Edit tour

Windows Analysis Report
mkcert.exe

Overview

General Information

Sample name:	mkcert.exe
Analysis ID:	1411165
MD5:	7cc2b35154e9569269a8c5cd5c25f414
SHA1:	ac6051394348ab5ff9d29c27a33750ead25493c3
SHA256:	3ed7944368bb86402333fc360415c763b7924179601db092cca8009b45cfe0b7
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Tries to load missing DLLs

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64native

mkcert.exe (PID: 5300 cmdline: C:\Users\user\Desktop\mkcert.exe MD5: 7CC2B35154E9569269A8C5CD5C25F414)

conhost.exe (PID: 2856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Sigma Signatures

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\mkcert.exe, ProcessId: 5300, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4agtt0c.k02.ps1

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://pesterbdd.com/images/Pester.png

Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: mkcert.exe

ReversingLabs: Detection: 25%

Source: mkcert.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\multi-runner\builds\4N9zQf7c\0\emc\tools\mkcert\obj\Release\mkcert.pdb source: mkcert.exe

Source: mkcert.exe, 00000000.00000002.45465693897.0000000006542000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: mkcert.exe, 00000000.00000002.45465693897.0000000006542000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: mkcert.exe, 00000000.00000002.45470383068.00000000091C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: mkcert.exe, 00000000.00000002.45470383068.00000000091C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: mkcert.exe, 00000000.00000002.45465693897.0000000006542000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d8b920fd93066
Source: mkcert.exe, 00000000.00000002.45470383068.00000000091C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d8b920fd93
Source: mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: mkcert.exe, 00000000.00000002.45459917591.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: mkcert.exe, 00000000.00000002.45471004196.0000000009281000.00000004.00000020.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45465693897.0000000006542000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: mkcert.exe, 00000000.00000002.45471004196.0000000009281000.00000004.00000020.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45465693897.0000000006542000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0

Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_016B8580	0_2_016B8580
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_016BECB8	0_2_016BECB8
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_016B5B60	0_2_016B5B60
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_016B8580	0_2_016B8580
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AC3C00	0_2_07AC3C00
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AC3C10	0_2_07AC3C10
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AEEE72	0_2_07AEEE72
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AED868	0_2_07AED868
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AE15A9	0_2_07AE15A9
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AE15B8	0_2_07AE15B8
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF4098	0_2_07AF4098
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF6FA8	0_2_07AF6FA8
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF07C8	0_2_07AF07C8
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF4E38	0_2_07AF4E38
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF84A8	0_2_07AF84A8
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF5CC0	0_2_07AF5CC0
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF5388	0_2_07AF5388
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF7AA8	0_2_07AF7AA8
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF9A68	0_2_07AF9A68
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF9240	0_2_07AF9240
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AF1000	0_2_07AF1000
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B877D8	0_2_07B877D8
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B8E738	0_2_07B8E738
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B8DF48	0_2_07B8DF48
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B8A612	0_2_07B8A612
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B89335	0_2_07B89335
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B87B70	0_2_07B87B70
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B88900	0_2_07B88900
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B88D04	0_2_07B88D04
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B88CFB	0_2_07B88CFB
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B8F1F0	0_2_07B8F1F0
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B888F1	0_2_07B888F1
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07B90040	0_2_07B90040
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07ACD580	0_2_07ACD580
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07ACCE21	0_2_07ACCE21

Source: mkcert.exe, 00000000.00000002.45458850665.000000000141E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs mkcert.exe
Source: mkcert.exe, 00000000.00000002.45459917591.0000000003101000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs mkcert.exe
Source: mkcert.exe, 00000000.00000002.45459917591.0000000003154000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs mkcert.exe

Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: certpkicmdlet.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: certenroll.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: dsparse.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: ncryptprov.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: ngcksp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: pcpksp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: tbs.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: scksp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: credui.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: winscard.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: dssenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: basecsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Section loaded: cabinet.dll	Jump to behavior

Source: classification engine

Classification label: mal56.winEXE@2/8@0/0

Source: C:\Users\user\Desktop\mkcert.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mkcert.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2856:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2856:120:WilError_03

Source: C:\Users\user\Desktop\mkcert.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4agtt0c.k02.ps1

Jump to behavior

Source: mkcert.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: mkcert.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\mkcert.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: mkcert.exe

ReversingLabs: Detection: 25%

Source: C:\Users\user\Desktop\mkcert.exe

File read: C:\Users\user\Desktop\mkcert.exe:Zone.Identifier

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\mkcert.exe C:\Users\user\Desktop\mkcert.exe
Source: C:\Users\user\Desktop\mkcert.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\mkcert.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: mkcert.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: mkcert.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: mkcert.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: C:\multi-runner\builds\4N9zQf7c\0\emc\tools\mkcert\obj\Release\mkcert.pdb source: mkcert.exe

Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07ACA790 pushfd ; iretd	0_2_07ACA799
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AC852B push esp; ret	0_2_07AC8531
Source: C:\Users\user\Desktop\mkcert.exe	Code function: 0_2_07AC9CD0 pushfd ; retf	0_2_07AC9CD1

Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe	Memory allocated: 1670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Memory allocated: 3100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Memory allocated: 5100000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe

Window / User API: threadDelayed 9128

Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe TID: 8328

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\mkcert.exe

Code function: 0_2_016BE398 GetSystemInfo,

0_2_016BE398

Source: C:\Users\user\Desktop\mkcert.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FMSFT_NetEventVmNetworkAdatper.cdxml
Source: mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: mkcert.exe, 00000000.00000002.45470831762.0000000009259000.00000004.00000020.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45471004196.00000000092AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mkcert.exe, 00000000.00000002.45470831762.0000000009267000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-USn
Source: mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter

Source: C:\Users\user\Desktop\mkcert.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Users\user\Desktop\mkcert.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.CertificateServices.PKIClient.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.CertificateServices.PKIClient.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.CertificateServices.PKIClient.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.CertificateServices.PKIClient.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\mkcert.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.CertificateServices.PKIClient.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.CertificateServices.PKIClient.Cmdlets.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\mkcert.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
mkcert.exe	25%	ReversingLabs

Source	Detection	Scanner	Label
http://pesterbdd.com/images/Pester.png	100%	Avira URL Cloud	malware
http://www.quovadis.bm0	0%	Avira URL Cloud	safe
https://contoso.com/	0%	Avira URL Cloud	safe
https://contoso.com/License	0%	Avira URL Cloud	safe
https://contoso.com/Icon	0%	Avira URL Cloud	safe
https://ocsp.quovadisoffshore.com0	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/encoding/	mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nuget.org/nuget.exe	mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	mkcert.exe, 00000000.00000002.45462514529.0000000004177000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.quovadis.bm0	mkcert.exe, 00000000.00000002.45471004196.0000000009281000.00000004.00000020.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45465693897.0000000006542000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ocsp.quovadisoffshore.com0	mkcert.exe, 00000000.00000002.45471004196.0000000009281000.00000004.00000020.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45465693897.0000000006542000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	mkcert.exe, 00000000.00000002.45459917591.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	mkcert.exe, 00000000.00000002.45459917591.000000000325B000.00000004.00000800.00020000.00000000.sdmp, mkcert.exe, 00000000.00000002.45458850665.0000000001451000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1411165
Start date and time:	2024-03-18 17:24:26 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	mkcert.exe
Detection:	MAL
Classification:	mal56.winEXE@2/8@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 221 Number of non-executed functions: 15
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 72.21.81.240
Excluded domains from analysis (whitelisted): cp501.prod.do.dsp.mp.microsoft.com, dl.delivery.mp.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, tsfe.trafficshaping.dsp.mp.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: mkcert.exe

Simulations

Behavior and APIs

Time	Type	Description
17:26:29	API Interceptor	20x Sleep call for process: mkcert.exe modified

Process:	C:\Users\user\Desktop\mkcert.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 69211 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	69211
Entropy (8bit):	7.995787876711886
Encrypted:	true
SSDEEP:	1536:4vHkVfDISE//aDY0WAXTF+0daIpyFQaqPZkatNjgkFOE4/JZZWnEn6:4vHKfMSeKFXdBcmnXkksE40E6
MD5:	753DF6889FD7410A2E9FE333DA83A429
SHA1:	3C425F16E8267186061DD48AC1C77C122962456E
SHA-256:	B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
SHA-512:	9D56F79410AD0CF852C74C3EF9454E7AE86E80BDD6FF67773994B48CCAC71142BCF5C90635DA6A056E1406E81E64674DB9584928E867C55B77B59E2851CF6444
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF....[.......,...................I..................WR. .authroot.stl..L...5..CK..<Tk...p.k:.]...k..-.o.d.}.N.F....!.....$t)K."..DE.....v..gr...}?>.<.s..<...{.t..\F.e.F...8&.<..>...t8....`dqM4.y..t8..t..3..1.`\.:+.<].F...3.~.M.B.....J....PR.+..UUUV.GY...8...._vl.....H}.s.Pq..r.<.0.lG.C..e(..oe........9..'8..m.......G8T......sR..&=.J....s.U......#...).j...x.....gq.+.N:.Wj...V.t...(J.;^..Mr~e..}.q....q....eo..O.....@.B.S.....66.\|!.(.........D!k..&.. /.....H~.....}.(..\|.S..~8..A..(.#..w.Y.....'.F...y&.8......f..49r..N...(zX.0;.....000.3c)Z.v.5N'.z...rNFw,E.NY..#ua.o.$..Y?.-.=....}d...]......x_<.W....ya.3.a..SQT.U..\|!.pyCA..-h..Y..>n......^.U.....H...EY.\.......}.-(....h..=xiV.O.W@p.=.r.i..c...c....S.x.;..GWf...=.:.....S.c/..v..3.iG<.&..%...8..=}.....+.n\?0"A.Y%<......+..O. .9..#..>.....5.2.j.1<.Z.>v..j...wr.i.:....!...;.N[.q..z9j..l.R.&,....$.V...k.j..Tc..m..D!%....".Y.#V."w.\|....L\| ..p........w.=..ck...<........{s..w..};../.=...k....YH.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\Desktop\mkcert.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.1225101819215357
Encrypted:	false
SSDEEP:	6:kKuTN+SkQlPlEGYRMY9z+4KlDA3RUe1HEbpo:G8kPlE99SNxAhUe1HEVo
MD5:	6C39C2524399356A8174D7CDE3E19F7A
SHA1:	598D54B6D1AF98307609EBF72714BE36E47A5C1C
SHA-256:	B20D812F1D21CB35F7AAB8F99AC282B52AE37C63B95970372A0BE7D283B8F07E
SHA-512:	54FD9BE7DC8C3BBF331EB0FB03C0B1E03293A1EEBEDBE6053E93DBA150C7752729CC15720D61EC22D2786F18F50CFE39F9B7C2DA45DB53C40D4C75CFC044F034
Malicious:	false
Reputation:	low
Preview:	p...... ........v..cQy..(....................................................... .........;.i......(...........[...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".2.c.8.3.b.1.3.b.a.f.6.9.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mkcert.exe.log

