0a824202fae9576581f1b3ee172ba40
                      • Opcode Fuzzy Hash: ce90f0c72c3008f9e834c288945bec62bdb3336493caba847c5f015d0c78ccf6
                      • Instruction Fuzzy Hash: 5EB14D70E002199FDF14CFA9C9857ADBBF2AF88308F148129E815A7258EB74D985CF95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 081BF6F8 Relevance: .4, Instructions: 396COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4430953881.00000000081B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_81b0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 55ac028e0a4e43a3f9ade93d521a0e3b5b23efc80199021e200bb18cca2c034e
                      • Instruction ID: 5743e1d98507d9c12d31d9b006826ecde3d00dc74f5e43ad0ca6e6a096705dfd
                      • Opcode Fuzzy Hash: 55ac028e0a4e43a3f9ade93d521a0e3b5b23efc80199021e200bb18cca2c034e
                      • Instruction Fuzzy Hash: 3CF14C30A00209DFDB14DFA9C988BEDBBF1FF48305F158568E409AB265DB75E946CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0688A5F0 Relevance: .3, Instructions: 288COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a99100f2b295928ef602da8cf125bc5c3224e2ef2187fc16989aaf1d27ed0605
                      • Instruction ID: deafc3556a0c5fc7be46cf91d6be1faf70723baa565d7e9f78117cf6b0232c38
                      • Opcode Fuzzy Hash: a99100f2b295928ef602da8cf125bc5c3224e2ef2187fc16989aaf1d27ed0605
                      • Instruction Fuzzy Hash: D7C17D70E002188FCB98EFA9C98079DBBB2AF88300F14C566D559EB295DB34E985CF51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 068881F4 Relevance: .3, Instructions: 282COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 65128c9729ebad34757a76338fb832a2c56ebea522f95e23e166c9d56b040610
                      • Instruction ID: 8123a834fb15c55f91e6574e1ed1d93efd4eeb80a5696548f17e9548024851d7
                      • Opcode Fuzzy Hash: 65128c9729ebad34757a76338fb832a2c56ebea522f95e23e166c9d56b040610
                      • Instruction Fuzzy Hash: 9FC17F70D002188FCB98EFA9C98079DBBB2BF88310F14C5AAD559EB295D734E985CF51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5BDB8 Relevance: .3, Instructions: 266COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6d640f45634ce3148983d8ca016e257439a075d0f2aa193355005ba9d7c8ff9b
                      • Instruction ID: 88a38e218b3c5839f7eaf394244e58db350cd342c4fabd698aa07def881b5c33
                      • Opcode Fuzzy Hash: 6d640f45634ce3148983d8ca016e257439a075d0f2aa193355005ba9d7c8ff9b
                      • Instruction Fuzzy Hash: A2B16E70E002198FDF14CFA9C9857ADBBF2AF88318F148129D815E7294EB75D985CF85
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 081B4BB8 Relevance: .2, Instructions: 211COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4430953881.00000000081B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_81b0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 08bb1836337856d2896b417d16b30ca14b3e2862e4c81be50e7e461b2198b324
                      • Instruction ID: 6423ac2bbed5ef5b18116148e16982c52c63006246b4f7a51ec9d7231fbc7e2d
                      • Opcode Fuzzy Hash: 08bb1836337856d2896b417d16b30ca14b3e2862e4c81be50e7e461b2198b324
                      • Instruction Fuzzy Hash: 0681A272D00A0ACBCB14DFA6D8442EDFBB2FF84301F15C13AD455A7659EB359996CB40
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5CBE8 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 251COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 489 2c5cbe8-2c5cc00 490 2c5cc07-2c5cc0b 489->490 491 2c5cc02 call 2c5c30c 489->491 492 2c5cc11-2c5cc2d call 2c5c318 490->492 493 2c5cdce-2c5cdf2 490->493 491->490 499 2c5cc33-2c5cc44 call 2c5c324 492->499 500 2c5cdf9-2c5ce1d 492->500 493->500 504 2c5cc49-2c5cc4b 499->504 517 2c5ce24-2c5ce8c 500->517 505 2c5ccb0-2c5ccd6 504->505 506 2c5cc4d-2c5cc52 504->506 513 2c5ccd8-2c5cce3 505->513 508 2c5cc54 506->508 509 2c5cc57-2c5cc71 506->509 508->509 509->513 514 2c5cc73-2c5cc99 509->514 515 2c5cce5-2c5ccf9 513->515 516 2c5cd21-2c5cd52 513->516 514->517 528 2c5cc9f-2c5ccac 514->528 522 2c5cd02-2c5cd1f 515->522 523 2c5ccfb 515->523 535 2c5cd54 516->535 536 2c5cdc3-2c5cdcd 516->536 532 2c5ce94-2c5cec0 GetFileVersionInfoSizeW 517->532 533 2c5ce8e-2c5ce91 517->533 522->516 523->522 528->514 530 2c5ccae 528->530 530->513 537 2c5cec2-2c5cec8 532->537 538 2c5cec9-2c5cee6 532->538 533->532 539 2c5cd57-2c5cd70 535->539 537->538 540 2c5cda6-2c5cdc1 539->540 541 2c5cd72-2c5cd91 call 2c5c324 539->541 540->536 540->539 548 2c5cda0-2c5cda4 541->548 549 2c5cd93-2c5cd9e 541->549 548->540 548->541 549->540
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: FileInfoVersion$Size
                      • String ID: fbq$+Co^
                      • API String ID: 2104008232-3625467973
                      • Opcode ID: 48043a32371b1a9e72c82aa463fc67266ee5b6358753d68f3c12b19d1fbcf798
                      • Instruction ID: 0edec06201006c743d1168e22a8055447b1f417feab62f5efbfb10f609fefce4
                      • Opcode Fuzzy Hash: 48043a32371b1a9e72c82aa463fc67266ee5b6358753d68f3c12b19d1fbcf798
                      • Instruction Fuzzy Hash: E3915271E006298BCB14DFA9C480AAEBBF6FFC8710F14852AD815A7344DB34DE45CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C58BF8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 167COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 934 2c58bf8-2c58c48 call 2c57c78 940 2c58c4f 934->940 941 2c58c4a-2c58c4e 934->941 942 2c58c54-2c58c84 940->942 946 2c58c86-2c58cec 942->946 948 2c58d40-2c58dbd CreateFileA 946->948 949 2c58cee-2c58d13 946->949 958 2c58dc6-2c58e04 948->958 959 2c58dbf-2c58dc5 948->959 949->948 952 2c58d15-2c58d17 949->952 953 2c58d19-2c58d23 952->953 954 2c58d3a-2c58d3d 952->954 956 2c58d25 953->956 957 2c58d27-2c58d36 953->957 954->948 956->957 957->957 960 2c58d38 957->960 964 2c58e14 958->964 965 2c58e06-2c58e0a 958->965 959->958 960->954 968 2c58e15 964->968 965->964 966 2c58e0c-2c58e0f call 2c54804 965->966 966->964 968->968
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: CreateFile
                      • String ID: 4L]q
                      • API String ID: 823142352-261793533
                      • Opcode ID: 8456235266aa1211ff467094f9a9b3a6783b5f1c1f7906bf9fa1cac5c89afeae
                      • Instruction ID: 73c6ebe380934790ecc459e10b335061e77ad85e0cdb3d1dcbc160d481e6b661
                      • Opcode Fuzzy Hash: 8456235266aa1211ff467094f9a9b3a6783b5f1c1f7906bf9fa1cac5c89afeae
                      • Instruction Fuzzy Hash: 8F518D70E002699FDB14DFA9C844B9EBBF6FF48704F148169E809EB351DB789880CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C57C10 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155fileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 969 2c57c10-2c58cec 979 2c58d40-2c58dbd CreateFileA 969->979 980 2c58cee-2c58d13 969->980 989 2c58dc6-2c58e04 979->989 990 2c58dbf-2c58dc5 979->990 980->979 983 2c58d15-2c58d17 980->983 984 2c58d19-2c58d23 983->984 985 2c58d3a-2c58d3d 983->985 987 2c58d25 984->987 988 2c58d27-2c58d36 984->988 985->979 987->988 988->988 991 2c58d38 988->991 995 2c58e14 989->995 996 2c58e06-2c58e0a 989->996 990->989 991->985 999 2c58e15 995->999 996->995 997 2c58e0c-2c58e0f call 2c54804 996->997 997->995 999->999
                      APIs
                      • CreateFileA.KERNEL32(?,C0000000,?,?,?,00000001,00000004), ref: 02C58DAD
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: CreateFile
                      • String ID: 4L]q
                      • API String ID: 823142352-261793533
                      • Opcode ID: 2acc7b18b931355fb3bd6ae14532679a30c185e4bac4e6726efd8e844ad07879
                      • Instruction ID: 3ac5ac01d7b05ddf16cd46d3111ee820decd23f3cd6187e64b9af5a67a886958
                      • Opcode Fuzzy Hash: 2acc7b18b931355fb3bd6ae14532679a30c185e4bac4e6726efd8e844ad07879
                      • Instruction Fuzzy Hash: 0F519A71D043A88FDB11CFA9C955BDDBFF1EF49304F14816AD848AB261D7788884CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C57C88 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1000 2c57c88-2c57c90 1002 2c57c60-2c57c7f 1000->1002 1003 2c57c92-2c57caf 1000->1003 1006 2c58c88-2c58cec 1002->1006 1003->1006 1009 2c58d40-2c58dbd CreateFileA 1006->1009 1010 2c58cee-2c58d13 1006->1010 1019 2c58dc6-2c58e04 1009->1019 1020 2c58dbf-2c58dc5 1009->1020 1010->1009 1013 2c58d15-2c58d17 1010->1013 1014 2c58d19-2c58d23 1013->1014 1015 2c58d3a-2c58d3d 1013->1015 1017 2c58d25 1014->1017 1018 2c58d27-2c58d36 1014->1018 1015->1009 1017->1018 1018->1018 1021 2c58d38 1018->1021 1025 2c58e14 1019->1025 1026 2c58e06-2c58e0a 1019->1026 1020->1019 1021->1015 1029 2c58e15 1025->1029 1026->1025 1027 2c58e0c-2c58e0f call 2c54804 1026->1027 1027->1025 1029->1029
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4L]q
                      • API String ID: 0-261793533
                      • Opcode ID: e71a664c8ad9cba5795e43bede14e2d105e3d1e792dc52345a6e98d3ef92bc24
                      • Instruction ID: 8b633b2619f344ec40e72880200504d2318a5e23b1a56945891c91672e96c16f
                      • Opcode Fuzzy Hash: e71a664c8ad9cba5795e43bede14e2d105e3d1e792dc52345a6e98d3ef92bc24
                      • Instruction Fuzzy Hash: DE517A71D002A98FDB10CFA9C984B9DBFF1FF48304F14816AD808AB251D7789885CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C58C7C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120fileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1030 2c58c7c-2c58cec 1033 2c58d40-2c58dbd CreateFileA 1030->1033 1034 2c58cee-2c58d13 1030->1034 1043 2c58dc6-2c58e04 1033->1043 1044 2c58dbf-2c58dc5 1033->1044 1034->1033 1037 2c58d15-2c58d17 1034->1037 1038 2c58d19-2c58d23 1037->1038 1039 2c58d3a-2c58d3d 1037->1039 1041 2c58d25 1038->1041 1042 2c58d27-2c58d36 1038->1042 1039->1033 1041->1042 1042->1042 1045 2c58d38 1042->1045 1049 2c58e14 1043->1049 1050 2c58e06-2c58e0a 1043->1050 1044->1043 1045->1039 1053 2c58e15 1049->1053 1050->1049 1051 2c58e0c-2c58e0f call 2c54804 1050->1051 1051->1049 1053->1053
                      APIs
                      • CreateFileA.KERNEL32(?,C0000000,?,?,?,00000001,00000004), ref: 02C58DAD
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: CreateFile
                      • String ID: 4L]q
                      • API String ID: 823142352-261793533
                      • Opcode ID: 704d9e78865bdffd4977f800230a60c7b55a8ca5980476a1db6d9acae80b787b
                      • Instruction ID: 1b0c770601f3d4e2bbed9b3c79b9730fb2fb47ab0dfe2442a9211420f48bc77b
                      • Opcode Fuzzy Hash: 704d9e78865bdffd4977f800230a60c7b55a8ca5980476a1db6d9acae80b787b
                      • Instruction Fuzzy Hash: FB5129B0D002599FDB10CFA9C984B9EBBF2FF48304F248129E818AB355D7799985CF95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C57C78 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119fileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1054 2c57c78-2c58cec 1057 2c58d40-2c58dbd CreateFileA 1054->1057 1058 2c58cee-2c58d13 1054->1058 1067 2c58dc6-2c58e04 1057->1067 1068 2c58dbf-2c58dc5 1057->1068 1058->1057 1061 2c58d15-2c58d17 1058->1061 1062 2c58d19-2c58d23 1061->1062 1063 2c58d3a-2c58d3d 1061->1063 1065 2c58d25 1062->1065 1066 2c58d27-2c58d36 1062->1066 1063->1057 1065->1066 1066->1066 1069 2c58d38 1066->1069 1073 2c58e14 1067->1073 1074 2c58e06-2c58e0a 1067->1074 1068->1067 1069->1063 1077 2c58e15 1073->1077 1074->1073 1075 2c58e0c-2c58e0f call 2c54804 1074->1075 1075->1073 1077->1077
                      APIs
                      • CreateFileA.KERNEL32(?,C0000000,?,?,?,00000001,00000004), ref: 02C58DAD
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: CreateFile
                      • String ID: 4L]q
                      • API String ID: 823142352-261793533
                      • Opcode ID: 1eb8fc523a1cd0dad4866d2cde170435c37b7000b36f84248a9cb661cff3dacd
                      • Instruction ID: 3e30fd82471d3aa8f394a433c5830b6da1115a50246821cd4b3bbf237c4cec7b
                      • Opcode Fuzzy Hash: 1eb8fc523a1cd0dad4866d2cde170435c37b7000b36f84248a9cb661cff3dacd
                      • Instruction Fuzzy Hash: CC4128B0D002599FDB10CFA9C984B9EBBF2FF48304F148129E819AB355D7B99885CF95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E6534 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1148 65e6534-65e7b32 1151 65e7b3b-65e7b4b 1148->1151 1152 65e7b34-65e7c0f 1148->1152 1154 65e7c16-65e7ce8 1151->1154 1155 65e7b51-65e7b61 1151->1155 1152->1154 1175 65e7cef-65e7d1c 1154->1175 1155->1154 1156 65e7b67-65e7b6b 1155->1156 1159 65e7b6d 1156->1159 1160 65e7b73-65e7b92 1156->1160 1159->1154 1159->1160 1161 65e7bb9-65e7bbe 1160->1161 1162 65e7b94-65e7bb4 call 65e6584 call 65e6514 call 65e6524 1160->1162 1164 65e7bc7-65e7bda call 65e64f0 1161->1164 1165 65e7bc0-65e7bc2 call 65e6594 1161->1165 1162->1161 1164->1175 1176 65e7be0-65e7be7 1164->1176 1165->1164 1185 65e7d1e-65e7d24 1175->1185 1186 65e7d45-65e7d83 1175->1186 1189 65e7d2c-65e7d42 call 65e65a4 1185->1189 1190 65e7d8c-65e7d9e 1186->1190 1191 65e7d85-65e7d8b 1186->1191 1193 65e7da5-65e7dba 1190->1193 1194 65e7da0 1190->1194 1199 65e7dbc-65e7dc1 1193->1199 1200 65e7dc4-65e7de8 1193->1200 1194->1193 1199->1200 1203 65e7dea 1200->1203 1204 65e7df2 1200->1204 1203->1204
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: (aq$Haq
                      • API String ID: 0-3785302501
                      • Opcode ID: a1ae65e7408b7ff287cdba8ae41b462446ed3efccc2f6083d574d00061fa445b
                      • Instruction ID: 3581f13c005ae8331756dca824eb64a8bfb3ed59a71a851ab57f7b18f7cc07a5
                      • Opcode Fuzzy Hash: a1ae65e7408b7ff287cdba8ae41b462446ed3efccc2f6083d574d00061fa445b
                      • Instruction Fuzzy Hash: 9881B070B002099FCF59DFA8D8546AEBFB6FF88300F148869E4159B395DB34D946CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E73E8 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: Haq$Haq
                      • API String ID: 0-4016896955
                      • Opcode ID: 76b344dd98714c67fa94956713bd776c0096967391e514eb61ec01b3445162cf
                      • Instruction ID: 93fa57ef01ef63706753f96c52eaadc2e519533c6a84f3cf407c2c1c4e953cda
                      • Opcode Fuzzy Hash: 76b344dd98714c67fa94956713bd776c0096967391e514eb61ec01b3445162cf
                      • Instruction Fuzzy Hash: 8B815C70E103198FDF58DFA9C9946AEBBF6BF88300F14852AD409EB354DB349946CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E58F0 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: Haq$Haq
                      • API String ID: 0-4016896955
                      • Opcode ID: f47a53b3aca810af6e46b9a97592aa770b294ef0d7f2faa01cb5cec276458cec
                      • Instruction ID: efa7661ea4e20373fbdf3f62f76f4286ebb5960daedf7a3c8a211371694e89f2
                      • Opcode Fuzzy Hash: f47a53b3aca810af6e46b9a97592aa770b294ef0d7f2faa01cb5cec276458cec
                      • Instruction Fuzzy Hash: BE713F34B402188FCB58EB68C5959ADB7F2FF89315B254499D402EB3A0DB36ED41CF61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E7B11 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: (aq$Haq
                      • API String ID: 0-3785302501
                      • Opcode ID: a3e7931c0c854d72ff2532b934d33b211ac8df2c2142f43ab655416382a79a7a
                      • Instruction ID: 948fddfbbb78b5f9ebcb3b3eecbc6785784a06e15399a6b5adf45cb704f4c611
                      • Opcode Fuzzy Hash: a3e7931c0c854d72ff2532b934d33b211ac8df2c2142f43ab655416382a79a7a
                      • Instruction Fuzzy Hash: 6A41D0707102099FCB489FA8C85967F7EA6FBC8340F1584A8E4068B394DE348D46C7D4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E82B4 Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: $]q$$]q
                      • API String ID: 0-127220927