Download File

Process:	C:\Users\user\Desktop\mkcert.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2966
Entropy (8bit):	5.303585162920836
Encrypted:	false
SSDEEP:	48:MxHK1BIYHKh6ozaAHKzI+6eQD3uMIHxz1O1jH8mHAHjHKo01OmtHoA+HKLHLHKgB:iq1yYqh6oRqzrFeeMIRxurgDqoI1tIAB
MD5:	6306BE02A4CEDE4AED4D14DD6BC98635
SHA1:	D2B77227A8456F18867F90DC6982A0FB33468E02
SHA-256:	4DDEA632DA01ACE841823DD12DF680AF30214DA3AF778BB0AB1E1F1C823A41FB
SHA-512:	C9E309563BA421B980CBA8495A100D1AFB8BB7A48EFF7399AB15BDCDEE3318E6272BC59D31D6EF0ED3538A081AE000D04AF1D69DCBD55C12BBD66E26A1D13DD7
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..2,"System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d5ca5c9d1\System.Xml.ni.dll",0..3,"Microsoft.PowerShell.Commands.Diagnostics, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P1706cafe#\ab1bd91f1c9c2bd87886ea6da1ed6ef7\Microsoft.PowerShell.Commands.Diagnostics.ni.dll",0..2,"Syste

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_epl2j0gi.api.ps1

Download File

Process:	C:\Users\user\Desktop\mkcert.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hxksep0d.1bn.psm1

Download File

Process:	C:\Users\user\Desktop\mkcert.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkfmsclc.hpv.psm1

Download File

Process:	C:\Users\user\Desktop\mkcert.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4agtt0c.k02.ps1

Download File

Process:	C:\Users\user\Desktop\mkcert.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

\Device\ConDrv

Download File

Process:	C:\Users\user\Desktop\mkcert.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	3.966738780375731
Encrypted:	false
SSDEEP:	3:TnkcUDhXVmkkcjbvjXmnN:TnG9lTkcjbvrC
MD5:	E1A2A30B577111376362C7F96460CC40
SHA1:	258C906AE8673573C100DC76D4BB626DB0DF38F5
SHA-256:	98D48458E25EEE1CEEEC693F29202733B590A4BA2B3CB76DFB6D7AF040E8387E
SHA-512:	59FEB0F08BA8614BA2B1C7764D97319B9B9FC7ED124CE7E1C7841453D28E0FCFCE8F03A18E1351815B3593CD3D9F377F479EDB2D60024684DE1DECE95C257BCA
Malicious:	false
Preview:	0EE2B3F9B153D807CCA729F5DB30AC534602C3E5..

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.726446878171124
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	mkcert.exe
File size:	10'240 bytes
MD5:	7cc2b35154e9569269a8c5cd5c25f414
SHA1:	ac6051394348ab5ff9d29c27a33750ead25493c3
SHA256:	3ed7944368bb86402333fc360415c763b7924179601db092cca8009b45cfe0b7
SHA512:	348f8ac6afd6f5c81af76ab562b2c65f3edb912c364dbe8c81e6e09688d8091396e16f0d3a5866514095772a8c363c3ad6a771e001fdbf22febb26d7b5d5f1c0
SSDEEP:	192:HKtUTv5X4KGlbLopgq2sZr5vPcee0wS2vBOpAZ:HKtIOPlfxq2sZ9vwOq
TLSH:	F522C512BBDC8B25F4FB9B751973661009B5FE618826CF1E6888118F1D33F408A93B72
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.#c.........."...0..............=... ...@....@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x403d06
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6323054D [Thu Sep 15 10:58:21 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3cb4	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x59c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3b7c	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1d0c	0x1e00	77a73dfb8369ac163f506fa5225a1851	False	0.447265625	data	5.104109378402394	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x59c	0x600	2ed99accee223b5e944a739170375ab9	False	0.4134114583333333	data	4.028127570279962	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6000	0xc	0x200	c88cc167fad9e35025b58283e21fbe86	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x4090	0x30c	data			0.4269230769230769
RT_MANIFEST	0x43ac	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Target ID:	0
Start time:	17:26:27
Start date:	18/03/2024
Path:	C:\Users\user\Desktop\mkcert.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\mkcert.exe
Imagebase:	0xca0000
File size:	10'240 bytes
MD5 hash:	7CC2B35154E9569269A8C5CD5C25F414
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	17:26:27
Start date:	18/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff621960000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	12.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.3%
Total number of Nodes:	482
Total number of Limit Nodes:	43

Executed Functions

Function 07ACCE21 Relevance: 2.0, Instructions: 2021
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87cbaf7c661a415edeb271c7562777eb35a9dda176e0907505b1e06a9add69e1
Instruction ID: 898cfd731800a36e1351b1c2723290a6a37d90003f0bc0eb43d4994627642c6f
Opcode Fuzzy Hash: 87cbaf7c661a415edeb271c7562777eb35a9dda176e0907505b1e06a9add69e1
Instruction Fuzzy Hash: 2A03F630B41314DFEBA9AB348C1576D76B2EB85705F2044BDE50AEA7D0DA7A9D82CF40

Uniqueness

Uniqueness Score: -1.00%

Function 016BE398 Relevance: 1.5, APIs: 1, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(9C90019A), ref: 016BE3FF

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: e8be74b2951bc14aa51b6d865a23fdff6b8f2fda71b88bf97c4b790b0cdc42c3
Instruction ID: 8ffe79e79a3939b1fff926d8b396b5cbed92e9c06627f8920a31abbb0d3e9f48
Opcode Fuzzy Hash: e8be74b2951bc14aa51b6d865a23fdff6b8f2fda71b88bf97c4b790b0cdc42c3
Instruction Fuzzy Hash: B811E3B1C006599FDB10CF9AD8847DEFBB4FB48314F10816AD518A7240C7796944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07ACD580 Relevance: 1.5, Instructions: 1482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68d7163243f3b8737e9bfccb5eb9b1a370c27a860b575e3b004633eb479aef62
Instruction ID: efdb2939dd66864caa8a99d30b7c1a26f9c371fde7a1a90fca9ac28047499767
Opcode Fuzzy Hash: 68d7163243f3b8737e9bfccb5eb9b1a370c27a860b575e3b004633eb479aef62
Instruction Fuzzy Hash: 8ED2E630B41314DFEBA9EB34881576D76B2EB85705F2045BDE50AEA7D0DA7A8D82CF40

Uniqueness

Uniqueness Score: -1.00%

Function 07B90040 Relevance: 1.0, Instructions: 1029COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676486dfc7c05dbf3791f32867757f1e03a532fcb5501ac7ba996279b1bb1b7d
Instruction ID: 23e3fb8e86b778bb2ace150486a4c272afa5f7db304eef2d2762c1f51011d34f
Opcode Fuzzy Hash: 676486dfc7c05dbf3791f32867757f1e03a532fcb5501ac7ba996279b1bb1b7d
Instruction Fuzzy Hash: 349280B4A00206DFEB15EF65D584AAE7BF6FF88300F1484A9E8169B394DB35DC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B8E738 Relevance: .7, Instructions: 722COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3ddef675a950c127bab16125e6fde3b281e318c12d1d53f6e9997f63ef9822
Instruction ID: 1ef48b9e9ed4ded0137dab342421ec372bb29e350d6383ca4587b0ecfdee67d3
Opcode Fuzzy Hash: cf3ddef675a950c127bab16125e6fde3b281e318c12d1d53f6e9997f63ef9822
Instruction Fuzzy Hash: 12529071A0061ADFDF61EF65C8406DEB7B2FF89300F1486D9E559AB150EB30AA86CF50

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4098 Relevance: .7, Instructions: 721COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cee8d37da3554a365a3b3a4725923e50df43b62e7c73110757fb097c7808b55
Instruction ID: 71cfeb36006051bc5aec6f4ae85cf94315f020f7fe53f29f88c707c4c0c62092
Opcode Fuzzy Hash: 7cee8d37da3554a365a3b3a4725923e50df43b62e7c73110757fb097c7808b55
Instruction Fuzzy Hash: 78420530741310DFEBA9EB748C11B6E76A3ABC5704F2448ADD516AF7D1DE7A9C828B40

Uniqueness

Uniqueness Score: -1.00%

Function 016B8580 Relevance: .7, Instructions: 706COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c995ba792e572f8b9089a038f7a8329b35f7c5e649183045d00b1db1596a8e82
Instruction ID: d8dbd2126a2c0399b993552fd086845381c38fd000e786b67e7613fe81e4eabd
Opcode Fuzzy Hash: c995ba792e572f8b9089a038f7a8329b35f7c5e649183045d00b1db1596a8e82
Instruction Fuzzy Hash: BD525D30A00209DFDB25DF68C890BAEB7BAFF85304F1085A9D9099B394DB75DD86CB51

Uniqueness

Uniqueness Score: -1.00%

Function 07B88900 Relevance: .6, Instructions: 619COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f6005e21f12792a2069e3fe78309b6d4385179bf3a1220aa473478bf5e8d880
Instruction ID: e791f2bdea065e31396d0184b3537b1a403f0c3c0086abdf1ea1b1ac43290f41
Opcode Fuzzy Hash: 2f6005e21f12792a2069e3fe78309b6d4385179bf3a1220aa473478bf5e8d880
Instruction Fuzzy Hash: 853261B4B10205DFEB54EBA5D554A6DBBF2EF88310F6581A9E406AB354DF31AC42CF80

Uniqueness

Uniqueness Score: -1.00%

Function 07AEEE72 Relevance: .6, Instructions: 584COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467908582.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ae0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 445fce8d8a316b38f9ea58a10ef0f35d40a5720c77def20973b2246f6185fe16
Instruction ID: 9f1a246d6d70e296ac06279b4fc89358c174b215505e3bb5784550ffb124bc28
Opcode Fuzzy Hash: 445fce8d8a316b38f9ea58a10ef0f35d40a5720c77def20973b2246f6185fe16
Instruction Fuzzy Hash: 8E1201B1B043069FEB299B79D8547AE7BFAEFC5300F10806AD526CB390DB359C068791

Uniqueness

Uniqueness Score: -1.00%

Function 07B89335 Relevance: .6, Instructions: 568COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fda6643903c3064460a7ee5555a7129e41265da637ff096de8479a405f514fd
Instruction ID: aeac4e08564307de0f84071001ac084b9cf0fa810b20aa4758519d13edea1993
Opcode Fuzzy Hash: 5fda6643903c3064460a7ee5555a7129e41265da637ff096de8479a405f514fd
Instruction Fuzzy Hash: A23208B4B002158FEB64EB69C854BAEB7F2FF89204F5580A9D40AAB351DB31AD41CF51

Uniqueness

Uniqueness Score: -1.00%

Function 07B8A612 Relevance: .5, Instructions: 543COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e999f990c8e1fbabc734d84942d140a9f0991ae2c386dd960f265122e2fe4153
Instruction ID: 5361934f6565e632e932c424cf9ba82151ba4afff61b9893dd5d3745de34f2e6
Opcode Fuzzy Hash: e999f990c8e1fbabc734d84942d140a9f0991ae2c386dd960f265122e2fe4153
Instruction Fuzzy Hash: 03227FF4B00219DFEB54EBA8D59466DB7F2FF88201B15C4AAE5069B350DF34AC02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 016BECB8 Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d13e16afe5a8fe340beae40785158d3abd7e957ccf7cd3a6265496cb6a63acc1
Instruction ID: 548f62c14b02ad01effda0515056c5d4f35be9acdf572bccc27f30911362ab99
Opcode Fuzzy Hash: d13e16afe5a8fe340beae40785158d3abd7e957ccf7cd3a6265496cb6a63acc1
Instruction Fuzzy Hash: 90129D346002058FDB19DF69D894AAEBBF6FF88301F14846DE4069B364DB75EC86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07AED868 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467908582.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ae0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ea2149223e8182f36eda44b00c827435fbc174851b5633b63241b6df403a550
Instruction ID: 8d5c271a08366b107d1375e7107fd91e7c8c5b834457d11d67be9be3e51294bb
Opcode Fuzzy Hash: 3ea2149223e8182f36eda44b00c827435fbc174851b5633b63241b6df403a550
Instruction Fuzzy Hash: ACD1D1B5B00306DFDB18DBA5D8546AEBBF6EF85300F14846AE816EB390DB349D45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B888F1 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8688be80a8e7688b17c445174b3a7d4bdab8d4c24983311e37472cf548380090
Instruction ID: 7392fe6c4cae8447957e76ab1d579278ded5dbfc22ccc701b333e6159e54f21e
Opcode Fuzzy Hash: 8688be80a8e7688b17c445174b3a7d4bdab8d4c24983311e37472cf548380090
Instruction Fuzzy Hash: 27E162B4E14205DFEB54EFA5D594A6DBBF2EF88350F2581A5E806A7350DB31AC42CF80

Uniqueness

Uniqueness Score: -1.00%

Function 07B87B70 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3afb491baf36c7a471aa0be2f77bb9e8382508e49a7eeef2df7fb2500675a14
Instruction ID: 86884f3969485b0098ac787fdbaeebf7581372cd69c9f51ea360614c9496aad6
Opcode Fuzzy Hash: c3afb491baf36c7a471aa0be2f77bb9e8382508e49a7eeef2df7fb2500675a14
Instruction Fuzzy Hash: 5BB183B5B00215CFEB54DBA9D894A6EBBF2FF89314F258069E406DB351DE319C02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B88D04 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74cda8fa64161868ce33b702ef5f5a1809b50f3f9814f1a2762e9eb5a3369105
Instruction ID: 4aa47ef69a382805cedef565040fece61352c1c96e656505a4c166af4105a9f9
Opcode Fuzzy Hash: 74cda8fa64161868ce33b702ef5f5a1809b50f3f9814f1a2762e9eb5a3369105
Instruction Fuzzy Hash: AFB16479A14105DFEF54EBA0D999A7DBBB2EF88350F258165E806A7350DF316C43CB80

Uniqueness

Uniqueness Score: -1.00%

Function 07B88CFB Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74cda8fa64161868ce33b702ef5f5a1809b50f3f9814f1a2762e9eb5a3369105
Instruction ID: 4aa47ef69a382805cedef565040fece61352c1c96e656505a4c166af4105a9f9
Opcode Fuzzy Hash: 74cda8fa64161868ce33b702ef5f5a1809b50f3f9814f1a2762e9eb5a3369105
Instruction Fuzzy Hash: AFB16479A14105DFEF54EBA0D999A7DBBB2EF88350F258165E806A7350DF316C43CB80

Uniqueness

Uniqueness Score: -1.00%

Function 07B877D8 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5692ce9802d06e4382986fef1bb9f849ceba5b44d0c9feb7f6638cee664fd7f
Instruction ID: da8bf16503364ee54acee57a8f0890ba75b78222238284329e51f16ab0b399d7
Opcode Fuzzy Hash: c5692ce9802d06e4382986fef1bb9f849ceba5b44d0c9feb7f6638cee664fd7f
Instruction Fuzzy Hash: 7981A0B5B002059FEB54EFF5D8586AEB7B2EFC8304F208469D806AB344DE359C46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 016B5B60 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ad160b41a6ec8838cc68f3930de3e07c47b21a0d72a837be6d1a978107fda4
Instruction ID: e16f3e6bba9bf2bc8d5c9165a679259f543f7739d41c7ebc342ecf6fb6727f00
Opcode Fuzzy Hash: 72ad160b41a6ec8838cc68f3930de3e07c47b21a0d72a837be6d1a978107fda4
Instruction Fuzzy Hash: 40A11975D00609DFDB11CFAAD888A88BBF2FF89300B158196E509A7261EB7599D1DF40

Uniqueness

Uniqueness Score: -1.00%

Function 07B8DF48 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b481ec2cd2ed9eb0823623ec52a73db145d16ecd7980b9b5fa75832a28d46d39
Instruction ID: 599a9fe357833622969bec7952a70cdc62ba2f1936b59f77949e2e4e512aeea7
Opcode Fuzzy Hash: b481ec2cd2ed9eb0823623ec52a73db145d16ecd7980b9b5fa75832a28d46d39
Instruction Fuzzy Hash: 8F518FB0B002059FEB58EB7AC454B6EBAE3AF89614F14C4ADE4069B354DE35DC42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B8D228 Relevance: 2.6, Strings: 2, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#, xrefs: 07B8D252
l, xrefs: 07B8D2AA

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID: #$l
API String ID: 0-1837319377
Opcode ID: e4694c408dfcae752d588942258d15ac2e3a064917e99bba4bfe7e9a5eedc034
Instruction ID: 18bc135956164740e2b51903b1b48ebb3bfaa62652d23b7d22e33e4ace961290
Opcode Fuzzy Hash: e4694c408dfcae752d588942258d15ac2e3a064917e99bba4bfe7e9a5eedc034
Instruction Fuzzy Hash: 57312BF23043055BEB24AFA9E85456EB7E6FFC5610700847ED9068B784CE35DD0AC7A5

Uniqueness

Uniqueness Score: -1.00%

Function 016BDC58 Relevance: 1.7, APIs: 1, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78872a247200f9a006e2fe3f97f4a7ef9af9217b5cf89707eae41ee2f08432c8
Instruction ID: 4fc0713b8e2c3fd9997200a54d5538b38d37366f304493b4b5a8672108d92f4f
Opcode Fuzzy Hash: 78872a247200f9a006e2fe3f97f4a7ef9af9217b5cf89707eae41ee2f08432c8
Instruction Fuzzy Hash: 1C913DB1D003598FEB24DFA9C894BDDBBF5AF84304F1084AAD409AB241DB755D85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 016BD844 Relevance: 1.6, APIs: 1, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 016BDF1A

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID: AuthzCodeIdentifyLevel
String ID:
API String ID: 1431151113-0
Opcode ID: 43e8f0117448d52593077820431c1f47533b6e76775a38c412e12da7a98e84d1
Instruction ID: e640bcea604f2895258d7b3bfd9ccc7a7e441d888a9f2f7ceaa2f9ad4f1dfa34
Opcode Fuzzy Hash: 43e8f0117448d52593077820431c1f47533b6e76775a38c412e12da7a98e84d1
Instruction Fuzzy Hash: C741D5B0901269CFEB24CF99C984BD9BBB5BB48304F5085EAD50DAB241D7759E88CF60

Uniqueness

Uniqueness Score: -1.00%

Function 016BDDFD Relevance: 1.6, APIs: 1, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 016BDF1A

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID: AuthzCodeIdentifyLevel
String ID:
API String ID: 1431151113-0
Opcode ID: 57d6c5b73d4d36870346fb9c8ea4afd20544a75d44a4dd906d7c6a74d4f838c2
Instruction ID: f561ad234131a1fd8ba618988ab224719b4689fa65842258bceeeda3c3fd8c16
Opcode Fuzzy Hash: 57d6c5b73d4d36870346fb9c8ea4afd20544a75d44a4dd906d7c6a74d4f838c2
Instruction Fuzzy Hash: 0A41E5B0801269CFEB24CF99C984BD9BBB5AB48304F1085EAD40DAB241D7759E84CF60

Uniqueness

Uniqueness Score: -1.00%

Function 016BD850 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ComputeAccessTokenFromCodeAuthzLevel.ADVAPI32(?,00000000,?,?,?), ref: 016BE056

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID: AccessAuthzCodeComputeFromLevelToken
String ID:
API String ID: 132034935-0
Opcode ID: 8bf84325134501c0160ce7441c7ef13a6a5600969d491a4760cc1550862ed55c
Instruction ID: 8401b7c80385a946b579dd35134a9bb6d7010d6a4d2dcaf215cc65ffc0d8d67e
Opcode Fuzzy Hash: 8bf84325134501c0160ce7441c7ef13a6a5600969d491a4760cc1550862ed55c
Instruction Fuzzy Hash: 7B2129B69043499FCB10CF9AC884BDEFBF4FB48310F51842AE528A7241D779A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 016BDFD9 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ComputeAccessTokenFromCodeAuthzLevel.ADVAPI32(?,00000000,?,?,?), ref: 016BE056

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID: AccessAuthzCodeComputeFromLevelToken
String ID:
API String ID: 132034935-0
Opcode ID: 9931a38506807b96545818d17caf2c223a1f9db0b23c2bf663e7ede4ef05880a
Instruction ID: 035cde029adee4ad632cf6b9753979fbf3fcd1e34ecfff1a201dd80f411dff78
Opcode Fuzzy Hash: 9931a38506807b96545818d17caf2c223a1f9db0b23c2bf663e7ede4ef05880a
Instruction Fuzzy Hash: 462118B68003499FCB10DF9AD884BDEFBF5FB48310F15842AE528A7251D779A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07AEA9FC Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNEL32(00000000), ref: 07AEC760

Memory Dump Source

Source File: 00000000.00000002.45467908582.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ae0000_mkcert.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a5404ca8406ed4eabb38a175a4a7133b0b60374f2f740a80513d081cffcafbf7
Instruction ID: 03a05c2dd067dc59b5dd72b61106b2975c0a39f78f5f71517036bef54c738d79
Opcode Fuzzy Hash: a5404ca8406ed4eabb38a175a4a7133b0b60374f2f740a80513d081cffcafbf7
Instruction Fuzzy Hash: 042147B5D006599BCB10CF9AD44479EFBF8FB88320F10856AD828A7240C774A900CFE5