                      • Opcode ID: 58111dff13713709c544acf5d46eee74f798fd7851cf6a7db238d71f631134a8
                      • Instruction ID: 5721fd4c7d59b396cfb6d0d2b292087bdbb876d47e8b972b25cd914d2613c95d
                      • Opcode Fuzzy Hash: 58111dff13713709c544acf5d46eee74f798fd7851cf6a7db238d71f631134a8
                      • Instruction Fuzzy Hash: 7D21C131B547058FDB6DCB39D984A2673F9FF88314B100A7AD189CB660EB35E845CB00
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0688B388 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                      Download Yara Rule
                      APIs
                      • KiUserCallbackDispatcher.NTDLL(?,00000000,?,00000000,?,00000000), ref: 0688B44D
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID: CallbackDispatcherUser
                      • String ID:
                      • API String ID: 2492992576-0
                      • Opcode ID: ced6986e801d81285bc3374f986a660eeace247bf385c13bdf9af1c743452a36
                      • Instruction ID: 94eeffc43b0729ab948c9388d113ae6b78307b5e7cda14576f515ce9457ef446
                      • Opcode Fuzzy Hash: ced6986e801d81285bc3374f986a660eeace247bf385c13bdf9af1c743452a36
                      • Instruction Fuzzy Hash: AC3120317046149FD768AA298805B3F76AAEFC5A14F18446EE50AC73A5CE35EC42C7A2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C545D8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 02C56501
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: fc43eabef5f55be7cc485428aebfc4349bd16487181f9b17e3ec18848c5b9f69
                      • Instruction ID: 8dcdfeee6263be9527467b2da4a5cc7bb007e92d3194f37d8398554cebb9f3a8
                      • Opcode Fuzzy Hash: fc43eabef5f55be7cc485428aebfc4349bd16487181f9b17e3ec18848c5b9f69
                      • Instruction Fuzzy Hash: 3A4102B0C00719CBDB24CFA9C844B9DFBF5BF48304F60806AD508AB255DB75A986CF94
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5C2DF Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                      Download Yara Rule
                      APIs
                      • GetFileVersionInfoW.KERNELBASE(?,00000000,?,00000000), ref: 02C5CF90
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: FileInfoVersion
                      • String ID:
                      • API String ID: 2427832333-0
                      • Opcode ID: cb82d233dd19c76a0fb21680d7660eb56573fae0f4f52114f1870eab88b50076
                      • Instruction ID: a5be9bfe3aa38982158d5782679602ab48eb4a4b4e787b2f6b647ad1968a7040
                      • Opcode Fuzzy Hash: cb82d233dd19c76a0fb21680d7660eb56573fae0f4f52114f1870eab88b50076
                      • Instruction Fuzzy Hash: 25318CB2C002699FCB00DFA9C4947DEBFB4FF48314F14816AE848A7251D3789A84CBD4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C56444 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                      Download Yara Rule
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 02C56501
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: ff4213058c4f6886cbe24c71439a0ca47c5c45618a1d5fe3ce91134db96b06a8
                      • Instruction ID: 1a9739d4ec182764b581a9f45a35acb9442e6ff85f262f35e343e9b66585c5cb
                      • Opcode Fuzzy Hash: ff4213058c4f6886cbe24c71439a0ca47c5c45618a1d5fe3ce91134db96b06a8
                      • Instruction Fuzzy Hash: 9541E2B0C00719CBDB25DFA9C944BDDBBF5BF48304F60806AD508AB255DB75A986CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0688B360 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a98266a1bc89cf6ec07683c1582926cd80b94caf71bad38fdd90c2b80585a7ad
                      • Instruction ID: 4b1360f996eabedbcf9209fc36c95abbce9dc90dc93a542f4833cfcde6b15876
                      • Opcode Fuzzy Hash: a98266a1bc89cf6ec07683c1582926cd80b94caf71bad38fdd90c2b80585a7ad
                      • Instruction Fuzzy Hash: D02107317046509FE765AA29D806B3F7BA5EFC2A14F0940AAD50ECB2B2CB31EC05C765
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0B570006 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                      Download Yara Rule
                      APIs
                      • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 0B5700A5
                      Memory Dump Source
                      • Source File: 00000000.00000002.4438775199.000000000B570000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B570000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b570000_ziprar.jbxd
                      Similarity
                      • API ID: CallbackDispatcherUser
                      • String ID:
                      • API String ID: 2492992576-0
                      • Opcode ID: 1c53a19674759ad0aa96b3b1dd71635020db88ddef2573f4ac549396b2bcab53
                      • Instruction ID: 12d4b9df6bd1d3485c56ed00abd505c8770cb80cd06df946743ed0d26f15e27c
                      • Opcode Fuzzy Hash: 1c53a19674759ad0aa96b3b1dd71635020db88ddef2573f4ac549396b2bcab53
                      • Instruction Fuzzy Hash: EA3180B18093899FCB11CFA9D884A9ABFF4FF4A310F04849AD454A7252C378A514CF62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5C318 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                      Download Yara Rule
                      APIs
                      • GetFileVersionInfoW.KERNELBASE(?,00000000,?,00000000), ref: 02C5CF90
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: FileInfoVersion
                      • String ID:
                      • API String ID: 2427832333-0
                      • Opcode ID: 4cc8759e40a6f17e8efb0ba865432e45edfb5ed4393f35906d94a077343b6644
                      • Instruction ID: 92bd446877492d411fa002bf8959f6376554dc72158a85ab63bce859cfbdb465
                      • Opcode Fuzzy Hash: 4cc8759e40a6f17e8efb0ba865432e45edfb5ed4393f35906d94a077343b6644
                      • Instruction Fuzzy Hash: 9E3129B1D016299FCB10CF99C58479EFBB4FF48310F10812AE918A7240D375AA84CBA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5CEF3 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                      Download Yara Rule
                      APIs
                      • GetFileVersionInfoW.KERNELBASE(?,00000000,?,00000000), ref: 02C5CF90
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: FileInfoVersion
                      • String ID:
                      • API String ID: 2427832333-0
                      • Opcode ID: a0a91f7ff98374fb9140532a7e37628ebcfb7d3089579920748d06aa7fa3a059
                      • Instruction ID: d44f68d9007b093a7499bb9b90f2ccb83c87253d933f05c00bd65f998181d133
                      • Opcode Fuzzy Hash: a0a91f7ff98374fb9140532a7e37628ebcfb7d3089579920748d06aa7fa3a059
                      • Instruction Fuzzy Hash: 053119B1D016199FCB14CF99D984BDEFBB4FF48710F14812AE918A7340D375AA94CBA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C58E4F Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                      Download Yara Rule
                      APIs
                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,?,?,?,?,?), ref: 02C58EF1
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: ControlDevice
                      • String ID:
                      • API String ID: 2352790924-0
                      • Opcode ID: 38c46c5c1a12dc2b3ec895b49483c5377d621557d90f4474eb4b328eccc3c4ad
                      • Instruction ID: 0c62236cf84389734f87329fb79afc1fcc0a138d34b02c37dd6ebf1712dc238d
                      • Opcode Fuzzy Hash: 38c46c5c1a12dc2b3ec895b49483c5377d621557d90f4474eb4b328eccc3c4ad
                      • Instruction Fuzzy Hash: BB3111B1D01258EFCB10CF99C985ADEBFF6BF48300F24812AE908A7250D7759981CFA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 06883FE8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                      Download Yara Rule
                      APIs
                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0688407F
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID: DrawText
                      • String ID:
                      • API String ID: 2175133113-0
                      • Opcode ID: 7c9fe770b6410da72deabcbe801874510e88c5e3dd6efabee7a03d73e972a7a1
                      • Instruction ID: bbface4152854c76af3f065d2e9795457643918400e6a7f41e39c738149bfeb1
                      • Opcode Fuzzy Hash: 7c9fe770b6410da72deabcbe801874510e88c5e3dd6efabee7a03d73e972a7a1
                      • Instruction Fuzzy Hash: C921C0B6D0030A9FDB50DF9AD884A9EFBF5FF58310F14842AE919A7210D775A944CFA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 06883FE4 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                      Download Yara Rule
                      APIs
                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0688407F
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID: DrawText
                      • String ID:
                      • API String ID: 2175133113-0
                      • Opcode ID: 56244020a8eafd629c615023febf8eed27b52889e102f7573f299760237f79c8
                      • Instruction ID: ffc9d8423d6eff250f6b7028b03def10178d3aaee9016fc53acd229e068ca043
                      • Opcode Fuzzy Hash: 56244020a8eafd629c615023febf8eed27b52889e102f7573f299760237f79c8
                      • Instruction Fuzzy Hash: D62114B2D0020A9FCB50DF9AD884ADEFBF5FF58310F14842AE519A7210D374A540CFA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C57BF4 Relevance: 1.6, APIs: 1, Instructions: 68memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualProtect.KERNEL32(00000000,?,00000040,?), ref: 02C5863E
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID:
                      • API String ID: 544645111-0
                      • Opcode ID: 0cd900bca1995e45605931bb259797627e040a33312dd12c4d0666b6a9fe8273
                      • Instruction ID: 35c453ae1e0ed5ca89c7e411f4d439bc040b9b5a76f2fa328eac0305263f974f
                      • Opcode Fuzzy Hash: 0cd900bca1995e45605931bb259797627e040a33312dd12c4d0666b6a9fe8273
                      • Instruction Fuzzy Hash: C62107B5D006299FCB10DF99C985ADEFBF4FB48710F10812AE908A7240D7789994CBE5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A09D601 Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON
                      Download Yara Rule
                      APIs
                      • PostMessageW.USER32(?,?,?,?), ref: 0A09D685
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: MessagePost
                      • String ID:
                      • API String ID: 410705778-0
                      • Opcode ID: a43507a0a537d96b7d3332cebb48a24a05e37c113be40be73faee17ef977fe86
                      • Instruction ID: e0382c8cc187de1d58e4ea13466fb49a6a8e35e7d4d66a078e41593a7cb677c7
                      • Opcode Fuzzy Hash: a43507a0a537d96b7d3332cebb48a24a05e37c113be40be73faee17ef977fe86
                      • Instruction Fuzzy Hash: E6216DB58083888FDB11CF9AC85579ABFF4EF0A310F14849AD454E7651C338A944CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C585B6 Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualProtect.KERNEL32(00000000,?,00000040,?), ref: 02C5863E
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID:
                      • API String ID: 544645111-0
                      • Opcode ID: 83bc9bfa9559f8e56173a57597d66f0a97ce115a55ebaf50dfb2cbca1beb4315
                      • Instruction ID: 90a4b14553a9f0a4068bdac0736157d410c708ef55a4e6e8e1dfa1f53c4c42e0
                      • Opcode Fuzzy Hash: 83bc9bfa9559f8e56173a57597d66f0a97ce115a55ebaf50dfb2cbca1beb4315
                      • Instruction Fuzzy Hash: 5921F5B5D016299FCB10CF99C985BDEFBF4BF08310F14852AE918B7340D77899848BA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A095130 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                      Download Yara Rule
                      APIs
                      • GetClassInfoW.USER32(?,00000000), ref: 0A0951AC
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: ClassInfo
                      • String ID:
                      • API String ID: 3534257612-0
                      • Opcode ID: 3b98cfb0b7ea118d827d715ba14e35d44ebd1c7a80942a9201be60d5bca0e557
                      • Instruction ID: 85e71acd969730b2802f2208a7e7b9b484e7c4f6321908f59924f1a7dd6a5f2a
                      • Opcode Fuzzy Hash: 3b98cfb0b7ea118d827d715ba14e35d44ebd1c7a80942a9201be60d5bca0e557
                      • Instruction Fuzzy Hash: 3721E5B1D017099FDB14CF9AC884ADEFBF5FB48310F14802AD559A3240D378A948CF65
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5C30C Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                      Download Yara Rule
                      APIs
                      • GetFileVersionInfoSizeW.KERNELBASE(00000000,00000000), ref: 02C5CEB3
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID: FileInfoSizeVersion
                      • String ID:
                      • API String ID: 1661704012-0
                      • Opcode ID: 3229b2f87d6530b07cf7258d978712acf597d822d8783ac755b810cff146b7b8
                      • Instruction ID: 98c0f7b770085db235ebbcd760ef435f3dd1ee57647330d186965918e8933b24
                      • Opcode Fuzzy Hash: 3229b2f87d6530b07cf7258d978712acf597d822d8783ac755b810cff146b7b8
                      • Instruction Fuzzy Hash: 3F2138B5D006599BCB10DF9AC58469EFBF4FB48310F10812AD818A3340D774AA44CFE5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 081BFCB8 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                      Download Yara Rule
                      APIs
                      • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,081BF8DA,00000000,00000000,03E360D8,02E55008), ref: 081BFD28
                      Memory Dump Source
                      • Source File: 00000000.00000002.4430953881.00000000081B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_81b0000_ziprar.jbxd
                      Similarity
                      • API ID: MessagePeek
                      • String ID:
                      • API String ID: 2222842502-0
                      • Opcode ID: 782e02d06f7e35dc6c8205ba83bc206ecd5643a76978a959f4ef446db55a039a
                      • Instruction ID: bf91276edc722e28663a79ec0483b3eac7bdb30c0a9903eb7bc7cdd8e8fb5dec
                      • Opcode Fuzzy Hash: 782e02d06f7e35dc6c8205ba83bc206ecd5643a76978a959f4ef446db55a039a
                      • Instruction Fuzzy Hash: C421E7B58002499FDB10DF9AD984BDEFBF8FF48310F108429E958A3251D378A555CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 081BEE98 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                      Download Yara Rule
                      APIs
                      • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,081BF8DA,00000000,00000000,03E360D8,02E55008), ref: 081BFD28
                      Memory Dump Source
                      • Source File: 00000000.00000002.4430953881.00000000081B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_81b0000_ziprar.jbxd
                      Similarity
                      • API ID: MessagePeek
                      • String ID:
                      • API String ID: 2222842502-0
                      • Opcode ID: f6730e8ea1ff778e5887921a8e6d2713e89b28abdb69b42de07e1da73607077b
                      • Instruction ID: 301547228c724cbccbaa856dac35fc7469cdb8ba21ca66e0b816a9d05085d23e
                      • Opcode Fuzzy Hash: f6730e8ea1ff778e5887921a8e6d2713e89b28abdb69b42de07e1da73607077b
                      • Instruction Fuzzy Hash: 9011FCB5C042499FDB10DF9AD984BDEFBF4EF48310F108429E958A3251D378A545CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0688F898 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                      Download Yara Rule
                      APIs