Uniqueness

Uniqueness Score: -1.00%

Function 07AEC6E9 Relevance: 1.6, APIs: 1, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNEL32(00000000), ref: 07AEC760

Memory Dump Source

Source File: 00000000.00000002.45467908582.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ae0000_mkcert.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 31b6c9f98acaaa0380e3540a36466639d0d1142078d47f148ea22f1b983a3f2f
Instruction ID: 6ed23fe756a550f79dbb3c4ff236f72752d16a759bcecbc24e92188113bb53a2
Opcode Fuzzy Hash: 31b6c9f98acaaa0380e3540a36466639d0d1142078d47f148ea22f1b983a3f2f
Instruction Fuzzy Hash: F11159B5D0065A9FCB10CFAAD4447DEFBF8FB88720F10852AD828A3600C774A940CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 016BE390 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(9C90019A), ref: 016BE3FF

Memory Dump Source

Source File: 00000000.00000002.45459327026.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16b0000_mkcert.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 5084e8951fa11d1f8ddafc57b697a2b46813e2a0f4643b24a64cc1256c46b3a9
Instruction ID: 8d286ee64f93c9f79e69189ca9dfb93bb8aa09c6b15601e8f080a259f27a3ad4
Opcode Fuzzy Hash: 5084e8951fa11d1f8ddafc57b697a2b46813e2a0f4643b24a64cc1256c46b3a9
Instruction Fuzzy Hash: 1C11F0B1C006599BDB10CF9AD884ADEFBB4BB88314F10812AD418A3240C779AA45CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 07B8D219 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

#, xrefs: 07B8D252

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: a48e4efd4a5cba5975eef367b0045ecd12bde8c73c21e5a96af041a4b43fe790
Instruction ID: 1d3a07c6120cf8c4703bef19e81223b7eeac3b69bf98640c110384c5dc4b2dad
Opcode Fuzzy Hash: a48e4efd4a5cba5975eef367b0045ecd12bde8c73c21e5a96af041a4b43fe790
Instruction Fuzzy Hash: 1201FEF23043065FEB35AF5AE4405AE7765EF89520B04C1AFE9058B691CB38D906CB62

Uniqueness

Uniqueness Score: -1.00%

Function 07B945FF Relevance: .7, Instructions: 717COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f13486dc1d2aab04ae64435554cb8d6ac8b53fd84e95d87c32a4fea831014cda
Instruction ID: baeff77345fe1f28afe893e7b6829c689a46ccb47b5b033c3b7b529364e54f9a
Opcode Fuzzy Hash: f13486dc1d2aab04ae64435554cb8d6ac8b53fd84e95d87c32a4fea831014cda
Instruction Fuzzy Hash: E6427EB4A002468FEF14DF69D544AAEBBF2EF89300F1485B9D815AB390DB35DD42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B922F0 Relevance: .5, Instructions: 509COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0257cb8d2509153c1f9c5ef596c4db21be95fa91f55865f8fded9b614b64a5b9
Instruction ID: 45fb5117970e345c48f57c6bbcf82dd15c2083d00067b54ab62ec7ea1abddc93
Opcode Fuzzy Hash: 0257cb8d2509153c1f9c5ef596c4db21be95fa91f55865f8fded9b614b64a5b9
Instruction Fuzzy Hash: 14225DB4A00205EFDB19DF69D594A9EBBF2FF88300F508469E815AB364DB35EC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B84610 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c16c6a451072d1ccc211939578848e2e662b94609ea31aca1b79b064faff7a45
Instruction ID: 5993b6a3fd0e01823b302056601ce758a66540c49e87a4215352b52a9ada6307
Opcode Fuzzy Hash: c16c6a451072d1ccc211939578848e2e662b94609ea31aca1b79b064faff7a45
Instruction Fuzzy Hash: E122E4B8700255CFD768EF28C598B6977B2EF8A215F1184E8E54A9B3A1DB71DC81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 07B985A8 Relevance: .4, Instructions: 447COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f71f8e75c0f288f71c71e0cb188889bb526bc2374148ed51228df33a8fa8c8f
Instruction ID: 531e00d4bee7e956b92448710099c59f619f92efb09758f506f9c68f9201f03f
Opcode Fuzzy Hash: 6f71f8e75c0f288f71c71e0cb188889bb526bc2374148ed51228df33a8fa8c8f
Instruction Fuzzy Hash: 50F193B1B00206DFEB159F69D8547AEBBB6FF89304F14806AE9159B390CB35DC06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B91448 Relevance: .4, Instructions: 443COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dc49bc583d290f17b9bef627e54725ac42db7aad904259b7f92051c60ddc741
Instruction ID: c4c4f03fbf9374d1bbd7e74b9408aa22077e0e2f22bcfa2defa428188bb6c0e0
Opcode Fuzzy Hash: 5dc49bc583d290f17b9bef627e54725ac42db7aad904259b7f92051c60ddc741
Instruction Fuzzy Hash: 73F14EB4A1021A9FEB14DF69D884AAEB7F6FF88310F1480B9E8159B350DB74DC42DB51

Uniqueness

Uniqueness Score: -1.00%

Function 07B847B9 Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9c1c03bc50a8b8a9e3858d25af14a6f625b3bf3e9f71667b12270166af76fbd
Instruction ID: 637a47568eb95bf5c20602ab3af08192086b470338b1f98e8f486eac2dcf3034
Opcode Fuzzy Hash: d9c1c03bc50a8b8a9e3858d25af14a6f625b3bf3e9f71667b12270166af76fbd
Instruction Fuzzy Hash: 8102E6B8700255CFD764EF28D598A69B7B2EF8A315F1144E8E54A9B362DB31EC81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 07B86438 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3dff71571291a002fd9fb9b09bf6e299e0e24c77e0ed37d3e3e074a50c25811
Instruction ID: 3c412840be54db7bac6b99ba4de418dbbcc31e6c359a6dd98e113cae57734f57
Opcode Fuzzy Hash: e3dff71571291a002fd9fb9b09bf6e299e0e24c77e0ed37d3e3e074a50c25811
Instruction Fuzzy Hash: 2CE1D1B5A002559FDB19EFB8D4547AEBBF2FF89304F1480A9E8159B392CA359C41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B8AE10 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cacac8b620b7067a8e39d8752b8dc09ec6aa5e9b496ae86aeb018ecfef94816
Instruction ID: 804447d435928fde2c5927524ea15e5191c0445588a885d57070b51e4c2d36d2
Opcode Fuzzy Hash: 0cacac8b620b7067a8e39d8752b8dc09ec6aa5e9b496ae86aeb018ecfef94816
Instruction Fuzzy Hash: 8FF1F9B4A00219CFEB64EF69C994B5EB7B2FF88300F1485A9D50AA7351DB309D85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 07B8B85D Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 334e65a051959a1d8c5b11887c9ce72f7297732c2536f5075f3d2cd8a2a593d4
Instruction ID: 7adafbba83ee0ff6bf8562b760017bcb57e1eb078eb3437fa3088f9ff8ace8a9
Opcode Fuzzy Hash: 334e65a051959a1d8c5b11887c9ce72f7297732c2536f5075f3d2cd8a2a593d4
Instruction Fuzzy Hash: 0CD17BF4B00206CFEB58EFB9D49466EB7E2FB84210F1089ADD5069B384DB359C05CB95

Uniqueness

Uniqueness Score: -1.00%

Function 07B848A7 Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cfdd38b4d9460ec2956c97a90dea609e3fe82b12379c3b8a7035f29cdac21f2
Instruction ID: f573fdd1994382f005949c04be291d2ac0f801406d1492726fe6591397497da7
Opcode Fuzzy Hash: 0cfdd38b4d9460ec2956c97a90dea609e3fe82b12379c3b8a7035f29cdac21f2
Instruction Fuzzy Hash: A2F1D3B4701255CFD7A8EF28C598A58B7B2EF8A315F1144E8E54A9B362DB31ED81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 07B89EC0 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2696e3beddf585ba5dff0184fbe79e47747a9d2176bb667bf763f6adfb08d9c3
Instruction ID: c0e570d6ade80fcdea4329e618a58e6458d7a6aa6e9335f80bdfed9f75a7b45c
Opcode Fuzzy Hash: 2696e3beddf585ba5dff0184fbe79e47747a9d2176bb667bf763f6adfb08d9c3
Instruction Fuzzy Hash: 44E108B4A00209DFDB55EFA9D594AADBBF2EF88304F15C059E405AB361CB35AD41CF44

Uniqueness

Uniqueness Score: -1.00%

Function 07B96508 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b13f8752846c7892e20902a4a27935939f2bae791661180bd08faa758543117e
Instruction ID: c905bf5c633885e49fcb51dc591eac6a46e01f14b4ace1c31cde3dc894d4da95
Opcode Fuzzy Hash: b13f8752846c7892e20902a4a27935939f2bae791661180bd08faa758543117e
Instruction Fuzzy Hash: CFC16CB5A00219DFEB18DBA5D554BAEB7B6FF88304F108079E812A73A4DF359C41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B8232D Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab0de3048d62b1db3e3ed39ef8e096913bdd58df6479a1fa5df5d69908f7481
Instruction ID: a8d78e5b28ca96469dcf76e8e6fa1a3b7c9fd3d19f689f3377d546459ea92384
Opcode Fuzzy Hash: dab0de3048d62b1db3e3ed39ef8e096913bdd58df6479a1fa5df5d69908f7481
Instruction Fuzzy Hash: F7D126B5A102058FEB58EF68D598AAD7BF2FF49710B1580A9E806DB3A1DB31DC00CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B9E058 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b6b8c48b3a855a3ea0d5189071a902ecc1b8c9e636c01623a109cfe86e953c4
Instruction ID: f4046c95336873e0436ed5f78bea74f0edb62d8ba11779bbb3dc3721d0535885
Opcode Fuzzy Hash: 8b6b8c48b3a855a3ea0d5189071a902ecc1b8c9e636c01623a109cfe86e953c4
Instruction Fuzzy Hash: FCB19FB1B00215DFEB15DF68D884AAEBBB2FF89300F148569E9059B351DB35EC02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B8F808 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0a46201ef73a5e7a75308b808c01cc2e89f80156ebdfd355cbe57c621ee0254
Instruction ID: bc70148b11c11c3c57ebdffb381f86119bf931009bab363e62fba9ae237cf6a4
Opcode Fuzzy Hash: b0a46201ef73a5e7a75308b808c01cc2e89f80156ebdfd355cbe57c621ee0254
Instruction Fuzzy Hash: B1B1A3B1A00209DFEB54EFA9D4846BEBBB6FF85310F1485AAD859DB240D730ED41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B97820 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc7ff3ca108c612711d9aa898d988f2befe2eba331db3ad24eee7f638e3133ae
Instruction ID: 7e576c81963277924c8c9a01f0f9ab3fe3b050e5017b6bb0384d88974539c0fb
Opcode Fuzzy Hash: bc7ff3ca108c612711d9aa898d988f2befe2eba331db3ad24eee7f638e3133ae
Instruction Fuzzy Hash: 72B13035740300AFE724EB64D889F9E77B6EB89740F104469FA166F3D0CAB6AC41CB95

Uniqueness

Uniqueness Score: -1.00%

Function 07B95D48 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0355294bf0af1d8e0c265645ef103ae7eccf510632bab132b83c3ac15d8b68ea
Instruction ID: 051a547500c3ed26fd21268300715e898dda60e488d254947355a7dbdf1b7c7b
Opcode Fuzzy Hash: 0355294bf0af1d8e0c265645ef103ae7eccf510632bab132b83c3ac15d8b68ea
Instruction Fuzzy Hash: DAB17EB0A00205DFDB29DF69D994AAEBBFAEF88200F14847DE4169B394DB359C45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B85BA8 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 190980cab9d4e04a83bbc9b254a7c4839df933a6e7e5fe90491052659447969d
Instruction ID: bcdbab3f02a3536718afcdb55c45f8f12d6dcefd6d34a18c3caeac1221533a0f
Opcode Fuzzy Hash: 190980cab9d4e04a83bbc9b254a7c4839df933a6e7e5fe90491052659447969d
Instruction Fuzzy Hash: A0C129B4A00205CFD768EF68D598AA9BBF2FF88311F1584A8E4169B361DB31EC41CF51

Uniqueness

Uniqueness Score: -1.00%

Function 07AFB389 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dddc4ad189b933760b2339e9891d2e0ae89bef609bfb8f9468bde202bdd7161
Instruction ID: 1b8226b023e3784b2c96915bc2f234bb6ff07a59a2977a4806b7c93e00141e41
Opcode Fuzzy Hash: 4dddc4ad189b933760b2339e9891d2e0ae89bef609bfb8f9468bde202bdd7161
Instruction Fuzzy Hash: 37B15B752007009FD764EB75D849B6E73A3EB85320F108A2CE5268BBC0DB79EC428B81

Uniqueness

Uniqueness Score: -1.00%

Function 07B852E0 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2303ab5eb407bdfa41ab473a9eacbbed2032162cf48517dcd6ba6e0d9b700c22
Instruction ID: 97e66cfd32309460ffc8b18bd2d71919e348cd8e0f045d7d56d1cc47040fb2e4
Opcode Fuzzy Hash: 2303ab5eb407bdfa41ab473a9eacbbed2032162cf48517dcd6ba6e0d9b700c22
Instruction Fuzzy Hash: F8C127B4A00209DFEB64EBA8D488ADDB7F2FF48314F158599E812AB350C774ED45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07AFB398 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0ff8823444dd6a901a4d082efc73832322a91c24418526d145b6c8df0b1386
Instruction ID: d29ec3be17df9bd58ea4ce6160d40328791527b1edcc9e4a4db69042e5532370
Opcode Fuzzy Hash: 8d0ff8823444dd6a901a4d082efc73832322a91c24418526d145b6c8df0b1386
Instruction Fuzzy Hash: 7DA14D752407009FD764EB75D949B6E73A3EBC5324F108A2CE5268BBC4DB79EC428B81

Uniqueness

Uniqueness Score: -1.00%

Function 07B958C0 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fad167e29f3ace874eb6dc4767724e58a80fd04d9637566bc0abeb081a455ff2
Instruction ID: 7c87d23c10ba23b49a3d0b9e973a15d7036b309eef034f5cb48772daf3efdbd6
Opcode Fuzzy Hash: fad167e29f3ace874eb6dc4767724e58a80fd04d9637566bc0abeb081a455ff2
Instruction Fuzzy Hash: ADA1BEB17002068FEB15DBBAD89466EBBF6FF88310B148079E815CB3A5DB74DC418B90

Uniqueness

Uniqueness Score: -1.00%

Function 07AC0E29 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a44f06cbe6c7b8fe2743751b2a82d0e2f609e2dfb17efed7867e735e76e6c499
Instruction ID: 776efb446f1619a7fa1b13726fc3fb189878e6df6e5fa6c9c8ee2f91f2152825
Opcode Fuzzy Hash: a44f06cbe6c7b8fe2743751b2a82d0e2f609e2dfb17efed7867e735e76e6c499
Instruction Fuzzy Hash: CDA183B12007019BD760EB79D84976EB7A6FB85321F108A1CE5778B6D0DF39EC824792

Uniqueness

Uniqueness Score: -1.00%

Function 07AC0E38 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d62b8f1eaf3cc840766ff4831767182eeee257bdaa140749a17716e21d6a3ec
Instruction ID: b41c70958632e5b06fead77fb494ad7574cf12f2a0c4e6196dbd8e7cb775114f
Opcode Fuzzy Hash: 9d62b8f1eaf3cc840766ff4831767182eeee257bdaa140749a17716e21d6a3ec
Instruction Fuzzy Hash: 1BA182B12007019BC760EB79D84976EB7A6FB85321F10CA1CE5778B6D0DB79EC824792

Uniqueness

Uniqueness Score: -1.00%

Function 07B910A8 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b5486c221b66b1cf3c809ac4b731c6b47a6b76e0a9ffef1e18561f0b580fb2
Instruction ID: 6a40344c3374f67c249b4488c850135b31da33c13e729603c346d35975feb1b8
Opcode Fuzzy Hash: 02b5486c221b66b1cf3c809ac4b731c6b47a6b76e0a9ffef1e18561f0b580fb2
Instruction Fuzzy Hash: BA818FF0B0430FDBFF119A6D85507AE7AB5AB89600F1440BAD825DB380DA74DD42DB51

Uniqueness

Uniqueness Score: -1.00%

Function 07B93570 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5237b44f429a478c130281a57bc71bfdd0448dcac6907c60d591e5781d70b81
Instruction ID: 2b62e654b31d595a0d99b3f61e5e73dcfefbe694323fdac33dadd0dd33044815
Opcode Fuzzy Hash: f5237b44f429a478c130281a57bc71bfdd0448dcac6907c60d591e5781d70b81
Instruction Fuzzy Hash: A7A15DB4A00205DFEB14DF94C588BADBBB2FB44304F5580A8E415AB3A4CB78EC85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 07B87260 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43fcb0c47dd7b95df725213a44def8e6612c2ae8b24148f37ac1d6c3a5d0e9a5
Instruction ID: 3d843081d86a63f4231e58dc6134574cafb442d2c5f988d7ea48c76b8f3ae146
Opcode Fuzzy Hash: 43fcb0c47dd7b95df725213a44def8e6612c2ae8b24148f37ac1d6c3a5d0e9a5
Instruction Fuzzy Hash: 6E61C1F1B042068FDF65EBA8D494A7E7BB2EF85314F2840A9D50697790DF349C42CB52

Uniqueness

Uniqueness Score: -1.00%

Function 07B83830 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07e5340700d9f8a896865ddbb95c58081f33bdabda14d46c1a4df4b1b396ff04
Instruction ID: 3730ef49062bfbe0c3fd11390036ae4d36b30c874559372ef8dd60bc6b34c81f
Opcode Fuzzy Hash: 07e5340700d9f8a896865ddbb95c58081f33bdabda14d46c1a4df4b1b396ff04
Instruction Fuzzy Hash: 2D813BB0B10215CFEB59AB78D458A2D77F2FF89A01B1085A9E4069F3A0DF75DC05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B8A390 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b643d6b52dc7df867154368c189d3cb3b19cbd5439434a39589f369cc0f239b
Instruction ID: 2c607ac7443db0e6b8786be1c6c3a9b7984695899a241b2c7cc7da8f991e89fc
Opcode Fuzzy Hash: 6b643d6b52dc7df867154368c189d3cb3b19cbd5439434a39589f369cc0f239b
Instruction Fuzzy Hash: B9717DB4B00205CFDB54EB69D458A6EBBF2EF88210B19C0AAD40ADB351DB35DC42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B951A2 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4579efa40ee1eeebb696765578f96a15291c52fba73b889a9172668ef693c131
Instruction ID: bb12becbf2e7c8ec2f6b2d2bcdf0ad0cab62248a5eaa3cb1517adc7d2396e42e
Opcode Fuzzy Hash: 4579efa40ee1eeebb696765578f96a15291c52fba73b889a9172668ef693c131
Instruction Fuzzy Hash: D6714CB57502008FEB21CF65D488AAD77B5EF88361F2580B5E802EB3A1DB75DC82CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B93FB8 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 007e14d8e15967f096501807c65c6184c0c5e28a0efddcb221e91d6be8cf0460
Instruction ID: 25c0a861cd69bb3c02d9a11cb998be9725cdc9418eac4204425d40204833805b
Opcode Fuzzy Hash: 007e14d8e15967f096501807c65c6184c0c5e28a0efddcb221e91d6be8cf0460
Instruction Fuzzy Hash: 437191B2E00255CFEF15CF64C8406DEBBB2EF89304F2585B9D815AB290DB71AD46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B9FA90 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73bf22e1a725ec0d07b0052621deca07cfbc52aa3d019bd8f31d74a4df4f5e08
Instruction ID: bc600b7f2411f2544243d8f01a35bb70d913b5aa4e29732c8897f29edbc2d5b0
Opcode Fuzzy Hash: 73bf22e1a725ec0d07b0052621deca07cfbc52aa3d019bd8f31d74a4df4f5e08
Instruction Fuzzy Hash: 0481F9B5A001099FEF14DF98D854AAEBBB6FF88324F1881B9E815EB355D7309841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B86E6D Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67eeef6cfaa93fd7973f78c695902280ddc74a34593a480c6f3b7902dfa3eb63
Instruction ID: 21f3930f4ca6196e581fd399ae0b1a0eeef70a90509e95cd6a0e9ac8e4315727
Opcode Fuzzy Hash: 67eeef6cfaa93fd7973f78c695902280ddc74a34593a480c6f3b7902dfa3eb63
Instruction Fuzzy Hash: 47519FF0614602CFE7B4BB69C5A463DB7E2FB52609B60859ED027C7A41DB35E842CB42

Uniqueness

Uniqueness Score: -1.00%

Function 07B8CE98 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54a8e47268b853808da21ba8afacc4887511e69a00f5c8b4a8f7a60a167692e6
Instruction ID: 8cd270c572a73e2f1682269d7f9f555042bc4ac4b4f5f4b4cd16d306875dd8b5
Opcode Fuzzy Hash: 54a8e47268b853808da21ba8afacc4887511e69a00f5c8b4a8f7a60a167692e6
Instruction Fuzzy Hash: 336132B4B002059FEB54EB69C454AAEBBF2EF8D720F1590A9E405AB351DF31DC42CB61