                      • SetWindowTextW.USER32(?,00000000), ref: 0688F90A
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID: TextWindow
                      • String ID:
                      • API String ID: 530164218-0
                      • Opcode ID: 483ad404a4b1318beb8f56aff3a4d61684c31aa042ec438bcbc5fcd8af066c00
                      • Instruction ID: 685b3c02418337c532ce4f523971f9b393ebbeca0656ef46a7fe9b43cc8f4ff9
                      • Opcode Fuzzy Hash: 483ad404a4b1318beb8f56aff3a4d61684c31aa042ec438bcbc5fcd8af066c00
                      • Instruction Fuzzy Hash: 8F2117B1C002499FDB14DF9AC844BEEFBF4EF89310F14842AD568A7250D338A545CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0688F8A0 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                      Download Yara Rule
                      APIs
                      • SetWindowTextW.USER32(?,00000000), ref: 0688F90A
                      Memory Dump Source
                      • Source File: 00000000.00000002.4427448739.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6880000_ziprar.jbxd
                      Similarity
                      • API ID: TextWindow
                      • String ID:
                      • API String ID: 530164218-0
                      • Opcode ID: 26baeda99c4e4e729886eef40544e1fef6cb354117edc9d56435c932be070955
                      • Instruction ID: 0c1b56a928746c10023b1b2332051798eba4cfcf824064e831c414729f927fd7
                      • Opcode Fuzzy Hash: 26baeda99c4e4e729886eef40544e1fef6cb354117edc9d56435c932be070955
                      • Instruction Fuzzy Hash: 4E1126B2C002098FDB14DF9AC844BEEFBF4EF88310F10802AD968A3240D338A545CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0B570040 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                      Download Yara Rule
                      APIs
                      • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 0B5700A5
                      Memory Dump Source
                      • Source File: 00000000.00000002.4438775199.000000000B570000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B570000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b570000_ziprar.jbxd
                      Similarity
                      • API ID: CallbackDispatcherUser
                      • String ID:
                      • API String ID: 2492992576-0
                      • Opcode ID: 4fa7255d306e9447f7af74fb4aafe299a600d60712ad66f942c41f7d6f42a401
                      • Instruction ID: fb41b2fac0425c4625970ec8a7773d545294705a6c174e3207f135f96091c3a6
                      • Opcode Fuzzy Hash: 4fa7255d306e9447f7af74fb4aafe299a600d60712ad66f942c41f7d6f42a401
                      • Instruction Fuzzy Hash: AE11C6B59003499FDB10DF9AD984BDEFBF8FB48320F14846AE558A3240D378A544CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A09D628 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                      Download Yara Rule
                      APIs
                      • PostMessageW.USER32(?,?,?,?), ref: 0A09D685
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: MessagePost
                      • String ID:
                      • API String ID: 410705778-0
                      • Opcode ID: 21673da2bc823e730613f6fe8b06430e696c8635dd392ae07d0c22de3ba87182
                      • Instruction ID: f7e7b5922c609804d155e0bc71f74cb76522ff05ae0daf50be85d6ac83fe6eb1
                      • Opcode Fuzzy Hash: 21673da2bc823e730613f6fe8b06430e696c8635dd392ae07d0c22de3ba87182
                      • Instruction Fuzzy Hash: 1F1106B58003499FDB10CF9AC985BEEFFF8EB48320F108419E558A3240D379A544DFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A095D38 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                      Download Yara Rule
                      APIs
                      • SendMessageW.USER32(?,?,?,?), ref: 0A095D9D
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: MessageSend
                      • String ID:
                      • API String ID: 3850602802-0
                      • Opcode ID: 7c4edca9c74f7e45c247f3684720aafe8ec77f81f2598acf81fe7d2c15b72c42
                      • Instruction ID: 313e713ffb11f75475968b68e4549f56c8e0aae5914075cc06dba2d199d3b952
                      • Opcode Fuzzy Hash: 7c4edca9c74f7e45c247f3684720aafe8ec77f81f2598acf81fe7d2c15b72c42
                      • Instruction Fuzzy Hash: D311F5B58003499FCB10DF9AC989BDEBFF8EB48310F108419E559A7210C379A544CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A091140 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                      Download Yara Rule
                      APIs
                      • SendMessageW.USER32(?,?,?,?), ref: 0A0911A5
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: MessageSend
                      • String ID:
                      • API String ID: 3850602802-0
                      • Opcode ID: 3fead19f1878d41bc4bf28e74cb106b6d7abb2be4284834012dbb4e95a592f4b
                      • Instruction ID: 1b7215916c591fbf7f385de84981781ccfcd9845f147e4df264f48f52b6069d1
                      • Opcode Fuzzy Hash: 3fead19f1878d41bc4bf28e74cb106b6d7abb2be4284834012dbb4e95a592f4b
                      • Instruction Fuzzy Hash: E411F5B58003499FDB10DF9AC988BDEBFF8FB48310F108419D958A7200D379A544CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A091338 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                      Download Yara Rule
                      APIs
                      • OleInitialize.OLE32(00000000), ref: 0A0926CD
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: Initialize
                      • String ID:
                      • API String ID: 2538663250-0
                      • Opcode ID: 38fe4493ad0f32e5f691b2e054780510ee8492b8bd9a4de62c27b94af69c36df
                      • Instruction ID: 4a565a0765f6c0a33029accc7468c9d070fc666acb012e002857bcb7173b998e
                      • Opcode Fuzzy Hash: 38fe4493ad0f32e5f691b2e054780510ee8492b8bd9a4de62c27b94af69c36df
                      • Instruction Fuzzy Hash: F01115B59003489FCB20DF9AD588BDEBFF8EB48314F108459D558A7610D378A944CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A092670 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                      Download Yara Rule
                      APIs
                      • OleInitialize.OLE32(00000000), ref: 0A0926CD
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: Initialize
                      • String ID:
                      • API String ID: 2538663250-0
                      • Opcode ID: 1e9bb389626a4d37e3e9109bdfb2887179622bacdb83625b3c1412fdd2dc7f54
                      • Instruction ID: eec017297feacac71214f9e334e2931204735f8f7333ab085654fd21c6ea8547
                      • Opcode Fuzzy Hash: 1e9bb389626a4d37e3e9109bdfb2887179622bacdb83625b3c1412fdd2dc7f54
                      • Instruction Fuzzy Hash: 4B1115B58003489FCB20DF9AD988BDEFFF4EB48320F208459D559A7610C378A944CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A095D40 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                      Download Yara Rule
                      APIs
                      • SendMessageW.USER32(?,?,?,?), ref: 0A095D9D
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: MessageSend
                      • String ID:
                      • API String ID: 3850602802-0
                      • Opcode ID: 4001e99ce242cd85ac895cd415bf37a4d629f9dd95c097eec891684fbddbf91f
                      • Instruction ID: 9a47f2476dbe8ee7e6194c04acaa0fc507f3a62cbd15a02db2b350a86a5eddc3
                      • Opcode Fuzzy Hash: 4001e99ce242cd85ac895cd415bf37a4d629f9dd95c097eec891684fbddbf91f
                      • Instruction Fuzzy Hash: 6711D3B58003499FDB20DF9AD989BDEBFF8EB48310F10841AD558A7240C379A544CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0A091148 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                      Download Yara Rule
                      APIs
                      • SendMessageW.USER32(?,?,?,?), ref: 0A0911A5
                      Memory Dump Source
                      • Source File: 00000000.00000002.4437893168.000000000A090000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A090000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_a090000_ziprar.jbxd
                      Similarity
                      • API ID: MessageSend
                      • String ID:
                      • API String ID: 3850602802-0
                      • Opcode ID: d821eaae15b3a0abed2547454baa349151e97b2d65189752f32e2da7adbaa2e7
                      • Instruction ID: 20dc09055a1bc16d878bd928685c7679ae0017d5dbbcde994c59db02e5a19968
                      • Opcode Fuzzy Hash: d821eaae15b3a0abed2547454baa349151e97b2d65189752f32e2da7adbaa2e7
                      • Instruction Fuzzy Hash: 9311D3B59003499FDB10DF9AC989BDEBFF8EB48310F108419D558A7600C379A544CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0B570503 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.4438775199.000000000B570000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B570000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b570000_ziprar.jbxd
                      Similarity
                      • API ID: DispatchMessage
                      • String ID:
                      • API String ID: 2061451462-0
                      • Opcode ID: da903af4be7ea5a9f9ff151e1b68999d415e044fadb5c8d0f89efec31b0b6b35
                      • Instruction ID: eb8cbdc3021b89e66c66b7140627db0d986d0ab5af41eb3c10a4bed218aed0ef
                      • Opcode Fuzzy Hash: da903af4be7ea5a9f9ff151e1b68999d415e044fadb5c8d0f89efec31b0b6b35
                      • Instruction Fuzzy Hash: FD11FEB1D042898FDB10DF9AE588BDEFBF4AB48314F14846AD868A3240D378A544CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0B570508 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.4438775199.000000000B570000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B570000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b570000_ziprar.jbxd
                      Similarity
                      • API ID: DispatchMessage
                      • String ID:
                      • API String ID: 2061451462-0
                      • Opcode ID: b3cbfbd8d45981a97b61c094763409f59da0701aff0246cb3a184742eee26662
                      • Instruction ID: 168dd28579cc1be9938dfaf8a875c4cb4ecb03cd9d00373266961734b3035ed7
                      • Opcode Fuzzy Hash: b3cbfbd8d45981a97b61c094763409f59da0701aff0246cb3a184742eee26662
                      • Instruction Fuzzy Hash: 8B1100B1D002488FDB10DF9AD488BDEFBF4FB48310F10846AD418A3240D378A544CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E6A90 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: Haq
                      • API String ID: 0-725504367
                      • Opcode ID: 527058a8bacc6d2b6ff17da63e9306244e5ec05b7cbb19c0cb6f14b7a53f355f
                      • Instruction ID: 7ca9f5498c83d47898689bb64df1f30a19d157de8a37fb7ba82f25f4cedc61cc
                      • Opcode Fuzzy Hash: 527058a8bacc6d2b6ff17da63e9306244e5ec05b7cbb19c0cb6f14b7a53f355f
                      • Instruction Fuzzy Hash: B031F074E20209AFDB05DFA4C859AAEBFB6FFD9300F108919E402AB250DF309945CB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ECB14 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: 3qLl^
                      • API String ID: 0-1185086997
                      • Opcode ID: c9d96e22e583e30f46dce368d1143f611b887a541734166fb535a0776f1fb949
                      • Instruction ID: 17b1db9ff49328d76f1c552e99402194aaee53bbcb1c69c672f01aef75d85e1e
                      • Opcode Fuzzy Hash: c9d96e22e583e30f46dce368d1143f611b887a541734166fb535a0776f1fb949
                      • Instruction Fuzzy Hash: 593180B0A003198FC709EB65D84866E77E6FF81744F504568C4155F3A8CBB5EC86CB82
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EF883 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: a438a7a28a7057f0899bcfe1910918653457d7412426660abfccaf662136d7a6
                      • Instruction ID: 03e9b31bf8678f4438cf2828a32920747f5a2970a16035352635886b2563455c
                      • Opcode Fuzzy Hash: a438a7a28a7057f0899bcfe1910918653457d7412426660abfccaf662136d7a6
                      • Instruction Fuzzy Hash: 0511EB71B012159FCF596FA8D88167D7BB5FBC5210F10807AD419D7281CF358D05CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EF8A8 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: a3dbd7fd03dbb171fe1119560370aac3876e81903e66d4f3d93689b625daa980
                      • Instruction ID: aa169c1774f7a9e0ef6e9c9edb58736ddf6341433f1439c7cbe8ae4f17a5bc67
                      • Opcode Fuzzy Hash: a3dbd7fd03dbb171fe1119560370aac3876e81903e66d4f3d93689b625daa980
                      • Instruction Fuzzy Hash: 60112731F003569FCF996F68889017E7AB5BFC5200B50807EE4189B282CA358D06CBA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E0D98 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: Te]q
                      • API String ID: 0-52440209
                      • Opcode ID: 4e0ef331449302668f7339fafb4a4c4ee06ba5ddd5d2060ec7d559ac0bcde579
                      • Instruction ID: 39c646362f148cce300e80becf38ff5d59618a1813ba7e69837aa1b321ab9eb7
                      • Opcode Fuzzy Hash: 4e0ef331449302668f7339fafb4a4c4ee06ba5ddd5d2060ec7d559ac0bcde579
                      • Instruction Fuzzy Hash: D9114F31F0061A8BCF98EFA999515EEB7F6AFC8610B104079C509E7244EB758E12CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EAEE0 Relevance: .7, Instructions: 708COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cfdf53e1ae80e02d87af7ff7332c52151a86728520f63b99ce0696123370438f
                      • Instruction ID: b50c9b90daf03e4fa7b60cc2eedf0bcd8cb58476f996726601a1bad659d3f177
                      • Opcode Fuzzy Hash: cfdf53e1ae80e02d87af7ff7332c52151a86728520f63b99ce0696123370438f
                      • Instruction Fuzzy Hash: 4952D970D05B428BDFB89FB586893AE7AE1BB51341F50492FC0FACA685EB359481CF41
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EAED3 Relevance: .5, Instructions: 453COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 35344726bde4e87d0aeb2fb2c074dd0882ead8f720fa1835ac04a6b3ae5b31c9
                      • Instruction ID: 526e04a955cb964b2be62ec706790a2f6d335f4fafab8e388a2cccc46d170c5d
                      • Opcode Fuzzy Hash: 35344726bde4e87d0aeb2fb2c074dd0882ead8f720fa1835ac04a6b3ae5b31c9
                      • Instruction Fuzzy Hash: 19124DB0D09B424BDBB85FA487C939EB6D0BB15391F20491BC0FECA259E7369086DF45
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E5E00 Relevance: .2, Instructions: 219COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7b1c43d96a17c247dcc7bdf8cebcc9227a492f97127e66c3a75a26ebb1c725d7
                      • Instruction ID: 80dda52fd574dba7fa45e3a3de7a28122fb46da3840017068030b261126c72f3
                      • Opcode Fuzzy Hash: 7b1c43d96a17c247dcc7bdf8cebcc9227a492f97127e66c3a75a26ebb1c725d7
                      • Instruction Fuzzy Hash: 0681E3347106148FCB58EF28D598DA97BF6FF89604B2541A9E516CB375EB72EC01CB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ECCA8 Relevance: .2, Instructions: 192COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f81ea0c84c78f7c361f6fae87257940e2c55ce05b98429487080019f7f1f951e
                      • Instruction ID: 7bfcfaba8a4f9d231f8e69529b0c49c6c669a8baa95529a53dffa54da5cf9247
                      • Opcode Fuzzy Hash: f81ea0c84c78f7c361f6fae87257940e2c55ce05b98429487080019f7f1f951e
                      • Instruction Fuzzy Hash: 8371F271A0025A8FCF19DFA8C9906AEBFF5FF84300F14866AD425EB255DB70E945CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EDA40 Relevance: .2, Instructions: 183COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0dd22f8e6ab9c2a28c1373a109a2a6faca905f504e3421c25823e80e228e8674
                      • Instruction ID: c3ba94c9a611ca575d5cee4fbb8279e6244a7df251dc9c374a8eff49380fbfe4
                      • Opcode Fuzzy Hash: 0dd22f8e6ab9c2a28c1373a109a2a6faca905f504e3421c25823e80e228e8674
                      • Instruction Fuzzy Hash: 7C716131E106098FDF58DFB8D8586ADBBB5FF88300F148669E406A7290EB749A45CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EF25F Relevance: .2, Instructions: 174COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ddee9a8a95a6707c4add4f08e332170d1c0533654deb4755d01f367d410f362
                      • Instruction ID: 32ff79daa08ef06120b25de4a77d50fcd3cf407925654390f58714051db23f0f
                      • Opcode Fuzzy Hash: 6ddee9a8a95a6707c4add4f08e332170d1c0533654deb4755d01f367d410f362
                      • Instruction Fuzzy Hash: 0E715D35A10209DFCF18DFA8D898AACBBB1FF89301F158569E542AB264DF719945CF80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E65CC Relevance: .2, Instructions: 170COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 13935a9645fbc3524a83fc5de84318ef76e8254fbc69ee72f9c9a7e4368abda3
                      • Instruction ID: ff1a16d0a22efac9b81ecf24eb46bdae6d8edb5f441df9d644ce8804c371c6f9
                      • Opcode Fuzzy Hash: 13935a9645fbc3524a83fc5de84318ef76e8254fbc69ee72f9c9a7e4368abda3
                      • Instruction Fuzzy Hash: C241F171E11218EFCF58DFB4E8845AEBBB2FF89301F1084AAE451A3391DB349855CB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA3B0 Relevance: .2, Instructions: 168COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 315d296fc2db62282229db8099907ce4f64b6d3a41a56025978f3603a3dead7f
                      • Instruction ID: 3f4bc599b29ff7b30f9ee200ddfde11c72107e9e732c292b03f0b3a37fc3bb1f
                      • Opcode Fuzzy Hash: 315d296fc2db62282229db8099907ce4f64b6d3a41a56025978f3603a3dead7f
                      • Instruction Fuzzy Hash: 87719F34A11208AFCB59DF68D888DADBBB6FF49710B154099F905AB361DB31EC81CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EDD70 Relevance: .2, Instructions: 168COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a1d8e98ac460cc584e82da750b7fbeb5cda81043098f39b51c6c9dcd2d400012
                      • Instruction ID: b152eb1917fafaeabf3f7708cd61da26a6d98a6ba009e9ce384d3174fbf48a43
                      • Opcode Fuzzy Hash: a1d8e98ac460cc584e82da750b7fbeb5cda81043098f39b51c6c9dcd2d400012
                      • Instruction Fuzzy Hash: 82515C35B106148FCB58EF29C498A6EB7F6FFC9701B1141A9E516CB361DA71EC41CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E49F8 Relevance: .2, Instructions: 167COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 263bf1c68783cca137d9f9968c5c0026106ae6681e3b9399f0aab62e54390522
                      • Instruction ID: ee2fa71a7b45d7952bb1d9b4f866402d8a589bdc5717531fd77fe86fca72e73a
                      • Opcode Fuzzy Hash: 263bf1c68783cca137d9f9968c5c0026106ae6681e3b9399f0aab62e54390522
                      • Instruction Fuzzy Hash: 43611875A00619DFCF54DFA9C894A9DBBF5FF88310F108159E909AB360DB70AD85CB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E49E8 Relevance: .2, Instructions: 155COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7ea7fa34fece69709cdb7f916b601b9e41ef4eeffb5b2f2a2d5bd3a92133a2ef
                      • Instruction ID: 7c888704d52b7d442732d350ef10d91e0be3eb8ca924ee77b14b60f7f1f3559d
                      • Opcode Fuzzy Hash: 7ea7fa34fece69709cdb7f916b601b9e41ef4eeffb5b2f2a2d5bd3a92133a2ef
                      • Instruction Fuzzy Hash: C0612B70A10619DFDB58DFA9C454A9DBBF5FF88310F108559E809AB360DB70AD85CB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E64C4 Relevance: .2, Instructions: 154COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 400957970f51922569cb91f946fc416321c920547ad787ab257927fefb3c6b9c
                      • Instruction ID: 3a0d1605a472a8da0c792f3510a8755ca905543e39e3c323e1854c7f0b6dd3a0
                      • Opcode Fuzzy Hash: 400957970f51922569cb91f946fc416321c920547ad787ab257927fefb3c6b9c
                      • Instruction Fuzzy Hash: 2C514A71E102599FCF54DFA9D844AAFBFFAEF98300F10842AE455E3250DB749905CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E9930 Relevance: .1, Instructions: 127COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1429a72bf72fd8692b7a8b02f00b8b5f8efe3fc001a51d98d74996ade4044a83
                      • Instruction ID: 389c4de2a1fa7ec75a6a9bda16eaa3af4d8e8088aefdcf0f4098012f4e6e52a9
                      • Opcode Fuzzy Hash: 1429a72bf72fd8692b7a8b02f00b8b5f8efe3fc001a51d98d74996ade4044a83
                      • Instruction Fuzzy Hash: 5A413834F242598FDB58DF69D894AADBBF6BF89700F1440A9E501EB3A1DB75E800CB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E6630 Relevance: .1, Instructions: 124COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 567f58d8652390d8942d8a116af38f6dc044c1a853230973d33652c10d3594ca
                      • Instruction ID: 7e6d8698104de0befee8e0b9a62d9f5ac0828498bbf964c53227ed41f868984f
                      • Opcode Fuzzy Hash: 567f58d8652390d8942d8a116af38f6dc044c1a853230973d33652c10d3594ca
                      • Instruction Fuzzy Hash: 4C4190B5E00229CFDF98EFB5C4546ADBAB2FB98364F144929D402B7344CB354982CF96
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA3A1 Relevance: .1, Instructions: 123COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: df7a898f8afb3943d0b634543f03b555224eabbdd3dbc05a3cd507a88088e727
                      • Instruction ID: 3958ca16c8c68ba8a69fa418796144b800e3aaf4f2598fbcf5877def7019dacc
                      • Opcode Fuzzy Hash: df7a898f8afb3943d0b634543f03b555224eabbdd3dbc05a3cd507a88088e727
                      • Instruction Fuzzy Hash: 1551A338A51208AFCB58DF68D898D9DBBB5FF49720B1544A9F901AB361DB31EC41CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EEF38 Relevance: .1, Instructions: 120COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4696bbbe2eabd059176e1608557550415cadd0db8e458bceb3bc1be2e555ed3b
                      • Instruction ID: 2095a4f56bcf1830f7ca1c8759afe2de67c2e9f3029ea1916a7bd7e76293c2e4
                      • Opcode Fuzzy Hash: 4696bbbe2eabd059176e1608557550415cadd0db8e458bceb3bc1be2e555ed3b
                      • Instruction Fuzzy Hash: 0C414C71A1060ACFDF44DF68C8949AEB7B5FF89300F148569E516EB360EB70AD45CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E9BE8 Relevance: .1, Instructions: 118COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8b8a226901d8c3869c68ab9dbfc094c8ae05052e2d62bb609f3dca6a1958f667
                      • Instruction ID: 1d9d22610591c3368b1029a6153bbca2766bae51f7213ab25f6522b936530667
                      • Opcode Fuzzy Hash: 8b8a226901d8c3869c68ab9dbfc094c8ae05052e2d62bb609f3dca6a1958f667
                      • Instruction Fuzzy Hash: B141C734B002288FDF58EB68C984B9DB7B5BF48704F154169E905AB3A1DB75A841CFA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EEAC0 Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fd494cd8994bce6ecb76739db98be50d5b8b9537cad3d2d48f9dea35d91ca43e
                      • Instruction ID: ec321de90da4fb070eb4d2e6e0ca4a5cc27bf03b76a071a17a46aba78d6ed745
                      • Opcode Fuzzy Hash: fd494cd8994bce6ecb76739db98be50d5b8b9537cad3d2d48f9dea35d91ca43e
                      • Instruction Fuzzy Hash: C3413A31E20609DFCF54EFA8D9559DDBBB5FF49301F108669E845B7250EB30AA88CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E9AB0 Relevance: .1, Instructions: 102COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7776e52119b5dc4754c8d8aace32dcf83d97a7a658d0dcaa348972270be47fc0
                      • Instruction ID: 87b63367f2941b83c17d12f72bb41f4c4dc0cbe806f86b2d2df1d34f5d3a8dc3
                      • Opcode Fuzzy Hash: 7776e52119b5dc4754c8d8aace32dcf83d97a7a658d0dcaa348972270be47fc0
                      • Instruction Fuzzy Hash: 0531C131B442448FCB59DB79D89456E7BBAFFC5210B1484AAD14ADB3A4CF349C06CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3A5C Relevance: .1, Instructions: 99COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5657fc39ecd693b56c4644788dcd33fac55aa2bd720135513c3d295713439ba8
                      • Instruction ID: b3d9de1752be0c04f65c379f0d720a5676920b1f29d8c91ce01894bd852b583e
                      • Opcode Fuzzy Hash: 5657fc39ecd693b56c4644788dcd33fac55aa2bd720135513c3d295713439ba8
                      • Instruction Fuzzy Hash: DA41D2B1D00309CFDF24CF99C584A9DBBB5BF48304F24842AE418AB210D7756A49CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3EBC Relevance: .1, Instructions: 98COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 536f9a322d18a6a36d4c8dca80387e6c33ca1e45cd32604cf7f38331f191559f
                      • Instruction ID: 401d229f899ba20c3d10052d1b7e951512f101c9651a3d7227979c8c16f9591a
                      • Opcode Fuzzy Hash: 536f9a322d18a6a36d4c8dca80387e6c33ca1e45cd32604cf7f38331f191559f
                      • Instruction Fuzzy Hash: 3741C3B1D00309CFDB24CFA9C984ADDBBF5BF48304F24852AE419AB254D7756A4ACF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E64B8 Relevance: .1, Instructions: 95COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78c6f4b186fc73d17098e2652f164ceb28add34818c937f5731fa6ee1f61ca38
                      • Instruction ID: 7964d3dc06408adcbeedfa77643f626618498b914be1a19c9ec52c73e7215fea
                      • Opcode Fuzzy Hash: 78c6f4b186fc73d17098e2652f164ceb28add34818c937f5731fa6ee1f61ca38
                      • Instruction Fuzzy Hash: CE41AEB0D003589FDB18CF9AC988A9EFBB5FF88714F20812AE418AB250D7746845CF94
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EEF88 Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8baf8abd6e06e79cbdf70d1dd65d95c6a451ee6a7ea33707018f8a2b0f5f2cb6
                      • Instruction ID: 20822ff8d880ce18177149f9c15cb057396bfcb4a295dbe192f42f7172c58b00
                      • Opcode Fuzzy Hash: 8baf8abd6e06e79cbdf70d1dd65d95c6a451ee6a7ea33707018f8a2b0f5f2cb6
                      • Instruction Fuzzy Hash: 2C310FB1B08601CFDF18DF28C88519ABB61FF91304F34886DD85A8B345CB36D95ACB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E0760 Relevance: .1, Instructions: 93COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78a6d076c68cbde07509a7958167646107efa6738a7f6deabca53c3fc5846703
                      • Instruction ID: 289daef89b9b19817c457ee5d998549e928e5eaf9b18892fa33c65c7dfab958c
                      • Opcode Fuzzy Hash: 78a6d076c68cbde07509a7958167646107efa6738a7f6deabca53c3fc5846703
                      • Instruction Fuzzy Hash: 9B317C75B001149FDB18DB69C498AAEBBF5FF8C210F1541A9E405E73A1DA31EC40CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA20B Relevance: .1, Instructions: 90COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f9d5ea3256417932b3fabb30414671bee1c7a9b03d40d5ae425c88d4490ce0b6
                      • Instruction ID: eb6b18e80dea4c75b81dc65d41d3d5a6500d718127ca34ae8000ea1d977bb6c1
                      • Opcode Fuzzy Hash: f9d5ea3256417932b3fabb30414671bee1c7a9b03d40d5ae425c88d4490ce0b6
                      • Instruction Fuzzy Hash: 5631DF31B102128FDF68DB79C8817BE77A9BF88210F08807AE509EB294DB359841CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EDD63 Relevance: .1, Instructions: 90COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 583f9d1b828aa69f6c1094bf4935d7a81ab912efd1dc4b0d80151f6bc3425acc
                      • Instruction ID: 9421398ef196dc0fdb28f06aa0ec5bfe17f96cf18097aa560f8edcba44d84a09
                      • Opcode Fuzzy Hash: 583f9d1b828aa69f6c1094bf4935d7a81ab912efd1dc4b0d80151f6bc3425acc
                      • Instruction Fuzzy Hash: E431D131B106118FCB18EE29D484A6EBBF6FFC9700F0481AAD44ACB361CA71E8458B91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E7FF3 Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cda57cc662a286a2eec30bde3f8271dd9d34caa9b4056e6d41a737c8c1639a5c
                      • Instruction ID: c78e31a9788b1b3e417be448f397cc5017cb82e6532b304221a954fc496b7fdf
                      • Opcode Fuzzy Hash: cda57cc662a286a2eec30bde3f8271dd9d34caa9b4056e6d41a737c8c1639a5c
                      • Instruction Fuzzy Hash: 52318370E406029FDB68CF2AC544A6ABBF6BF88310B148558D159DB364DB30E841CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EFBD7 Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8d661e38b364e47da708e17f3da4c7afbb4212e04006f113f3c565d484c015de
                      • Instruction ID: 43567a6aba9831d393adfc73b21cd150aff0b036e69d6e37eb091896c818e594
                      • Opcode Fuzzy Hash: 8d661e38b364e47da708e17f3da4c7afbb4212e04006f113f3c565d484c015de
                      • Instruction Fuzzy Hash: 4F313371A08601CFCF2DDF28D88519EBF71FF91204B24896DD86A8B251CB36C95ACB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E82E8 Relevance: .1, Instructions: 88COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: edcbc906455b28ccc7b33549609d03fd51a827349f6eb053473716c551b1140e
                      • Instruction ID: f2c7b5ccc70def84240de938fde91a12f2f5fd6770313c5bf27fad0fd57cc7ce
                      • Opcode Fuzzy Hash: edcbc906455b28ccc7b33549609d03fd51a827349f6eb053473716c551b1140e
                      • Instruction Fuzzy Hash: DE31F575A20219DFCB48DFA9D894DADF7B5FF88700B1185A9E925AB321C734A800CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E6623 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ab678adb6f2bb4a4e3a5cd7ba0bcdb20849e2d44701537c4e16b88b945f844ef
                      • Instruction ID: 931bb62de1eb3ba1414f319fe537c99670765dced2e6cd00bd7f7001c173c821
                      • Opcode Fuzzy Hash: ab678adb6f2bb4a4e3a5cd7ba0bcdb20849e2d44701537c4e16b88b945f844ef
                      • Instruction Fuzzy Hash: 0031C2B5E102258FDF68EFB5C4542AD7AB2FF98354F104C29C402AB380CE358941CF96
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ECC9B Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d98532440f7581ae1ff468244cddf2de5c9d2f96e06affd4b682e7f5fbb8a075
                      • Instruction ID: ab4c1392a8e155a8c76ff0f8a175ce5a166b3c18c843d071153d249f7f95efb9
                      • Opcode Fuzzy Hash: d98532440f7581ae1ff468244cddf2de5c9d2f96e06affd4b682e7f5fbb8a075
                      • Instruction Fuzzy Hash: 6F31E2716041618BDF49DF28DA80BAABFE6FF84205F04856AC865CB34ADB35D901CFE0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ED8E8 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: decafdfa3ed20596f4b1bef519e0d0cadb5996a7361b113ec3f948d6d1df3a11
                      • Instruction ID: 65c999af40078d5297952d9f3368c2df3d13eafc5a0c3f7a3c649628d9c8b2aa
                      • Opcode Fuzzy Hash: decafdfa3ed20596f4b1bef519e0d0cadb5996a7361b113ec3f948d6d1df3a11
                      • Instruction Fuzzy Hash: 5F216D317006108FCB58EB29D864A6973FAEF85715B20857ED506CB3A4DF76EC42CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8018 Relevance: .1, Instructions: 85COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7389a53290eabf28ed607892c851817c4d10745b5ccd453c50c72cd32aa6d6a3
                      • Instruction ID: 1053fb8f88105fd15a4a50feb7554f0f8a6bd35b1d36f5e0679c5e7d93360197
                      • Opcode Fuzzy Hash: 7389a53290eabf28ed607892c851817c4d10745b5ccd453c50c72cd32aa6d6a3
                      • Instruction Fuzzy Hash: 8F317170E406029FDB68DF6AC544A6BBBF6FF88720B14C969D419D7264DB30E841CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E76D0 Relevance: .1, Instructions: 83COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 109563a12eaab7659294a28da0e8b7cead87db91fca6ef46ea3161f40652ae8d
                      • Instruction ID: a955ee6a4837b00c7d773a3f0bea4eb628c4b53b0fba3aafe91ea0ec8c50c0d7
                      • Opcode Fuzzy Hash: 109563a12eaab7659294a28da0e8b7cead87db91fca6ef46ea3161f40652ae8d