Uniqueness

Uniqueness Score: -1.00%

Function 07B8381A Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6e7c10eb18bad00e8b6a5cf482db10df7244c19acc87ba006e934f16f32c587
Instruction ID: ad859c04ff1b982945a05251661203eb5f26f4ea5dfc2f6c475a526e8204de26
Opcode Fuzzy Hash: d6e7c10eb18bad00e8b6a5cf482db10df7244c19acc87ba006e934f16f32c587
Instruction Fuzzy Hash: 5F5187B0B10216CFEB59EB78D458A6E7BF2BF49A01B1044ACE4029B3A1DB75DC05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B8DF38 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce237ade92cc0a3651ccb66ee96804710408ee49f211ac9017da5d5bc256fac9
Instruction ID: 2205553c871d946dff1d917ee451eb8089a3cf1867d41db0ee64c22c1c594328
Opcode Fuzzy Hash: ce237ade92cc0a3651ccb66ee96804710408ee49f211ac9017da5d5bc256fac9
Instruction Fuzzy Hash: 1651E7B1B002059FEB54EB65D854BBEBBE2EF88310F1480A9E906EB350DE35CC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B98288 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc206e80eaa61a1ad99f91fefd75c26b2b3b20a9a95628de65794545931eb7b2
Instruction ID: f7949c593931d92c7640c84057597980438cf5e00b7be5ce5dad6e00eddd8256
Opcode Fuzzy Hash: bc206e80eaa61a1ad99f91fefd75c26b2b3b20a9a95628de65794545931eb7b2
Instruction Fuzzy Hash: 39518DB1B047118FEB289B79D85877F76E6EF85200F14817AE916CB384EA39DC028790

Uniqueness

Uniqueness Score: -1.00%

Function 07B8CE88 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cc36c7bd68436fd7a9310c789af2b29b4d7395414794c8fe2c77fb31f5a9f4e
Instruction ID: ce7b889863710f319b661571a04f8e04c1d52c9e9d8a36e3e6973c884b6a3ea2
Opcode Fuzzy Hash: 1cc36c7bd68436fd7a9310c789af2b29b4d7395414794c8fe2c77fb31f5a9f4e
Instruction Fuzzy Hash: 2F5153B4B002059FEB54EB69C554AADBBF2EF8D320F1990A9E405AB351DB31DC42CB61

Uniqueness

Uniqueness Score: -1.00%

Function 07B85B98 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 530bd136978d52cd617412bc920bec2d1bc45665e46a03d85fec0c695f91295a
Instruction ID: 102be4409a4f2f2771ef208db9df51dedbe5d8fb46e3b2234a9141c6f5c7262b
Opcode Fuzzy Hash: 530bd136978d52cd617412bc920bec2d1bc45665e46a03d85fec0c695f91295a
Instruction Fuzzy Hash: 7E71F6B4A00205CFDB64DF68D998EA9BBF1EF48211F1544A9E806EB361DB31EC50CF60

Uniqueness

Uniqueness Score: -1.00%

Function 07B92DD1 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21c63c8782a945415e505506686b8821ecf89f2f8d59ba55713b83821df2f914
Instruction ID: a1e10c32485a95bf679b814d6d247b2b521715e9ea89b0176072cc57c5bcd351
Opcode Fuzzy Hash: 21c63c8782a945415e505506686b8821ecf89f2f8d59ba55713b83821df2f914
Instruction Fuzzy Hash: 095161B5B006069FEF15DF69D494AAEB7F6FF88210B01847AE429DB711EB30ED018B51

Uniqueness

Uniqueness Score: -1.00%

Function 07B803ED Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bfad2dda484150edb27a1c8dfffa0eb7f23afbed398c42f7076d7f9ed4b82d
Instruction ID: ae20884c37afaed50095c5d38b9628d2e81d72408bbd0a53ee652b3fd69b9ebc
Opcode Fuzzy Hash: a4bfad2dda484150edb27a1c8dfffa0eb7f23afbed398c42f7076d7f9ed4b82d
Instruction Fuzzy Hash: 4761D1B1A043458FEB05EF78C894ADDBBF1EF85250F09819AE845EB262DB34DC44CB61

Uniqueness

Uniqueness Score: -1.00%

Function 07B8B520 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01fc5c7cbedd1b881cea10b5e78b092f1e53f9dcc78df4baa6080bb7dd97cb7
Instruction ID: 70c504546e1f871ef157f83c1a63ec765188e48a8a4a7c43d2385b21ce3cc812
Opcode Fuzzy Hash: a01fc5c7cbedd1b881cea10b5e78b092f1e53f9dcc78df4baa6080bb7dd97cb7
Instruction Fuzzy Hash: B27180B5E00229CFDB64DF69D880B9DBBB2FB48214F1081AAD909A7351DB309E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 07B85446 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f53a9ae0bfcd68da5a687e6d720901c06e9f332e60fd85850266f13aebaa8b6
Instruction ID: 10b1fde6733c6ddece82c1e9ecfe85f27f2324e925effbeaa0e94f389cf314bb
Opcode Fuzzy Hash: 0f53a9ae0bfcd68da5a687e6d720901c06e9f332e60fd85850266f13aebaa8b6
Instruction Fuzzy Hash: E3713DB5A00209DFEB24EBA8D588BDDB7F2FF48305F148599E812AB350CB34AD55CB51

Uniqueness

Uniqueness Score: -1.00%

Function 07B93DA0 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0918cee06c5e382489caf4b579a0de32372ea63896405c844cbaadc180782500
Instruction ID: 2259fbb8f7666bcc2db1261f9869e408dc066c33a3e58ce96145053d0738f175
Opcode Fuzzy Hash: 0918cee06c5e382489caf4b579a0de32372ea63896405c844cbaadc180782500
Instruction Fuzzy Hash: EB5102B0B04755CFEF18CBA4D5846AEBBE6EF85200B1484BAE51ACB261DB319C448761

Uniqueness

Uniqueness Score: -1.00%

Function 07B83EC0 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf17972990d8b8b4ac71d1660ab5c13f08f1058519e9fb6daecbb870922e6df
Instruction ID: 46061cd7b3ce2c155bfb51d5c2a4e2ecba15b109c37dbbf6f3a3e231e5a95f3d
Opcode Fuzzy Hash: 4bf17972990d8b8b4ac71d1660ab5c13f08f1058519e9fb6daecbb870922e6df
Instruction Fuzzy Hash: 1F51D574A11325CFDB69AF74E45956D7BB2FF8D202B14887CE812AB390DF369841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B87D59 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa2c5f58166c462edb834454b5e5ac76fbbf351e79b0975b532c9ddb3a2b0c90
Instruction ID: 4d14055807dd8062b4c4ff61ffaa309520c981c5a489c8992e122c14600ba510
Opcode Fuzzy Hash: aa2c5f58166c462edb834454b5e5ac76fbbf351e79b0975b532c9ddb3a2b0c90
Instruction Fuzzy Hash: 12516BB5B002159FEB54EBB4C854B6EB7B7EF88715F248069E8069B394DE319C02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B80448 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 312ea696f510f5873c8c6c56fac1cdacc50f3ad0307779b1ae3f18aae1065b88
Instruction ID: 232c73ce74497006b4339dc56710a183c389b4105ec583f07b9defbc96e9fcee
Opcode Fuzzy Hash: 312ea696f510f5873c8c6c56fac1cdacc50f3ad0307779b1ae3f18aae1065b88
Instruction Fuzzy Hash: 26516FB1B002058FEB54EF69D494AADBBF1FF88254F188599E815EB360DB34DC44CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B93FAA Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4fe4e1ddcac92083c01d461363c4fd6242c0a44808db5663c78c2cc2a5150ae
Instruction ID: 8c9ef8ccac26377f70c0aedf2ae99a99d3a6e0e3b511f61b4262611848dd8dd0
Opcode Fuzzy Hash: b4fe4e1ddcac92083c01d461363c4fd6242c0a44808db5663c78c2cc2a5150ae
Instruction Fuzzy Hash: FE51A1B2E00655CBDF11CF64C8406DEBBB1FF95314F2586B9C8157B290EB71A946CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B9067A Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da345bf4ecc4a6a5b7f79edbcab5b1520d7a5e468d95eadb591bd904f6ffb65b
Instruction ID: 53f73be76a16a6c1ead6efdc36ea88b27f9aebaf2c74a1469c951cd0df66414e
Opcode Fuzzy Hash: da345bf4ecc4a6a5b7f79edbcab5b1520d7a5e468d95eadb591bd904f6ffb65b
Instruction Fuzzy Hash: F25106B4A00206DFEB15DF68D584A9DBBF2EF89310F14C4A9E825AB361DB35EC41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 07B8C468 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 903fa77d37031e3e2ec348e6373f606c76f53398222252ce8a65e32e3edcfa94
Instruction ID: c07ffb6769e78e3709341a8cd8d9afa4fa5db471b100193367c75240870977a9
Opcode Fuzzy Hash: 903fa77d37031e3e2ec348e6373f606c76f53398222252ce8a65e32e3edcfa94
Instruction Fuzzy Hash: 7041C2F1B012128BEFA4BA2985546BE7AA2EB85310F1945FAD80197750DA35CC41C7F1

Uniqueness

Uniqueness Score: -1.00%

Function 07ACB9F0 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab0b424d24f6a4525b34f0d79a96e4fbcee367f00e204b11b0849396b9142c0
Instruction ID: 9b0a8562d8e085bd4e4b5e541a71a8c2c6b96f3596ed1ebabe41649bdd165ece
Opcode Fuzzy Hash: dab0b424d24f6a4525b34f0d79a96e4fbcee367f00e204b11b0849396b9142c0
Instruction Fuzzy Hash: 28518F71200701AFE364EB35D84572AB7A2EBC1324F108A2DD1768FBD1DB76EC418B95