                      • Instruction Fuzzy Hash: C5214D71E001169BCF94DF99D8409AFBBFAEFC8640F10812AE565D3255EB708A01CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3DC0 Relevance: .1, Instructions: 82COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24fc5ad17f82b6a8799c9de7c5e6486879371ba23eee440e4929584b1b003654
                      • Instruction ID: 49a281b714084829fa38416235e3b585651a3eb3dfdad9372737458bf491e98c
                      • Opcode Fuzzy Hash: 24fc5ad17f82b6a8799c9de7c5e6486879371ba23eee440e4929584b1b003654
                      • Instruction Fuzzy Hash: 4E21D3716102058FCB14EF78C88559BBBE6FF84214B1488A9D54ADB350EF71E809CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3AA8 Relevance: .1, Instructions: 82COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: af5c31ef28a3b0f93e828de5dc1679240581e1e0fe97995cf05ac262611ee17d
                      • Instruction ID: 994b922e65b821b6970eae537608812cb816fb90499c35de7b2030a512c73e66
                      • Opcode Fuzzy Hash: af5c31ef28a3b0f93e828de5dc1679240581e1e0fe97995cf05ac262611ee17d
                      • Instruction Fuzzy Hash: 8F21DC71B202494FCF5ADBB8985867FBFBAFBC5210B094929E816D7340DE34890587A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E0753 Relevance: .1, Instructions: 79COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f38bc2b57b8e39d458cf5d9a3bee5a76c6e54c904eccd164038c7f1b62f7686e
                      • Instruction ID: 6569ad18475a8fa9fc9a905228901530d12299702cbbc2d1c429ba0191a698ae
                      • Opcode Fuzzy Hash: f38bc2b57b8e39d458cf5d9a3bee5a76c6e54c904eccd164038c7f1b62f7686e
                      • Instruction Fuzzy Hash: 7621A136B101149FCB18DA59D844DABB7E9FB8C220B0541B9E909E7361DA21EC11CAA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E89E0 Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 03c6f342261d631ee3a7d2ae9aa31eed05f35b7b1e4548bd3f9f63cad5ced643
                      • Instruction ID: 25a3bc3f6a66c1031b321e1cd59ba62446aeb8c22746a6d78cfeec95a71d9e6b
                      • Opcode Fuzzy Hash: 03c6f342261d631ee3a7d2ae9aa31eed05f35b7b1e4548bd3f9f63cad5ced643
                      • Instruction Fuzzy Hash: FE311E70E40A029FDB68DF6AC544A6ABBF6BF88710B14C56CD419DB764DB30E941CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E5DF0 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e374fef335b77ae549554b7bd925a707df61993a3cf31e93095293aaf00ba3dc
                      • Instruction ID: 151da51d0041c625040166247f304ae161e0032497f0a9fb10db778ab6f88e7c
                      • Opcode Fuzzy Hash: e374fef335b77ae549554b7bd925a707df61993a3cf31e93095293aaf00ba3dc
                      • Instruction Fuzzy Hash: 3E212834B106108FCB59DB28D8988AD7BF6FF8960471542AAE516CB3B1EB71EC05CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0123D4A0 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416224035.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_123d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c25f27dc00e6458b69461aa80917cc30d5229cdfe96174dfd4d0b6cf8fab69b9
                      • Instruction ID: efe20fc08575b7a4f34fceca6248571c047627a5c3a2dba486b93c44850a1b54
                      • Opcode Fuzzy Hash: c25f27dc00e6458b69461aa80917cc30d5229cdfe96174dfd4d0b6cf8fab69b9
                      • Instruction Fuzzy Hash: 242148B1510209DFDB15DF98E9C0F26BF65FBC8314F60C569EA0A0B296C37AD415C7A2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EC00F Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b062c0660bd0a17dbd369b7726472b071f98c98b1b3ca803357d6f78c685a514
                      • Instruction ID: bd120839ffc4fd5ace1f523fd3e25c43bed1255e316781b38036d7a868ebb50a
                      • Opcode Fuzzy Hash: b062c0660bd0a17dbd369b7726472b071f98c98b1b3ca803357d6f78c685a514
                      • Instruction Fuzzy Hash: EE213875B003008BCB29EB39D484A2DB7A7FFC1214B58C56ED4158B395CF75D802CB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E73D4 Relevance: .1, Instructions: 73COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e4e2a13cf1ee752f5827c07a19ab963916288c435fabf14a06cb2a7e4c479f25
                      • Instruction ID: babd984bd9896021c634cd4e9098002f7996b1565c1b58b7db21b4cb9acb417f
                      • Opcode Fuzzy Hash: e4e2a13cf1ee752f5827c07a19ab963916288c435fabf14a06cb2a7e4c479f25
                      • Instruction Fuzzy Hash: D5219275E0021A8FDF58DFA8C8905EEBBF6FF88240B14452AD405E7255EB348A45CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8318 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f54a5d049d3d96705255f41f11a5be6d446f97c4799f4b0e18550a0b4d97fbaa
                      • Instruction ID: 43641b5e21cace86fe4f5b4221db4a51a2f2c90090e6106f1c724908c22a6644
                      • Opcode Fuzzy Hash: f54a5d049d3d96705255f41f11a5be6d446f97c4799f4b0e18550a0b4d97fbaa
                      • Instruction Fuzzy Hash: B1216D39B002149FCB68DE29D484E6BB3BAFBC8620F01842EE60687751C731F841DB60
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3A77 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 149aaf7d240f744856546d35940b976b7f1895f0b3d698286538212673b14b1c
                      • Instruction ID: bdb25e3b6e78b2bb68ed96e73515819a5ff820bfed286710bae18a7b9ba172b5
                      • Opcode Fuzzy Hash: 149aaf7d240f744856546d35940b976b7f1895f0b3d698286538212673b14b1c
                      • Instruction Fuzzy Hash: 71218471A107921FCB06DF788C544AFBFB6FFC6220B08456AD425DB242DF30880587A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ED8F8 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a1ba0eab95ce846fe936e54ab7cbc4259aa398ecbbdcb0ce03a7767a28808913
                      • Instruction ID: 3b834dc707fcf3993b77b53459cfa7ca448b19fdcfedb64119a0363c1f5bfccc
                      • Opcode Fuzzy Hash: a1ba0eab95ce846fe936e54ab7cbc4259aa398ecbbdcb0ce03a7767a28808913
                      • Instruction Fuzzy Hash: 482149307106108FCB98EB29C864A2A73FAEF85714B10856DE506CB3B4DF76EC46CB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0124D2B4 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416290921.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_124d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4539831fbd5c8e0799b55143e0534f52dcfb0293847b75d69d486967b4d195cc
                      • Instruction ID: 5e82ff25149ac0a47691bedda4449e531a13e697f82e5cfc5435726c303f213d
                      • Opcode Fuzzy Hash: 4539831fbd5c8e0799b55143e0534f52dcfb0293847b75d69d486967b4d195cc
                      • Instruction Fuzzy Hash: D5213475614208DFCB09CFA8C9C0B26BFA5FB98314F20C5ADE9090B252C37AD806CE61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0124D1CC Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416290921.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_124d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1fd51b06628956e515238b26252ef1688df3d6dcebe79f52a1323e5e8a0cb4aa
                      • Instruction ID: 4de3dd6ffd7841ab0736f82d30b7d50bd7a3421ab1e14d156d7effaa6048ab56
                      • Opcode Fuzzy Hash: 1fd51b06628956e515238b26252ef1688df3d6dcebe79f52a1323e5e8a0cb4aa
                      • Instruction Fuzzy Hash: 9C2122B5614208AFDB09DFA8C580B26BF65FB98324F20C56DE9094B257C37AD806CA61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0124D01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416290921.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_124d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c8596e460935aba37719f2b1842f9d363aef6c7175c6e186bbc2a7979d3edfa
                      • Instruction ID: e61035ad545d652f9b69ea546c0b6c291eee47fe9318c3b98a36f7a63706c410
                      • Opcode Fuzzy Hash: 9c8596e460935aba37719f2b1842f9d363aef6c7175c6e186bbc2a7979d3edfa
                      • Instruction Fuzzy Hash: 0D216871124208DFCB19CF68D9C4B26BFA5FB94364F20C569DA490B342C37AD407CAA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3C4D Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a68f0f19ba434ef7829e901dc430c16f42eb40a5772e790b917b928c9cb0aaa
                      • Instruction ID: c6c4c810bcc1c6eac9e5e4a57b3f0d6afa7756c946f5ba660c31c6c18c865a66
                      • Opcode Fuzzy Hash: 8a68f0f19ba434ef7829e901dc430c16f42eb40a5772e790b917b928c9cb0aaa
                      • Instruction Fuzzy Hash: BC31C0B4D01258DFDB64DF99C588B9EBFF5BB08714F24841AE408AB250C7799885CF94
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3A41 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c9652125f1bfc5c2018de7c159873aee7870413e6b9f8921e48a43747fbaf26d
                      • Instruction ID: 6d6bcc5a2a3860ccb92900718608d1bbb816c1d417cb3a1c0ad939e551867616
                      • Opcode Fuzzy Hash: c9652125f1bfc5c2018de7c159873aee7870413e6b9f8921e48a43747fbaf26d
                      • Instruction Fuzzy Hash: 3F21C0B0D01258DFDB64DF99C688B9EBFF5BB08714F24841AE408AB240C7B59885CF95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3A08 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6b94665926c9d51683e2d41aa2d48d1e0561dd3d208a757c13fadafce1831f8e
                      • Instruction ID: 2f8c9b215d6ce633c11559aa3bb2a5b39e3bee0e7bfa18b32004c9e542482308
                      • Opcode Fuzzy Hash: 6b94665926c9d51683e2d41aa2d48d1e0561dd3d208a757c13fadafce1831f8e
                      • Instruction Fuzzy Hash: 6631C0B0D012589FDB64DF99CA88B9EBBF5BF08714F24845AE408AB240C7B59885CF95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ED720 Relevance: .1, Instructions: 65COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 15651f4780ee4f457ee0a3b56dddb3b032ea2bf2fe75222876542be3c60633bb
                      • Instruction ID: d8c8095b209e62bae3a93bef1c98ae1f2258dce4995507c94edcd6f9c51bac04
                      • Opcode Fuzzy Hash: 15651f4780ee4f457ee0a3b56dddb3b032ea2bf2fe75222876542be3c60633bb
                      • Instruction Fuzzy Hash: CF218C709007458FDB69DF29C484B2ABBF2FF80300B658A59C0969B656DB70F985CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E93B8 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: faa2270ced6d742b269b8a50b8f1e39ce451af50a6ea27df237514d0f018d7dc
                      • Instruction ID: b38c18876c945a534fe05421593f38b4addab721243216970326c865f01c69e1
                      • Opcode Fuzzy Hash: faa2270ced6d742b269b8a50b8f1e39ce451af50a6ea27df237514d0f018d7dc
                      • Instruction Fuzzy Hash: 04210B71E0020E9F8B04DFADC8848AFFBF9FF98300B10855AE518E7210E770A956CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3DB1 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b4944f4942c54581d7b5ccb17f29b6846cc12194581a5faf588a1a7f456e74b8
                      • Instruction ID: a4e7b5af392c1da3f0d4f89b5c4812ff96fcf8dcbf373c6ccdc2462286eb78fc
                      • Opcode Fuzzy Hash: b4944f4942c54581d7b5ccb17f29b6846cc12194581a5faf588a1a7f456e74b8
                      • Instruction Fuzzy Hash: F911BE716102059FCB14EB68C985AABB7FAFF80310B1089A9D556DB350EF74ED09CFA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0124D006 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416290921.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_124d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 869219889b2bf950d27ac06367b3fcbb856ae6dad84084c6a3ce4fe35dc6b193
                      • Instruction ID: a73bb3464a633d63230d02c8aa245c3d90cec3280a7906bf128e49ce27aebb46
                      • Opcode Fuzzy Hash: 869219889b2bf950d27ac06367b3fcbb856ae6dad84084c6a3ce4fe35dc6b193
                      • Instruction Fuzzy Hash: 8F21D5714083849FDB17CF24D984715BF71FB96324F29C5EAD9498B293C33A980ACB62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EAC00 Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 440fa3e259f7aa2aa09d4071de3bd46d3f5543a1454ff013432de53785394f2c
                      • Instruction ID: 4fe298250a3d934596db0d309ecd39cd61ab9ff418105494b71c99ce4e353896
                      • Opcode Fuzzy Hash: 440fa3e259f7aa2aa09d4071de3bd46d3f5543a1454ff013432de53785394f2c
                      • Instruction Fuzzy Hash: BE21FC71E0020A9FCB05DFA9C8449AEFBF5FF99310B10865AE425E7215E770A956CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA0CB Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2db0d06085dba60c0bc4a38d531be3bcc31cf34f3f319187dfca1844edb6c503
                      • Instruction ID: b715b6f1775485e6109324206ea5b972b206d273c47cca8867f73ac4ac89eadb
                      • Opcode Fuzzy Hash: 2db0d06085dba60c0bc4a38d531be3bcc31cf34f3f319187dfca1844edb6c503
                      • Instruction Fuzzy Hash: AB114939B006149FCB68DE29C584E6BB3BAFB88610F05852EEA4687751D731F841CF60
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EF720 Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4d2ff5924fe46a835424156a906b8d0f29deef846ef52f48123dce4709b20ea3
                      • Instruction ID: a26425bdc9d99f7fcecaf74c8322f09704be2e832fba9a53d8e02c2a063c7729
                      • Opcode Fuzzy Hash: 4d2ff5924fe46a835424156a906b8d0f29deef846ef52f48123dce4709b20ea3
                      • Instruction Fuzzy Hash: 6321EF75E0060A8FCF44DF6DC4449AEBBF1FF89320B14826AD518E7354E7359912CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EC020 Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2b7da73d8840ec40a9299ed7a749f3e58bf0e64bd5eb75882447d01b01f6c261
                      • Instruction ID: f032abfd1fc256c10660e8cd4435f112daacb7ad1fe7c658c2f42f582178a3d6
                      • Opcode Fuzzy Hash: 2b7da73d8840ec40a9299ed7a749f3e58bf0e64bd5eb75882447d01b01f6c261
                      • Instruction Fuzzy Hash: 8411A0707002048BCB29EA29D494A2EB3AAFF802147548969D4168B394CF75EC06CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EF73C Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 13fa95f406ac3a8e2d21804003a082b6c395406ba1addedb0bff9b2f4c6aac83
                      • Instruction ID: 7fbd6ff20abf3268fe87122cd7cc53604d1c442bc38332ab15ffc17492be161d
                      • Opcode Fuzzy Hash: 13fa95f406ac3a8e2d21804003a082b6c395406ba1addedb0bff9b2f4c6aac83
                      • Instruction Fuzzy Hash: D211DAB5E002199FCB44DFADC4449AEBBF1FF88310B10816AE919E7315E7309911CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0123D49B Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416224035.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_123d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                      • Instruction ID: 060bd62c089608d5445e3dca79abd7dc6c0d33cea96fbb81942b83e32ed1624f
                      • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                      • Instruction Fuzzy Hash: B311D3B6904245CFDB16CF58D5C4B16BF72FB84324F24C5A9DA090B257C336D45ACBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8250 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4c42b4bda1d95ceefe803318531293e2c570d20cdea96b8a012c1c1136b609b3
                      • Instruction ID: e0e4ccaca521ecb3dddd169746d6c98269b2b8c2455b082ba2b05601b7cb07cd
                      • Opcode Fuzzy Hash: 4c42b4bda1d95ceefe803318531293e2c570d20cdea96b8a012c1c1136b609b3
                      • Instruction Fuzzy Hash: 8B0108316047058FDBA8E66DA8846A6BBDAFBD0211F14CC6AD08D83310DF34A848CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0124D1C7 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416290921.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_124d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                      • Instruction ID: 768681114e066ecf856aeb8261cbfa8ae883924d533d449cbfd99dde7afdc4c7
                      • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                      • Instruction Fuzzy Hash: ED11DD75504284DFDB06CF54D5C4B15BFA1FB88324F24C6A9D9494B257C33AD80ACB62
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0124D2AF Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416290921.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_124d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                      • Instruction ID: 3c71ffcb9778d411d7d7a3c66ad75710353d7300bc38417217bea8f6b009eec1
                      • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                      • Instruction Fuzzy Hash: 1711DD79504284CFDB16CF54D5C4B15BFA1FB84314F28C6A9D9494B252C33AD40ACFA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EF750 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2b4645c25379c8211672ae3046cf7da6e39171930580c60d83c5ae4ddef35fb9
                      • Instruction ID: 4ce29075a14180c6ed4797a7f23069c5ef842ab404a4b25fd60eb265861ae82f
                      • Opcode Fuzzy Hash: 2b4645c25379c8211672ae3046cf7da6e39171930580c60d83c5ae4ddef35fb9
                      • Instruction Fuzzy Hash: 97119BB5E0011A9F8B44DFADC9449AEFBF5FF8C310B10816AE919E7315E7709911CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E6508 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b6f7ed43c8698382d40dbfc5917507a6d88231c7a23220c8bb73ac6145f77e13
                      • Instruction ID: bb6d15639dd2494350f6cb7b8b6934545e8932aad8efc81701da7e2036bc19ea
                      • Opcode Fuzzy Hash: b6f7ed43c8698382d40dbfc5917507a6d88231c7a23220c8bb73ac6145f77e13
                      • Instruction Fuzzy Hash: 6A1104B1D006088FCB54DF9AC848A9EFBF4FF48310F10841AD459A7310D778A945CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E45AC Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ac9375a37969bbbc7c84a9fcce6d94b47a592ed81fc9105cc4a87251725b2b91
                      • Instruction ID: a21fd74e5453267cba1ac50e1c2ce832ca6eca5e9d7f79e4458ef0fcfde32668
                      • Opcode Fuzzy Hash: ac9375a37969bbbc7c84a9fcce6d94b47a592ed81fc9105cc4a87251725b2b91
                      • Instruction Fuzzy Hash: 5211F3B1D006498FCB24DF9AD548A9EFBF4FB48310F10841AD858B7310D378A545CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3A20 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 49f0985377dfdd8b09c6e0c3ea2cb6381e1124ec1c8e7c4b1d08ab7400ad9b36
                      • Instruction ID: e63e7a4456646a41fb56791354a230872764dfd51f4a88861b705775c57af8a4
                      • Opcode Fuzzy Hash: 49f0985377dfdd8b09c6e0c3ea2cb6381e1124ec1c8e7c4b1d08ab7400ad9b36
                      • Instruction Fuzzy Hash: 3611F3B1D006498FCB24DF9AD948A9EFBF4FB48310F10841AD858B7310D378A545CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E4948 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6479dfc666ef59cd58c94ff54635ac48044f22fe8b2a96751d075aa4d9d1ad47
                      • Instruction ID: ceb497ac7a143c734ae782d7c03e60d8172b332e8b1ff1701892c0c3b770b347
                      • Opcode Fuzzy Hash: 6479dfc666ef59cd58c94ff54635ac48044f22fe8b2a96751d075aa4d9d1ad47
                      • Instruction Fuzzy Hash: 7411F0B1C002488FCB20DF9AD548A9EFBF5FB88320F10841AE858A7210D378A545CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E7F88 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8426d24fe15de23494a723ac91487f58640d3d43308df2a449b938deb57cb3a5
                      • Instruction ID: 62e4e8ba136224034c69debe0de507753c6f8e7662360bcb96483962299ecf9c
                      • Opcode Fuzzy Hash: 8426d24fe15de23494a723ac91487f58640d3d43308df2a449b938deb57cb3a5
                      • Instruction Fuzzy Hash: F001F432B142185FDB48DAB9D8146EEBFAADB85220F0484AAE81DC3340ED718D468795
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EC8C0 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 45988461721736bf145d3c10162977575868cc4283661a28843ec0d8db497603
                      • Instruction ID: 628d5b35a7bdf0bef873fe176a738b250e0c5cc4d93da819d564ccc9163c9a6d
                      • Opcode Fuzzy Hash: 45988461721736bf145d3c10162977575868cc4283661a28843ec0d8db497603
                      • Instruction Fuzzy Hash: 8D01AD35700A244B8F5EBB3AA89892EB69FBFC4A10704456EE0568B391CF34A90187D9
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E79F1 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c5ca550714931f05f7670e6392389f3fda9545311c222c303ec6e274382b5ff
                      • Instruction ID: bb011711b4112b5d99cc21e7dd16a9f72105e671007f2a14223583da10a3a192
                      • Opcode Fuzzy Hash: 9c5ca550714931f05f7670e6392389f3fda9545311c222c303ec6e274382b5ff
                      • Instruction Fuzzy Hash: C611D2B5D006488FCB24DF9AD588A9EFFF4FB48320F14841AD459A7310D778A645CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EC980 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4ffe9be6e073201ca0236375ba543913b74365d7e22f2ac6f3477ef2272855a0
                      • Instruction ID: 8cd4803ec017ee9cc749ea4043b1de7390d535e7673e5032bbafb1653b6699bd
                      • Opcode Fuzzy Hash: 4ffe9be6e073201ca0236375ba543913b74365d7e22f2ac6f3477ef2272855a0
                      • Instruction Fuzzy Hash: 44115771E002699BDF28DFA9D5506ADBFB5AF88310F14402AD415BB284DB706A49DB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E66BA Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4a51e6df7e1acf38852a47b693b3b26e42e8e0dbc26f5a549b3c95f5e4998357
                      • Instruction ID: fd007ea3937ac408e9a9c8c211d3eef4ec12d86a19ca963a95f4f1637beba571
                      • Opcode Fuzzy Hash: 4a51e6df7e1acf38852a47b693b3b26e42e8e0dbc26f5a549b3c95f5e4998357
                      • Instruction Fuzzy Hash: AA11A5B1E001198FDF58EFB1C4547AD7AB5FF98794F144829C001A7280CB788985CFE6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EAD30 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ba05e35c178fa124d5f187ed4c60e64a1aa843fe3a814cbb2ffb9fb533e43639
                      • Instruction ID: 750b4a81453c357e99d698e91fcc58b8a5dff4e6a6ad72c1bdcbd6e8280032a8
                      • Opcode Fuzzy Hash: ba05e35c178fa124d5f187ed4c60e64a1aa843fe3a814cbb2ffb9fb533e43639
                      • Instruction Fuzzy Hash: EA01D4387042008FCB5DA739D950A2E77AABFC1312B5884BED8068B395CBB5DC06CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3A14 Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0972107c31c231e6213e0a6baadb32f31e59c8a2c36b89e851240811483d67d9
                      • Instruction ID: 32b935e642e8c015f7280ce7a8bb5a429ebbbeb88307b92f426f517720784100
                      • Opcode Fuzzy Hash: 0972107c31c231e6213e0a6baadb32f31e59c8a2c36b89e851240811483d67d9
                      • Instruction Fuzzy Hash: 4811F2B59003488FDB60DF9AD588B9EBBF4EB48320F10841AE959A7350D378A944CFA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EE260 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9f8ef09e51d95b4a9807ebe768bbf6840818f7e6af198f6b60fad4528ccfd9da
                      • Instruction ID: e8be1f9b6cb0d8d5c8947429a5cdabbf53deaaac7f6f76e7149368c93bf6ad64
                      • Opcode Fuzzy Hash: 9f8ef09e51d95b4a9807ebe768bbf6840818f7e6af198f6b60fad4528ccfd9da
                      • Instruction Fuzzy Hash: ED01D6327205114FCB18AE59EC40B6E779BFFD4221F5896B9D0258B2A4CA359D428784
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EAD40 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 004ff038a48ed5d591b3351fe7d56a81b3e80661418bf9e8928faa4e64dba729
                      • Instruction ID: 2405ae297b6071d0f6f9524e23fe1aef538d5798a0b5713942ba7a5c1bf2d2fd
                      • Opcode Fuzzy Hash: 004ff038a48ed5d591b3351fe7d56a81b3e80661418bf9e8928faa4e64dba729
                      • Instruction Fuzzy Hash: 95014F347102148FCB5DAA79D950A2E73AAFFC1611754C87EC80A8B394CF75E806CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E48A8 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aaba1b0c243bbee4bbe6115ad5c837bc3d17427a031556b6ecfac22278da05e7
                      • Instruction ID: f86fea07e89b352ac228776e089afea113f216509c75fc32bd8aecf939514ec4
                      • Opcode Fuzzy Hash: aaba1b0c243bbee4bbe6115ad5c837bc3d17427a031556b6ecfac22278da05e7
                      • Instruction Fuzzy Hash: 1211F5B59003488FCB10DF99D584BDEBBF4FB48310F14841AD559A7350C338A945CFA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0123D76D Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416224035.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_123d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f72a2abc3dd9b7a1ff14e68b0f8e0eff95e50ec399bff26a4c4f44f0b13e0455
                      • Instruction ID: c23daade468ab92383230727c53be3b5680beffdd85581d6451f2b0da507cfcd
                      • Opcode Fuzzy Hash: f72a2abc3dd9b7a1ff14e68b0f8e0eff95e50ec399bff26a4c4f44f0b13e0455
                      • Instruction Fuzzy Hash: 9301DBB11143889AE7168B59DDC4B67FFDCEF85324F58C42AEE090A286C3799840C671
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8230 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c2dc9ef658a885b610138eb063623125a4d05413e7b03bf776792c8c8421a1f4
                      • Instruction ID: 76eb09d3f613dc21f376fe118724172adae2ba16687c3bcd601bfe3247e42b41
                      • Opcode Fuzzy Hash: c2dc9ef658a885b610138eb063623125a4d05413e7b03bf776792c8c8421a1f4
                      • Instruction Fuzzy Hash: 30F062317545129BDF9C9A7ADC9CD7E37DEBFC4A11305446DE806CB260DE20DC41C690
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E82F8 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cd68fe5bb2e928e398a580819d2c39819876c0ef5906a0d2f8c6cb2c4f93ce13
                      • Instruction ID: 13b5c2c7bb8c4e524f5007326f9fb345fc37debc445ea2768eea9b336f3217fc
                      • Opcode Fuzzy Hash: cd68fe5bb2e928e398a580819d2c39819876c0ef5906a0d2f8c6cb2c4f93ce13
                      • Instruction Fuzzy Hash: ABF090347542618FAF9C9A7ED894E3A37EEBFC5A11305446EE506C72A0DF20DC81CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8328 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b0df224b953efe3895457cc7e245f7cb7beb4b6f470006834df0bb6f2a94c593
                      • Instruction ID: 6dbf0451ba6b35fd295ff9e58b77c9df0352d993d136123b6b6aba73fdbf4d8e
                      • Opcode Fuzzy Hash: b0df224b953efe3895457cc7e245f7cb7beb4b6f470006834df0bb6f2a94c593
                      • Instruction Fuzzy Hash: 85F0C871B001269BCF99AFA89C516BE7B7AFBC8110F400129E535A73C0DB354A02CBE5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EBF38 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 13b760cc4641b7dcd46af7e8ba1c0eacb2a7d00549c09eecf65ece93fdba8db4
                      • Instruction ID: 2c432013859e5d173bf7470b1fb62809ce10e0753d508e268829f400998acdd5
                      • Opcode Fuzzy Hash: 13b760cc4641b7dcd46af7e8ba1c0eacb2a7d00549c09eecf65ece93fdba8db4
                      • Instruction Fuzzy Hash: CA017C346102008FCB18EB6AD984A5AB3E9FF85311B64C569D4198B365DB79EC06CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EACA8 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0664abeeb2c19cf844d11633b8a1242468e2d1405623c42505f7a06088535360
                      • Instruction ID: a0fed11df63b061a12cdc299333d2088c26f3f467b6b41934b2eed624a999dad
                      • Opcode Fuzzy Hash: 0664abeeb2c19cf844d11633b8a1242468e2d1405623c42505f7a06088535360
                      • Instruction Fuzzy Hash: 4E018F342102008FCB18EB29D584E15B7EAFF85615F64C57DD80A8B324DB75DC02CB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E9138 Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6c5c7f89d9a326c6118920ee0e11191ed72f9b04608f222d89ec5e2ba05742ca
                      • Instruction ID: 77e78f03041bf0c02bb0a9431db9aed90c72c4cbbe15db6e392a85507487edca
                      • Opcode Fuzzy Hash: 6c5c7f89d9a326c6118920ee0e11191ed72f9b04608f222d89ec5e2ba05742ca
                      • Instruction Fuzzy Hash: 3BF0C2317086528FCB5C9A7ADC58D793BAE6F85A01309049EE806CF3B1DF20DC01CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EC8B1 Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 043190ceec22246e1510598b237c1dfe23e114e0e15d1936ba475654937478e9
                      • Instruction ID: 2529d0a73cd6b841030fc6b61871700de52f4d2fa7c215ba0cd925c767f489b1
                      • Opcode Fuzzy Hash: 043190ceec22246e1510598b237c1dfe23e114e0e15d1936ba475654937478e9
                      • Instruction Fuzzy Hash: 2AF02236300A144BCF5DBF39EC90A2E779BBFC4610B18046AD066CB351CE34E8008788
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EBF48 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e50c99a7db6a629c9b087be91acbd919c70750b113a00dbd7e9c1e871285c893
                      • Instruction ID: 5f6578115b57f4f84b6f2baa49136cfd327736de25589d974ef1ae1bf71e3f05
                      • Opcode Fuzzy Hash: e50c99a7db6a629c9b087be91acbd919c70750b113a00dbd7e9c1e871285c893
                      • Instruction Fuzzy Hash: CA014B347102008FCB58EA69D584D2AB3EAFF85222B6485B9D41987364DB75EC06CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EACB8 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d6957cbd0bf64a4a08f6a846f9a0b6151d51eb4dd480ac1a1578da98ab7bce24
                      • Instruction ID: a6921e3c0770a5308959e4bb632a4b6bcb8c20c4c00fb6644365dfb61e90ca58
                      • Opcode Fuzzy Hash: d6957cbd0bf64a4a08f6a846f9a0b6151d51eb4dd480ac1a1578da98ab7bce24
                      • Instruction Fuzzy Hash: D6016D343102148FCB18EB69D544D2AB3EAFF85211B64C579D80987364DB75EC06CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8338 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8c442f0a668a818b9428c62b2731df088c395be6508dbae3796520b886f7eb47
                      • Instruction ID: f90efb946581ba928b8d61af0ee99fd2227e560474d1602eb510ab9c54c98985
                      • Opcode Fuzzy Hash: 8c442f0a668a818b9428c62b2731df088c395be6508dbae3796520b886f7eb47
                      • Instruction Fuzzy Hash: 25F09671B011165B8F89BBA85C514BEBABAFBC8550F400029E525A7380DE354A028BE5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EF1F0 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 67f8d1078a1a7d27ab9d63e52e98cb216c7e89704e856514564561d21612d4f6
                      • Instruction ID: e2d81d6b4bf3c756fc85d3f0b4140fa644e75635b3edd97cfb22e3c6f1d94ec6
                      • Opcode Fuzzy Hash: 67f8d1078a1a7d27ab9d63e52e98cb216c7e89704e856514564561d21612d4f6
                      • Instruction Fuzzy Hash: 8F01A2715106099FDB04EF64C8858DEBF79FB89390F048619E4166B344EF70B989CBD0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA1A3 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 393f4c3815370164b1147268b506c69ef15e2df8759bd8fd50d26e2bdb9a2092
                      • Instruction ID: c9567604905caa6122ce73f8992755f321388a275abd9cdf4aa925d9a1dfe349
                      • Opcode Fuzzy Hash: 393f4c3815370164b1147268b506c69ef15e2df8759bd8fd50d26e2bdb9a2092
                      • Instruction Fuzzy Hash: 6EF030353002618F9B5C9A7ED894E7A37ADBFC5A11305006DE506CB3A0DF20DC81CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E9920 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d06441bca199e28145e735c0851ac65724441033611c371c53602f91d00302ec
                      • Instruction ID: 297441ab332946800679d56748643e184892a11e4278580ad0fcbe19d128f305
                      • Opcode Fuzzy Hash: d06441bca199e28145e735c0851ac65724441033611c371c53602f91d00302ec
                      • Instruction Fuzzy Hash: 27017C30E182589FCB18DF56D8809EEBFF1BB89210F00846AE851F7362D6359800CF94
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E46F9 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bf7ffc3d02e5c33f4f9e4df8f7663064931e5348af752d7bd27bd6f945fbfcb1
                      • Instruction ID: cfe0ba1c87d46b73413bf93f546e7aae95905bd6c3ce6a7fc2f528c0ee0f4937
                      • Opcode Fuzzy Hash: bf7ffc3d02e5c33f4f9e4df8f7663064931e5348af752d7bd27bd6f945fbfcb1