Uniqueness

Uniqueness Score: -1.00%

Function 07B8CA38 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8779774e1012ed62cb5fa52324ac5b1a80343975d5cf40190ca22c259cde3f6b
Instruction ID: a7ffce41b7483454dd77b2102f06e6c496a13f905e89c06f8a1785273ff5ad74
Opcode Fuzzy Hash: 8779774e1012ed62cb5fa52324ac5b1a80343975d5cf40190ca22c259cde3f6b
Instruction Fuzzy Hash: 5641C2F5A0060A8FDB24EF69D4446AEBBF2FF84610F108968E516DB344DB34ED45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07B83EB0 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec1679c858e8aa276ca73c6c5303eec9dd1512482ee1908dad4ca513f7f9e9b9
Instruction ID: 29763fd7a5cfcf83de9068d42e230f291eb4d5e83abb1c5f59970f3a250f3ee5
Opcode Fuzzy Hash: ec1679c858e8aa276ca73c6c5303eec9dd1512482ee1908dad4ca513f7f9e9b9
Instruction Fuzzy Hash: 165118B5A11315CFDB69AF74E4596AD7BB2FF89202B14887CE412EB390DF328841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B8AC40 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5db5140705c83d4eb5cf443dd7f84d3332daeacca57c6f1b69a8b8f67845474
Instruction ID: 5b0792211a6fe754e101f53c5d1da0d655ea2f32678cb6827473709b78ceb99e
Opcode Fuzzy Hash: f5db5140705c83d4eb5cf443dd7f84d3332daeacca57c6f1b69a8b8f67845474
Instruction Fuzzy Hash: B54114F6B18226DFE7546AA9941423AB7D6EBC8262B148EEBD503C7340DE719C01CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 07ACBA00 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47b6ebcff7d7e3e9fcb0aa69eb3ffe9e79492ed31fe120ff98c5a3ba7728939
Instruction ID: cf34fc588f7b070c0126d2c53dd8cb5e728d764260871b483dc81357e76df8ba
Opcode Fuzzy Hash: c47b6ebcff7d7e3e9fcb0aa69eb3ffe9e79492ed31fe120ff98c5a3ba7728939
Instruction Fuzzy Hash: B2415071200701ABE364EB35D84572AB3A2EBC5324F508A2DD1368F7D5DB7AEC418B95

Uniqueness

Uniqueness Score: -1.00%

Function 07B86920 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a146f725d0361f81dc33beece736d037cae24c2cf22d384784c33d5f56a7ba9
Instruction ID: 92fb1c87be000ced9382e69fb0f9623f6526b58da82c3377f46722311cd7ff2a
Opcode Fuzzy Hash: 3a146f725d0361f81dc33beece736d037cae24c2cf22d384784c33d5f56a7ba9
Instruction Fuzzy Hash: 5651D571A0031ADFDB14EFA4D854AAEB7B2FF88304F108569E915AB391DB71ED41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B8E218 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc2f63574d04148038aa5a46babbe59fe6d0324353edefd55fddd8c00fcbc54d
Instruction ID: 632e7f477f1d110d7c5d02e87887c7840231dbd3181823e3a47df504a070ecb7
Opcode Fuzzy Hash: dc2f63574d04148038aa5a46babbe59fe6d0324353edefd55fddd8c00fcbc54d
Instruction Fuzzy Hash: 5541B571B002169FDF55EBB5D9506AFB7FAFFC8610B10846AE506E7640DE31A8028BA1

Uniqueness

Uniqueness Score: -1.00%

Function 07B91BB8 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c884a24305f43f8a8c5655c95899632042f5734bc2260808f8259a92818b95
Instruction ID: e97074e58ee3782498155222b9e0d7dc6eea354342409c1cf8f622049991dce6
Opcode Fuzzy Hash: a5c884a24305f43f8a8c5655c95899632042f5734bc2260808f8259a92818b95
Instruction Fuzzy Hash: 0C31E0B131536A8FEF26473D941862E7AAA9FC1711F1480BAE512CB390CE39CC42C391

Uniqueness

Uniqueness Score: -1.00%

Function 07B9384B Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0fcc5affd6fbbbcfd7b067af5eea7a652ad9cb3cf39d3d856aafb41d4dcbba9
Instruction ID: c7e962943faa7548585f06f712f7603e5ca99f09bb38323374100200788748e5
Opcode Fuzzy Hash: c0fcc5affd6fbbbcfd7b067af5eea7a652ad9cb3cf39d3d856aafb41d4dcbba9
Instruction Fuzzy Hash: 47414DB4A002099FEB14DBA5D898B6E7BB6EB85300F144069E8129B394DF799C46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B8DB18 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cf20f808b536680aa94598519ceda3af537719923a0aea0e07f1dec2dfeb1ad
Instruction ID: bf929eb0e9b8ccd509c56791f18e346549cdc81a362a80cb4829b7ba266112f2
Opcode Fuzzy Hash: 1cf20f808b536680aa94598519ceda3af537719923a0aea0e07f1dec2dfeb1ad
Instruction Fuzzy Hash: 4A3196B5700206AFDB54AB79D85567E7BE7EBC8651B10846AE506C7380DE70DC02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B809E0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f0b62c1c29d85997ca6d0cf8d634c637eb6edfc0b05b0d5d0d73f0c1e7a4714
Instruction ID: da57f2f4cd84b6405d67540164e3c86363b7988ada47e243b98259269897b1c1
Opcode Fuzzy Hash: 2f0b62c1c29d85997ca6d0cf8d634c637eb6edfc0b05b0d5d0d73f0c1e7a4714
Instruction Fuzzy Hash: 99418FB0A1220ADFFB58FF58D554BEDBBF1EF44344F1480A9E401AB291C7799989CB10

Uniqueness

Uniqueness Score: -1.00%

Function 07B84601 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad004eab7c2da9e978ab5cd243df6b7d7a2511cca3c60f137e00572239013031
Instruction ID: e53a2618ac56ab6574e334fd9a81f299f5ca3028d49e7c30e21f231391e3f688
Opcode Fuzzy Hash: ad004eab7c2da9e978ab5cd243df6b7d7a2511cca3c60f137e00572239013031
Instruction Fuzzy Hash: 715150B8B00255CFE764DF29D958B59BBB6EF89310F1180D9E54A9B3A1DB70AC80CF41

Uniqueness

Uniqueness Score: -1.00%

Function 07B886D0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e19c2a3ca012cd4eb57977a40b0da687516010c6b9c01d3d5948c7d5c45bd85c
Instruction ID: b4e3f014dd83df20ca14ea78ddc776541f5c3c466432144df61b60b521cf4e9e
Opcode Fuzzy Hash: e19c2a3ca012cd4eb57977a40b0da687516010c6b9c01d3d5948c7d5c45bd85c
Instruction Fuzzy Hash: 0F4170F5A0020A9FDF40EFA9E844AAEBBF5FB48310F104569E915E7340DB749D51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07B86ADB Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47588719df574bd277a798a74f8ccc04c301b765279ac4cb65044c6a907a5dd
Instruction ID: 33ec28d3f63a273cae41f5eebfd50f94c141afa1a210a4ff051159a0c393f472
Opcode Fuzzy Hash: d47588719df574bd277a798a74f8ccc04c301b765279ac4cb65044c6a907a5dd
Instruction Fuzzy Hash: 4141ACB0A00306DFD724DF69D884B9ABBF2FF88300F00852DE05A9B691D734AD45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B81FD0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff3c73c08b66aae9f1b08876e1b247240aa64c9d7e91a496b9d1acb2c98f7c6a
Instruction ID: e05b00d47e5b49bae287081ddb40dad00ebd56d3006d8a07504eb0e06fcff330
Opcode Fuzzy Hash: ff3c73c08b66aae9f1b08876e1b247240aa64c9d7e91a496b9d1acb2c98f7c6a
Instruction Fuzzy Hash: A441D2B47502018FD798EB29C898E6973F1FF8962179288E9E516CF771DA71EC01CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B86AF0 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73a836c0b2868b548766a69f2be1e87b1245b3bd3107d7c07eac260f1b23c0da
Instruction ID: 0a53cfb20e9f22bff9ea6db233b221d81311764f02211ec7e39e7c7c9d4be9df
Opcode Fuzzy Hash: 73a836c0b2868b548766a69f2be1e87b1245b3bd3107d7c07eac260f1b23c0da
Instruction Fuzzy Hash: 824179B4A007059FD724DF69D884B9ABBF2FF88300F10862DE45A9B690DB34AD45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B91D28 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e6b685005f123153cf6b77adb801497c5288e3bc99fcf80d7c02b3cc2e61e95
Instruction ID: cf823a8220be5fd57153ffab0f93df8723bbcea7df3dfd4a43c41fb2353a1cdd
Opcode Fuzzy Hash: 4e6b685005f123153cf6b77adb801497c5288e3bc99fcf80d7c02b3cc2e61e95
Instruction Fuzzy Hash: 52318FB070060F8BFF285A2D855477E76E6EF89344F1444B9D4229B394EE75CC429791

Uniqueness

Uniqueness Score: -1.00%

Function 07B81FC1 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 189f3ade76647026244f0587304128032cf4fda2489505aa7a2b89b220b75589
Instruction ID: ef0fad1fec006e49f2880872976811b0dd6e465f165fb2f7201c591969434d91
Opcode Fuzzy Hash: 189f3ade76647026244f0587304128032cf4fda2489505aa7a2b89b220b75589
Instruction Fuzzy Hash: A441EEB43106018FD794EB29C898E6977F4FF4A62575244EAE516CF672DA71EC01CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07B82C50 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48915fa71d2f9445a13b590c0c145dbb14da6b35d4851cd0b92701e870c49b0e
Instruction ID: 4562d1eb0569512082342ba87eff47cb967fe5686ecc8a73d5315dcdada5d553
Opcode Fuzzy Hash: 48915fa71d2f9445a13b590c0c145dbb14da6b35d4851cd0b92701e870c49b0e
Instruction Fuzzy Hash: 0B418EB5A00705DFD724DF68C454AAEB7F2FF88310B148A6DD516AB360DB31AC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B9F418 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73380656c03716221562f80d3ea9a59cf9e0f6d9b9d25f6df4b3e68cb6216ebc
Instruction ID: 270d68501f9efd30f7710dd9ad46add279da476f96e19cf10b1069f8e7574a51
Opcode Fuzzy Hash: 73380656c03716221562f80d3ea9a59cf9e0f6d9b9d25f6df4b3e68cb6216ebc
Instruction Fuzzy Hash: DA316B71304345AFD705D7A9E81495FBBE6FFC5210B00886EE155CF340DA35AC04C3A2