                      • Instruction Fuzzy Hash: A201DA70C00219DFDF58DF5AC9443EE7AF1BF49364F148565E424AA290D7744A81CFD4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ED6A7 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1da4ced98479291dd3de4058dba0df499bef55d6b65a6ab2645399dfc650d4ef
                      • Instruction ID: 82475a2e9c59f8ea585676f200249328ce237c92a57e5c97be5c0cf918fddce3
                      • Opcode Fuzzy Hash: 1da4ced98479291dd3de4058dba0df499bef55d6b65a6ab2645399dfc650d4ef
                      • Instruction Fuzzy Hash: 88F04F317007148FCFA99B68C854A5AB7E5AF45604F09806ED45DC7761CA36E844CB85
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EF200 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e1d360d82a730f6bd6cd02b8850dbe2300b6a3a9692a8d7415df523322e7b8f7
                      • Instruction ID: 92abb25707acea41a1550ae16c4f93c24aaf03736ce97e30d7c109b0ca386c15
                      • Opcode Fuzzy Hash: e1d360d82a730f6bd6cd02b8850dbe2300b6a3a9692a8d7415df523322e7b8f7
                      • Instruction Fuzzy Hash: 0CF03C719106099FCB04EE65C8948DEBB79FB89350F048619E9056B344EAB0AA89CBE0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EFEF0 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b66cbc2dc6d8622a467ab6723769b8a71fa2300eb6c008ff16db169a8b43896d
                      • Instruction ID: 14b1b0e3f85bb79cc97e6cbebb5bfa05531aae1d4dde12b24c7fc4f7827c1530
                      • Opcode Fuzzy Hash: b66cbc2dc6d8622a467ab6723769b8a71fa2300eb6c008ff16db169a8b43896d
                      • Instruction Fuzzy Hash: A2F0E5713042102FAB49A65E885087BFFAEDFDA610354803EE509C7241DE204C0AC3B1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0123D76C Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416224035.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_123d000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2d4a4779ac6075a070d4df115a98a93f079fc7ebb1028af798108c566b9b9da9
                      • Instruction ID: 45f7fe1949df16eec51e58489a7e0eae6284c9f58b12c97ef6d64003cb211a0d
                      • Opcode Fuzzy Hash: 2d4a4779ac6075a070d4df115a98a93f079fc7ebb1028af798108c566b9b9da9
                      • Instruction Fuzzy Hash: B1F096B14043889EE7158B1ADCC8B62FFA8EF85734F18C55AEE484B286C3799844CA75
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E4790 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 26481c387b453906079ce9486bfc578c17b1b0695744ac8e67806ee86c2209a2
                      • Instruction ID: 43c56a81098f7a5806782348c62084a4c6f4c21f94f87fdacfeeb0a5efeafe87
                      • Opcode Fuzzy Hash: 26481c387b453906079ce9486bfc578c17b1b0695744ac8e67806ee86c2209a2
                      • Instruction Fuzzy Hash: 4AF0A0B7B001245FE308DAAADC84EBBA7E9FFCC630725843AE508D7310D934CC0182A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E93D4 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 296ac5e482587adfe38e4c2ad0ba32be6086b68990b55478342e8cd05fd6514e
                      • Instruction ID: 42499e38647013ddc0dd513f4faf4d3d1968d817bbfc972ba2fae4f955732a2f
                      • Opcode Fuzzy Hash: 296ac5e482587adfe38e4c2ad0ba32be6086b68990b55478342e8cd05fd6514e
                      • Instruction Fuzzy Hash: 65F04971D501098FDB90DF78C8427ADBBE0FB04301F4489BAE418D3251EA389A059B80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E91A8 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 34a1cff841c99093f73821f034875a7a6ff5e9521795945724229dce54acdb32
                      • Instruction ID: 04bc6af30309998f644c680c96a86661a18e242e9589a868eec925d213c94ca4
                      • Opcode Fuzzy Hash: 34a1cff841c99093f73821f034875a7a6ff5e9521795945724229dce54acdb32
                      • Instruction Fuzzy Hash: 13F0C9316047404FCBA8D61D59806A2BBE7FBD6210F08C82BD88D83340EF20A848CB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EFCFB Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 41924eef7e73c9c10ecdcaf9e07e855c9d0a5e44db2c3f0f13d862d5804e75e6
                      • Instruction ID: 7842e6fe8e978b2ca3d5a79c7fb544361feb8c15572e28ed5e30a635533686d3
                      • Opcode Fuzzy Hash: 41924eef7e73c9c10ecdcaf9e07e855c9d0a5e44db2c3f0f13d862d5804e75e6
                      • Instruction Fuzzy Hash: 86F0B4342453054FEB166B389D217563BE9FF42240F4545AAC686CB5E6DE24DC41CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E4700 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f5aa4a731502b639fdc48355b7d7af862383dc48bb5151c33c5033fd0ecb58bb
                      • Instruction ID: d596f6878dc5fc048e5e0caccfc830e51d6a8230e93f2da96bb8b20b3bdb7001
                      • Opcode Fuzzy Hash: f5aa4a731502b639fdc48355b7d7af862383dc48bb5151c33c5033fd0ecb58bb
                      • Instruction Fuzzy Hash: 5401FB70C00219DFDF58DF6AC9043EEBAF1BF49360F108665E424AA290D7744A81CFD4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E47A0 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0643526ef3f36635b657bf787de81b6096475ad547ec85f3cfd569473d8f81ad
                      • Instruction ID: 76af5e30859800fe3456a4c7dbbc16d8ab9ed7db7c8351af2b513394164ae87a
                      • Opcode Fuzzy Hash: 0643526ef3f36635b657bf787de81b6096475ad547ec85f3cfd569473d8f81ad
                      • Instruction Fuzzy Hash: 1EE06D727001286F9304DAAEDC84C6BBBEDFBCC670361807AF508C7310DA319C01C6A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E5AF9 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1153cc4b8f7da3d46a9e7135a2622a5377c7535c428973cc5407fe1f409bebce
                      • Instruction ID: acd6dedc298e5d4314b2570f60fad05299bec497604cfd8985405bef4a9933eb
                      • Opcode Fuzzy Hash: 1153cc4b8f7da3d46a9e7135a2622a5377c7535c428973cc5407fe1f409bebce
                      • Instruction Fuzzy Hash: 4BF04939F001288FCF14EB68E5889DCB3F9FF88615B198194D806BB360CB31AD05CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ED6B8 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 881358712ec8b50e0bf097e51aec0073a4119d4787e8f7054e09a44cce0cbcf9
                      • Instruction ID: 5058c1c4976397405f5eb978e35d7d0ba4fc55e50946a848f5a993bf482626b3
                      • Opcode Fuzzy Hash: 881358712ec8b50e0bf097e51aec0073a4119d4787e8f7054e09a44cce0cbcf9
                      • Instruction Fuzzy Hash: B7F05E30B007208FCFAC9B69C458A5AB7F5BF45614B08806ED45ECB761CE32E840CB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EAE90 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a2f382b86905952607ab02b38a75c63025ecff2a305185415ecdfc3bace9056c
                      • Instruction ID: bb0d470450732a566de7929173ed9f17f952a23dcd74a171493b23d1dee45b8a
                      • Opcode Fuzzy Hash: a2f382b86905952607ab02b38a75c63025ecff2a305185415ecdfc3bace9056c
                      • Instruction Fuzzy Hash: F5F0A73292D7E44FD757977898589917FB8AB03211B0B48E7E095CB053C264AC44C7A6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E93D8 Relevance: .0, Instructions: 30COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 20a5b013cb963fcb123c878c12a6cf4f6cecb032505387897b0fd2bf6522013d
                      • Instruction ID: 73358490bfdcfb9b30a5b6083e48f2cbb761f8af6c746a2d49ba33bc275bc641
                      • Opcode Fuzzy Hash: 20a5b013cb963fcb123c878c12a6cf4f6cecb032505387897b0fd2bf6522013d
                      • Instruction Fuzzy Hash: 43F03A75D102498FDB90DF78C8417AC7BF0FB04301F4489B9E419D7652EA38AA469F80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EADC1 Relevance: .0, Instructions: 30COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 38acee073669a09b8931c5e7c964934b1e2598f7aa5fd9b2fd16c9af58aaa0a0
                      • Instruction ID: ae1b16100c7a880ab3cb6e758fba87a923712e0b1893c13333182e1ae52b9af0
                      • Opcode Fuzzy Hash: 38acee073669a09b8931c5e7c964934b1e2598f7aa5fd9b2fd16c9af58aaa0a0
                      • Instruction Fuzzy Hash: 91F03071D1024A8FDB50DF68D8867ACBBF0FB04304F5489BAD019D7291E738D6468F80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E6715 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a0a5f3a01c2f328a20b747f116798c10989108a0d7e241f835e80c353367ce39
                      • Instruction ID: 64b29c582046fdce6ccfc1406dcc6da5e235518453b996ed27893f5d6cbc753d
                      • Opcode Fuzzy Hash: a0a5f3a01c2f328a20b747f116798c10989108a0d7e241f835e80c353367ce39
                      • Instruction Fuzzy Hash: F2F03070E0020A8BDF58AFB5C4597AD7AA2BF94794F108829C015A7284DF748945CF96
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E5358 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e520c0758a459146eea4617acc4f133f16acf18ebcd70a2088fc69890edf85c5
                      • Instruction ID: dceee1244e41c6cd03d3042db516248be821ce4cc52c5c89f668f4680742e5bd
                      • Opcode Fuzzy Hash: e520c0758a459146eea4617acc4f133f16acf18ebcd70a2088fc69890edf85c5
                      • Instruction Fuzzy Hash: 56F0A7343157408FC714DB29D884C49BBB6EF8B610B6542AAE009CB336C671DC02CB40
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EFD91 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 88eaf9a1fc36234f998e27c4c39138f2fb6c38b012702b4e241f22057207ae59
                      • Instruction ID: 003e5bd79bbd442a6e02f93c182d68bd5a63b26d7673a1827fe32fc315c559a8
                      • Opcode Fuzzy Hash: 88eaf9a1fc36234f998e27c4c39138f2fb6c38b012702b4e241f22057207ae59
                      • Instruction Fuzzy Hash: 9FE092A17057951FC74626B85C1176B3AD69BC6796F16006AD782DB3C3EC618C0543E1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EEA40 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 18433a326a72226a6dde2bb75b0e877ccff8f64931121d675326bdd461869f51
                      • Instruction ID: 05f17c01070ee910671e0cc4ddb2f03f17b0e8aa81b2fc04eb7a2107f7dcfe52
                      • Opcode Fuzzy Hash: 18433a326a72226a6dde2bb75b0e877ccff8f64931121d675326bdd461869f51
                      • Instruction Fuzzy Hash: 89F0A7329A4A08CFC700AF78E40966CBFB0FB11615F44079AE4499B662FB26D5E8D741
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8550 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: df2ebadaeec238088e0eadc1754e325322fbbdb9e97f117762577ece9b62301f
                      • Instruction ID: 7b2ef36a055249df1507806257a249e4ff8eb7340eb0bcc2759beb87bbed080d
                      • Opcode Fuzzy Hash: df2ebadaeec238088e0eadc1754e325322fbbdb9e97f117762577ece9b62301f
                      • Instruction Fuzzy Hash: D3E04F72F102156F9F88DEA98C418AFBAEEDBC8150F1080BAD419D3250FE309D028790
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EAE38 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1036fc46fa8261d892992e3f4ffffab86d239f81f0a85a3fd4dece0b33ef5791
                      • Instruction ID: 645ef8e1c3319b1d89a066046210ba9698868d0b344b9f2c076d11169465fd0f
                      • Opcode Fuzzy Hash: 1036fc46fa8261d892992e3f4ffffab86d239f81f0a85a3fd4dece0b33ef5791
                      • Instruction Fuzzy Hash: 33E09B336D452587CB10DBDAF8C147573B8E7449653188596E50CDA918D2B3D8D3C7C0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EFF00 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8789654112934a892372a0b4b128e3a78e2a38fc90c4178818bc3be756dab595
                      • Instruction ID: 613332c6e40bfad3a223c6262e8675bbf73870b21afdd87527339281f73231e0
                      • Opcode Fuzzy Hash: 8789654112934a892372a0b4b128e3a78e2a38fc90c4178818bc3be756dab595
                      • Instruction Fuzzy Hash: 7EE0ECA23045142B1A48E55EAC9097FE6DEDBD9961354803EB60DC7350DD619C4682B5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E5368 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fadfc4d4ac3189efde0101043c8f84d23cd54b74f419c93b8211e0f4d6a4f2d6
                      • Instruction ID: 04dc04057c89ac5fad76d13e8d2a53afb3367c41aaed1f85c89aae3c3a8bd843
                      • Opcode Fuzzy Hash: fadfc4d4ac3189efde0101043c8f84d23cd54b74f419c93b8211e0f4d6a4f2d6
                      • Instruction Fuzzy Hash: 5CE012353106148FC758EB2ED444C59B7EAEFCAB2576542AAE109CB375CB72EC01CB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E085E Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b76efb86478ed585aa3c42f5ad032f6160e85d6d8c10c8dcfeb221de0f3c143d
                      • Instruction ID: af84a0a2cc9eee53dcfa0a20d3ddc03adbca27cd2f334ca635cec8dca3e766e3
                      • Opcode Fuzzy Hash: b76efb86478ed585aa3c42f5ad032f6160e85d6d8c10c8dcfeb221de0f3c143d
                      • Instruction Fuzzy Hash: 5DE0E535B141049FDB08CF9DD884DAEB7F5FB8C224B2180A9E619D7361E631AD05CA90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EE270 Relevance: .0, Instructions: 24COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a48d9119f37b955c40551e27f0f7a488e995d1bdc3adddad06fb5f3cdf3f161
                      • Instruction ID: 3918da5f212b4c2ffd3cb0cfebda59f47037eb5c0e7c496e2c1b7c95bf85eb30
                      • Opcode Fuzzy Hash: 8a48d9119f37b955c40551e27f0f7a488e995d1bdc3adddad06fb5f3cdf3f161
                      • Instruction Fuzzy Hash: D6E0C2327609130BCA6CA91DDC00A6E729FAFC9A21B1840F6E008CB752CD21CC0243D4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E9B90 Relevance: .0, Instructions: 24COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7df691d4a5ec607218826e7bc148c7c3578d8f3eb10beef75a156563e1690fc9
                      • Instruction ID: a21d67241a9181e6662c7b4ffe8fb40c3bc32725f58fdfc428da661c8ee14543
                      • Opcode Fuzzy Hash: 7df691d4a5ec607218826e7bc148c7c3578d8f3eb10beef75a156563e1690fc9
                      • Instruction Fuzzy Hash: 3EE020327006114BC624D61EF840D4FE6DDFFC0320F548B2AE016DB364CBA06D0983D4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E84FE Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6fbde5b88a1b173ddfc379990ad9df6d1d8452942697bd09fe863786894af598
                      • Instruction ID: dcf169751d0fd810b8d17ae1e15d047c306d1c5396c7bae50b3e891d832738d5
                      • Opcode Fuzzy Hash: 6fbde5b88a1b173ddfc379990ad9df6d1d8452942697bd09fe863786894af598
                      • Instruction Fuzzy Hash: C6E09A72E5022CDADF58AB90E5087EDBB75FB4431AF200413E155B1540C7360580CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3D58 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a5a0446b4c8112108b1b354a542bd1ce39b02143d37f19aba7a7e780e6f57e94
                      • Instruction ID: e13c540633a9fa1fb9aeaa37863d4714dd34baa7d0de5e74e4762ceda9a0af3c
                      • Opcode Fuzzy Hash: a5a0446b4c8112108b1b354a542bd1ce39b02143d37f19aba7a7e780e6f57e94
                      • Instruction Fuzzy Hash: 27E06D70910209EFCB00EFA5EA4565CBBF9EB49600F504664E8049B354DB356E05EB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EFDA0 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aaf2b84522c865c85411f4532f2b91d85052ef5b0f28614ca9cb9b2833092ca0
                      • Instruction ID: 898b7a3909242c53b21fd360851552d866dd055b7f78b15313830c1ce5412fa1
                      • Opcode Fuzzy Hash: aaf2b84522c865c85411f4532f2b91d85052ef5b0f28614ca9cb9b2833092ca0
                      • Instruction Fuzzy Hash: 32D0A7A174122A17C68836BD6816A6F35CFD7C9B65B10003AE707D73C5DCB1CC0603E2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E0870 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d5b46ba21b65fd8478520a941fabd51796e1c6767794d826ad79330e44e800e0
                      • Instruction ID: bec58f782b34e7d40dd408ec2cdd318cd9648e2f5d40f5525c51b625d9fe4bbd
                      • Opcode Fuzzy Hash: d5b46ba21b65fd8478520a941fabd51796e1c6767794d826ad79330e44e800e0
                      • Instruction Fuzzy Hash: A7E01A75A00500CFCF18DB18E88DA9DBBB4FF85711B5142E9E5169B2B1D7319805CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ED7ED Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1f308ec646dde7ef4a7ecada9b9f8031b4f506a80d84279441881cbd78730241
                      • Instruction ID: 6b503bd4d3313470779d80dabeb740db2d20391354aa02bbc752c87e40b25e4b
                      • Opcode Fuzzy Hash: 1f308ec646dde7ef4a7ecada9b9f8031b4f506a80d84279441881cbd78730241
                      • Instruction Fuzzy Hash: 0CE092B1505295DEEB459B21D85432A7BF3BF81354F604749C4225B1C2CB702941C792
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E9E10 Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d034df1a5aaa26c6f33ed2aec9d76dade3021848d653d837e134d098cbc99b70
                      • Instruction ID: fd1b7a24d9262ec4cbe32dbdd3b13ed9664e37cbdc6c4033b213882f73d8ba4b
                      • Opcode Fuzzy Hash: d034df1a5aaa26c6f33ed2aec9d76dade3021848d653d837e134d098cbc99b70
                      • Instruction Fuzzy Hash: 4FD0C272B09D620FCA8F26641C251AC2B152BA2400706009BE865EB792EE180E1683DE
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E3D68 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2f85b0014a9b4f9e902bda71c2a55e09c9c70868d8f5b8cff489b4b2a860a295
                      • Instruction ID: 929ef01a38b8a967b3ac4e5706ab0c3fdd890aea78c412a82663c2c3514afc79
                      • Opcode Fuzzy Hash: 2f85b0014a9b4f9e902bda71c2a55e09c9c70868d8f5b8cff489b4b2a860a295
                      • Instruction Fuzzy Hash: 0CE0867091020DEFCB00EFE6EA4186CBBF9FF45200B104664E80497348DB316F00EB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E7D10 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: febf502947f93821d30418d3e0861719f2ea576239bf41a62f6f16978d680b12
                      • Instruction ID: 2bffdba1762a0bab067c24a3aec8e7175bf4a956af42fa80a373a2120926d23b
                      • Opcode Fuzzy Hash: febf502947f93821d30418d3e0861719f2ea576239bf41a62f6f16978d680b12
                      • Instruction Fuzzy Hash: CBE0EE39010209DFCB459F90C948C647BAABF48304705C0A6E5064B226CB32E9A1EF40
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EEA78 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ab9d8d1a3cf5ed1f2f359c558cf29e509c4d487897f949001578b3380dfd9859
                      • Instruction ID: 9a2a19dd7f2b1b597b44c24a6de393169cb686dfff1caea637a0ce25ded689c1
                      • Opcode Fuzzy Hash: ab9d8d1a3cf5ed1f2f359c558cf29e509c4d487897f949001578b3380dfd9859
                      • Instruction Fuzzy Hash: 85E08631198B448FD301DF38D85E5247FB4BF02604F4901D5D045CB233E621D954D791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E9E20 Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0ecb9eb0c0b3f475fbb1a4d1ca9144e9484e03b37e5b4cb4ddc020572ea84b0e
                      • Instruction ID: 641438428f579674a0677133cc7f8798300fe3b2f5c9f65c68df7067c080404f
                      • Opcode Fuzzy Hash: 0ecb9eb0c0b3f475fbb1a4d1ca9144e9484e03b37e5b4cb4ddc020572ea84b0e
                      • Instruction Fuzzy Hash: 1DD02232300C36034DDE3A586C212BC764D6BC1810B800029E52ABB680CE481E0283DE
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EAE8B Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3146352fb37fdda197c733bbc179cfa2a9bd55b6627f33a559254196ce05383c
                      • Instruction ID: 2e3a3df4b16d0efdac65f3467d375807dd0213e72ceda5ff971916d9383b8c58
                      • Opcode Fuzzy Hash: 3146352fb37fdda197c733bbc179cfa2a9bd55b6627f33a559254196ce05383c
                      • Instruction Fuzzy Hash: 38D05B32D105759FDB64A759D548B90F7ADF700321F464455E455A7104C7F0FC844BD5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EEA88 Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 75e64d90e2a349935b5aad45eab512e853251b6b6b3113870c09017d611fcddf
                      • Instruction ID: 8a4c6bc712a18674441623add5b988f37ac4bcb4838a997c8a34ad1facadd997
                      • Opcode Fuzzy Hash: 75e64d90e2a349935b5aad45eab512e853251b6b6b3113870c09017d611fcddf
                      • Instruction Fuzzy Hash: 99E0EC31CA061CDECB94EF75E54949E7BF8BB15211F40C52AE80D9A100E631D2D8CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8308 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e29696689ecf1c2064a12971bae7dd067d8c791a463c3069838186deebc9f91b
                      • Instruction ID: 6e04ea37e472cdcca796723c5fc14552387af81344b89ea99a4f09554f6b5b87
                      • Opcode Fuzzy Hash: e29696689ecf1c2064a12971bae7dd067d8c791a463c3069838186deebc9f91b
                      • Instruction Fuzzy Hash: 69D0A7305A4A08CFC300FF3CD88A825B7F4FF45704B011A95F206A7236EB20F844C645
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EEA87 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0204b702a612a44fd583478f059cab2f50729889851d8259523154a80acbe31b
                      • Instruction ID: 78380648c5514bdac761e04c104544c71b199dc5b6d743dd5ce15eb61544e5b2
                      • Opcode Fuzzy Hash: 0204b702a612a44fd583478f059cab2f50729889851d8259523154a80acbe31b
                      • Instruction Fuzzy Hash: 2CE0EC72CA061CDECB80EF74D94959D3BF0BB55311B00C92EE81DDA100F635C2948F41
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA370 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5aeaf1a5e694fbcd333cb10fdb829a7643e016dbd1ecf5d508a692ab34bc6086
                      • Instruction ID: cefb5adbe545a1f4f742b440bb7607f343dfa129a34eb33058a102677062baec
                      • Opcode Fuzzy Hash: 5aeaf1a5e694fbcd333cb10fdb829a7643e016dbd1ecf5d508a692ab34bc6086
                      • Instruction Fuzzy Hash: 82D0C932180208BBDB41BF80DC12F8A7F29FB447A0F548458F6044E562D777E567AB84
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E8B18 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a9a8c298d3aa02c9d8febeeb9e4535553575cd475c48f9e9e9a2d1dac163839e
                      • Instruction ID: d7db63b3d4d61d3741dc1b1fd31ae188f3c3979f5fa5995196df99ddb8b8b234
                      • Opcode Fuzzy Hash: a9a8c298d3aa02c9d8febeeb9e4535553575cd475c48f9e9e9a2d1dac163839e
                      • Instruction Fuzzy Hash: 3DD012365941089E4FC4EED5EC40D5277DCBB647107409462F508C6420E722E4B4EB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E6788 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d95e87070e104c4e690cb83ae8c2f71a96b11459dfa2fbf21a8beecee366ef64
                      • Instruction ID: 14b9ae22fd0e39da4f3329ceb3a2e50b2fb72710fe4484e6ad1766ffd56c1271
                      • Opcode Fuzzy Hash: d95e87070e104c4e690cb83ae8c2f71a96b11459dfa2fbf21a8beecee366ef64
                      • Instruction Fuzzy Hash: 5FE0E279960109CFDB44CFA4D599AADBFB1BF0C310F208419E002A7261CB349804CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA093 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 837ca12a383d83ba5705a08f7c1e7e1c09ad47ecf2f66df45999068206493e04
                      • Instruction ID: 9aed0783964328507740c7c47aa7199786b8183d72ad3da4b611d5c32b1516bb
                      • Opcode Fuzzy Hash: 837ca12a383d83ba5705a08f7c1e7e1c09ad47ecf2f66df45999068206493e04
                      • Instruction Fuzzy Hash: 4BD0C936280308AFEB80AF90DC81F96BB29AB48750F509054FA184B251C672D9A7DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065ED9FB Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bd3deaaab04853f49e097277db495746a8da01e41566308631cbbc195caf7201
                      • Instruction ID: c217700e0db8b4caaaa3eecd57a2c4b126d65098e46c9f6078ab312b686adf5b
                      • Opcode Fuzzy Hash: bd3deaaab04853f49e097277db495746a8da01e41566308631cbbc195caf7201
                      • Instruction Fuzzy Hash: F7D022A6A8004017F308C164AC4A75C2BC7C7BC108F0C8070E20694141E43C8197C096
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E89C0 Relevance: .0, Instructions: 12COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c82592505a84c28ee7996e768e2d27f61ff3e7ff8edf9bb9166267f596b5cd3e
                      • Instruction ID: d2bcb85a783f7559afb3bd0a85688399c58fd1c77ff5c6c06ce7eee933e1225b
                      • Opcode Fuzzy Hash: c82592505a84c28ee7996e768e2d27f61ff3e7ff8edf9bb9166267f596b5cd3e
                      • Instruction Fuzzy Hash: F6B09B2131523513DA4C719D64106BD728E47C5574F40006B951D97741DCD69D4103DA
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E65F0 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7ed0c330f01beb5da715de2b932acd6776673a52e6d243d03610b991bf7e3dc1
                      • Instruction ID: a49211ebf553ec9bf10dd59b89d298dc2ab6fb4b69e7555b8c6c74afec819c90
                      • Opcode Fuzzy Hash: 7ed0c330f01beb5da715de2b932acd6776673a52e6d243d03610b991bf7e3dc1
                      • Instruction Fuzzy Hash: 60D0923046532A8BCF10EF59E89E64C3B21F742220F508B15D422A22AAD7744656CA95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA0A0 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 466a841258e6346c33fc933c98ca138507ccb066a0d4d4c6b13ab49742cafa35
                      • Instruction ID: 7942e7a3866f2da97111edb8bc51fc15939b98f4a789300b646bd499e03039b5
                      • Opcode Fuzzy Hash: 466a841258e6346c33fc933c98ca138507ccb066a0d4d4c6b13ab49742cafa35
                      • Instruction Fuzzy Hash: 72C01236240308AFDA80AE94CC00D56776DAB48A10F909040BA080A201C272E8629BA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EA380 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 889c5073bed39bac7a533f2add6e236652ffa4e1572bd3dd5449f9517381ad9c
                      • Instruction ID: d425573a0026706e24cb47df29f1a8a8f076dc3433ac73912cca2da5708be441
                      • Opcode Fuzzy Hash: 889c5073bed39bac7a533f2add6e236652ffa4e1572bd3dd5449f9517381ad9c
                      • Instruction Fuzzy Hash: 7BC00232144208BBCB426E81DC01E59BF2ABB59694F548055F7140E561D673E562ABD4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EC890 Relevance: .0, Instructions: 9COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5a00516ed288fbf2b469c9618eb62f5420b32b1c34781b2d1c23dc10ae46f629
                      • Instruction ID: 85cd5c8d040717d39c7fc93d2bc728e97e1c2e1c8ba2bb7e5b4336e59afe3dac
                      • Opcode Fuzzy Hash: 5a00516ed288fbf2b469c9618eb62f5420b32b1c34781b2d1c23dc10ae46f629
                      • Instruction Fuzzy Hash: E8B01206040C1423DAC4E1448C13FDA056CF381332FE420C17014C3285D10D800C1311
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E0D60 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b38b23abe45ed4af89176844e81cf1842ea2d8aa17d8bd66d0b00b7ee755c346
                      • Instruction ID: caf59a5c8b41708ec8514f39ef8b6c70ccfba181201cf27378326ec6bad3910b
                      • Opcode Fuzzy Hash: b38b23abe45ed4af89176844e81cf1842ea2d8aa17d8bd66d0b00b7ee755c346
                      • Instruction Fuzzy Hash: 0CC09BBB950140FFD7057B50DC08F147A51F77D304F8AD244D04576130D725D119D710
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Non-executed Functions

                      Function 02C5B1A0 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: \Vl
                      • API String ID: 0-682378881
                      • Opcode ID: 053504cb39313048c727a05f70d8cb3baf3f812bcab06e5941316a1416b11366
                      • Instruction ID: a1165cf2ff33d6d3cc8782fdec7e69ac5787dc147fd9e8ca1d5eab33c6a6f946
                      • Opcode Fuzzy Hash: 053504cb39313048c727a05f70d8cb3baf3f812bcab06e5941316a1416b11366
                      • Instruction Fuzzy Hash: 7A915270E002599FDF14CFA9C9857DDBFF2AF88308F148129D819A7258DB34D985CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5D600 Relevance: .3, Instructions: 315COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6fa574406dbad400545304cef5bc6c31d53c48d6a1cc232f54fb8ccbdac26264
                      • Instruction ID: 0b79015351ac12a82961c7ccc56496911de434e17288c8291b34fa0bda757526
                      • Opcode Fuzzy Hash: 6fa574406dbad400545304cef5bc6c31d53c48d6a1cc232f54fb8ccbdac26264
                      • Instruction Fuzzy Hash: AF1287B0CD1746CAD714CF66E9CC18A3BB1B742318BD04A0AD1652B2E9D7B615EBCF44
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E4DA7 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d0b7283581e7d7fcb8c7d220e8f5fa32d1095b2ad2cbc7637209ebeceb6ca7d8
                      • Instruction ID: 294ee3c1344dc640bb5ffeb0fed43ac9b396787f6142f2ecd14602862b7a28b7
                      • Opcode Fuzzy Hash: d0b7283581e7d7fcb8c7d220e8f5fa32d1095b2ad2cbc7637209ebeceb6ca7d8
                      • Instruction Fuzzy Hash: 51D1E835C2065A8ACB11EFA5D994A9DB7B1FFD5300F10879AE0097B254EF706AC9CF81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065E4DB8 Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 364f706f856ceafeba6555cd4757469b2e1e92790d8e556990f4f9d606dfafee
                      • Instruction ID: 4c0d730f3f14ef0df245a50a91c8fe49f85185a6df2b82ed2d166a4ec0ae0446
                      • Opcode Fuzzy Hash: 364f706f856ceafeba6555cd4757469b2e1e92790d8e556990f4f9d606dfafee
                      • Instruction Fuzzy Hash: 9ED1F835C2065A8ACB11EFA5D994A9DB7B1FFD5300F10879AE0097B214EF706AC9CF81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 02C5D5EF Relevance: .2, Instructions: 222COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4416506691.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_2c50000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: eb718948bce2c189676996599461cd742bea23ccaf03c95b5bec5ad91f9a7038
                      • Instruction ID: 05fcf572b2ea0078c9d62d8b87caf9edec82d7614a8df1b7819998910c8f87d4
                      • Opcode Fuzzy Hash: eb718948bce2c189676996599461cd742bea23ccaf03c95b5bec5ad91f9a7038
                      • Instruction Fuzzy Hash: 5BC1EAB0CD07468AD714CF66E8CC18A7BB1BB86314FD04A0AD1616B2D9DBB614EBCF44
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 081B5110 Relevance: .2, Instructions: 211COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4430953881.00000000081B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 081B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_81b0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7e20adbb5cfe45c619a97f72ffe5480ee58ff9a460bd05b6201e377df6bbbbe1
                      • Instruction ID: 69a16052fed609600645c63a9d63ca08dfe94de5d98a729ff3fb7bfe398c03b7
                      • Opcode Fuzzy Hash: 7e20adbb5cfe45c619a97f72ffe5480ee58ff9a460bd05b6201e377df6bbbbe1
                      • Instruction Fuzzy Hash: 4181A372D00A0ADBCB14DFA5D8402EDF7B2FF84340F15C13AD465A7658EB799A5ACB40
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EDFD8 Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4']q$4']q$4']q$4']q$4']q
                      • API String ID: 0-4248691736
                      • Opcode ID: 864aa96cff038ff398b6fa8efcb38d97c95a6874ac71be19d7adf68e9ab79da5
                      • Instruction ID: ab84fdb5ede5c494b79136afb0eb8ea166779bfd15baf69031bc0b5abe43819b
                      • Opcode Fuzzy Hash: 864aa96cff038ff398b6fa8efcb38d97c95a6874ac71be19d7adf68e9ab79da5
                      • Instruction Fuzzy Hash: 4A319530B0010A9FCF0CEF79D5905AEBBB6FF81604F108579C1559B2A5DF359A06CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 065EDFE8 Relevance: 6.3, Strings: 5, Instructions: 62COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4426164306.00000000065E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_65e0000_ziprar.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4']q$4']q$4']q$4']q$4']q
                      • API String ID: 0-4248691736
                      • Opcode ID: a8cdd8f06fc460beb9e76f3746a44ae4ca180963967806b331f2470898015383
                      • Instruction ID: 03d90c36640a913c586a81afb684c4bf22ccdde9fa7de4b05f7d81e8d5c42cf3
                      • Opcode Fuzzy Hash: a8cdd8f06fc460beb9e76f3746a44ae4ca180963967806b331f2470898015383
                      • Instruction Fuzzy Hash: 33214570B0010E9FCB0CEFB9D5909EEBBB6FF81604F11456981456B2A5DF346A09CB91
                      Uniqueness

                      Uniqueness Score: -1.00%