Uniqueness

Uniqueness Score: -1.00%

Function 07B82C60 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3331b0003419f335c53274b0247897d1bf8490e30deadd5853842b347089c8c9
Instruction ID: 08836d9b2d7a3dc898cc1687b27f18ba64a8139a605fffce891511cfdd941eea
Opcode Fuzzy Hash: 3331b0003419f335c53274b0247897d1bf8490e30deadd5853842b347089c8c9
Instruction Fuzzy Hash: 62416DB5A00705DFD724DF69C49499EBBF2FF89300B248A6DE506AB360DB31AD45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B85D6F Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aae0d207a02977349b8a6768670070d3e91d768b3d9ad7ea15666fedb80ae2e
Instruction ID: 485ca1e12b10e6e627cf5283e0ad61118b4cbe27518df5f250da4839d36b3336
Opcode Fuzzy Hash: 3aae0d207a02977349b8a6768670070d3e91d768b3d9ad7ea15666fedb80ae2e
Instruction Fuzzy Hash: 0141BFB4610205DFDB68EF68D598E59BBF2FF48315F1584A9E8069B3A2DB31EC41CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07B81698 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12b10bc4b06c08566bdb55d88afa434501d3c400356cd6324d15216603ce6273
Instruction ID: c1be5a0af3e8a579409992452a937b547e7382118103e685f63c6feb3ce89e60
Opcode Fuzzy Hash: 12b10bc4b06c08566bdb55d88afa434501d3c400356cd6324d15216603ce6273
Instruction Fuzzy Hash: E63118F8A1221D9FEB54DFA9D440AEDBBF1AF49320F1484ADD811AB250D7309C42CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07B9F556 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecda6255a337bced4b28d2b1b25fea1b0dca54feec5f98942bb7e1498932751
Instruction ID: e1e89ca8797eb6e305420ae2fca5d14eb28c640c06e20c96205c7b7d0042df7a
Opcode Fuzzy Hash: eecda6255a337bced4b28d2b1b25fea1b0dca54feec5f98942bb7e1498932751
Instruction Fuzzy Hash: 3D3130B1B002059FDF18DFA9E4546AEBBF6FB88220F148479E425E7354DA719801CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 07B891E9 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e1a028132c26ce25961edf39cb710aee3ab8d7fd6bfbe2ffab3f8425642c22
Instruction ID: 5a43de718972d17f20f6a189fde0b69969acaa8bc94eae9930f3da5778408759
Opcode Fuzzy Hash: d2e1a028132c26ce25961edf39cb710aee3ab8d7fd6bfbe2ffab3f8425642c22
Instruction Fuzzy Hash: F331F7B4A00615CFEB64DF69C494BA9BBF2AF49314F5580E9D40DAB362DB30AD81CF40

Uniqueness

Uniqueness Score: -1.00%

Function 07B89E7A Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a316c66b7776ff11b66c3259368c7a027ca1757456ddc6640eff7e9abf1eb1b
Instruction ID: 686d21e783c103e0389369874a27fcfae4f3e99f83f5065a9f3dc18c7125c410
Opcode Fuzzy Hash: 1a316c66b7776ff11b66c3259368c7a027ca1757456ddc6640eff7e9abf1eb1b
Instruction Fuzzy Hash: 7B319A70A06245CFD705DF68D194A9DBBF2EF06310F16C0AAE405AB3A2C738EC46CB41

Uniqueness

Uniqueness Score: -1.00%

Function 07B98598 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f94ff5b5573748406454e0c1147a0db686ce9eedc60ff2a76b789bac451ab64
Instruction ID: de974beba5205b40d6d74b0de71e573349a26474752638c40582f1297a41d9d7
Opcode Fuzzy Hash: 1f94ff5b5573748406454e0c1147a0db686ce9eedc60ff2a76b789bac451ab64
Instruction Fuzzy Hash: 5E21CEF2604202AFEF059F69D800BBABBE5EF46204F0484AEF865DB291C735DD15CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B891F8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd824506e1660b01eccd75548650b5d796cdffd5d0a9a4ecc1a266ff25374acd
Instruction ID: 093568cf76438d87a971d42db4698b7b7b7fe2629357b7bd92cbca147386df4c
Opcode Fuzzy Hash: bd824506e1660b01eccd75548650b5d796cdffd5d0a9a4ecc1a266ff25374acd
Instruction Fuzzy Hash: 1331B7B0A00619CFEB64DF69C494B59BBF2AF49314F5580E9D40DAB362DB30AD81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 07B91AA8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6d566545aef43c87c4bc98f917547f2b1f568ee1dabd436a8e62e05edb958f6
Instruction ID: a812478f59422174ff306594ba1a1f53024b691cd793d1118ebc063ecc0170a1
Opcode Fuzzy Hash: f6d566545aef43c87c4bc98f917547f2b1f568ee1dabd436a8e62e05edb958f6
Instruction Fuzzy Hash: 8F318FB5B0010A8FDB00CF69C4849AEFBF6FF88314B1485A9E9159B355DB74ED41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B96B60 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ed7f72f62fbe573cc5950265c45e6b5e2aca7dfeac550ac64b9f1d5ea045eb
Instruction ID: 767619d52fd9c93d8eb080cee87905efcc1567ad3b8317644a5b7e4801917f15
Opcode Fuzzy Hash: b0ed7f72f62fbe573cc5950265c45e6b5e2aca7dfeac550ac64b9f1d5ea045eb
Instruction Fuzzy Hash: A1212DB1E00109CBDF14DFA9D958AEDBBBAEB88315F1080B9E521A7251DB716C45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 013DD40C Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45458595106.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13dd000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1d39cb525d55e62d84523f2efb09a835a4a89dbb26043d95dccc5d0bd35bf8c
Instruction ID: 06ae2b186b9ed34ca3a7bdbaaf7a349d4a0ff6183ef2e1a7a4850b57e46ee39a
Opcode Fuzzy Hash: b1d39cb525d55e62d84523f2efb09a835a4a89dbb26043d95dccc5d0bd35bf8c
Instruction Fuzzy Hash: 7D210672504340EFDB05DF98E9C4B56BB75FB88318F20C569E9091B686C736E416CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 013DD5E8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45458595106.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13dd000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc693977c70cc3033b8733eb15148662249ae9de59e2301f843e571575aff774
Instruction ID: 5a62878b64324a372095fe76d30cf5add845605328fe6dca34b0ad8c61012177
Opcode Fuzzy Hash: fc693977c70cc3033b8733eb15148662249ae9de59e2301f843e571575aff774
Instruction Fuzzy Hash: B4214872500304EFDB05DF98E9C0B16BB65FB88328F60856DE80D0B686C336D455CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 07B88828 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea240d3e473358c55fb35b8c1626336d061f118ecc25678ee0ec60b44ed63c3d
Instruction ID: 0fd6c7950ef20a79b9115fed8809be7cfd4668c718324f5c556eb5994520b867
Opcode Fuzzy Hash: ea240d3e473358c55fb35b8c1626336d061f118ecc25678ee0ec60b44ed63c3d
Instruction Fuzzy Hash: 2C21ACF1B2060ADBEB28AAA5D99856EF7A6EB84211B5081BDC51687240DB71DC02CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 07B97700 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93792c944d64159619018dec8c260f15a9540b5be1e4555819ae085f77278258
Instruction ID: 3d197c5d03927197e179c759d3b8feff04c0e58e344a123163fde0fa7f3f5770
Opcode Fuzzy Hash: 93792c944d64159619018dec8c260f15a9540b5be1e4555819ae085f77278258
Instruction Fuzzy Hash: 953138B5610205CFEB14DF68C958A99BBF6EF48321F1440B9E406A73A1DB749880CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 07B8C388 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb9537f2313ecd34f110927dc3aebe26236c889b4d4737fd36c6e47d7af44439
Instruction ID: 0e2af9dfd9ee1716e739964f9925cd49b5302355e7258d6076e3851f2d81910d
Opcode Fuzzy Hash: eb9537f2313ecd34f110927dc3aebe26236c889b4d4737fd36c6e47d7af44439
Instruction Fuzzy Hash: 4D21A1B4B042159FCF04EBB9D85496EBBF6EF89600B11006DE10AE73A0DE719C06CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07B8A655 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c427adad4095a94a85ec28b33d74df5846f10b59404a460203c384daf891f991
Instruction ID: a242e3f44e8fe9edba55f040ce9ed8c22d352499194b2d7852ea0a15103813fb
Opcode Fuzzy Hash: c427adad4095a94a85ec28b33d74df5846f10b59404a460203c384daf891f991
Instruction Fuzzy Hash: 24213DF5A10209CFEB54EBA8D4545ADBBB2FF88301B148069E905AB361DB30AC42CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07B8A540 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30637d4bdd00a745e1050df0ca1056eaf44a2136ebf77dff64a7ecdd9893832
Instruction ID: cfc546070c2073e2a5b431989ae0cc9a448e822601b566bf3fdcf08a0559499d
Opcode Fuzzy Hash: a30637d4bdd00a745e1050df0ca1056eaf44a2136ebf77dff64a7ecdd9893832
Instruction Fuzzy Hash: EF31E8B4A00219CFDB94DB59C588A9DBBF1BF48321F15C0AAE409AB351D775DC42CF80

Uniqueness

Uniqueness Score: -1.00%

Function 07B95D3A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 546b0fa367be122d2a641c1da9c91d5647475e8af3e165596e932ba0c8dc7a7a
Instruction ID: c082e30b38140ded94c0bd797c9b7d5d54cae8b4ebfcec9968ede231774c257c
Opcode Fuzzy Hash: 546b0fa367be122d2a641c1da9c91d5647475e8af3e165596e932ba0c8dc7a7a
Instruction Fuzzy Hash: 2D215CB1A102059FDB29CFA5D858B9EBBFAEF88701F04847DE456A7290DB719844CF50

Uniqueness

Uniqueness Score: -1.00%

Function 07B80C80 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e029cecd4a65520decd0807c92094081d27928c5c145636aaa3aebd5c2d0049
Instruction ID: 755cc2f1a5cc50bfc2409644899977e6acdbebd4c0b785491ba14518600fa908
Opcode Fuzzy Hash: 7e029cecd4a65520decd0807c92094081d27928c5c145636aaa3aebd5c2d0049
Instruction Fuzzy Hash: 5E2137B26043068FDB15EFA8E85869FB7B1FF85200B10896ED4569B344DB71AD04CB95

Uniqueness

Uniqueness Score: -1.00%

Function 07B976EF Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a20bac7caedf83672b795225a3418ed2c24f4d389fe108fa0399c58be9f415c
Instruction ID: 29bb38a1a99f6a4cc8ff61a122e74001a22d647fe0d478b6db6e4b395fca9314
Opcode Fuzzy Hash: 4a20bac7caedf83672b795225a3418ed2c24f4d389fe108fa0399c58be9f415c
Instruction Fuzzy Hash: 162139B4710211CFEB18DF68C958A9D7BF2EF48311F1540A9E405EB3A1DB75D881CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B81B88 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 254ad451dbf57c8cefc8720ba0cd3f5e5fc9229a61883284f1ef76f9657c4701
Instruction ID: 4bfb9e4806ec8e16b4730181b583378a9e0e71af9c213fb5802ff7d221e239f6
Opcode Fuzzy Hash: 254ad451dbf57c8cefc8720ba0cd3f5e5fc9229a61883284f1ef76f9657c4701
Instruction Fuzzy Hash: 3621F1713103558FD719DF69D854AAABBF2BF84200F05C86EF4868F662CA74ED06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B81B98 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea0a16f213d464a40db7726cc1bb3fa9d3108bbd290cf415b0166739b694d8c5
Instruction ID: 7e7703db098d3a3a937c0d5761db4dc40b6d88912863b545e6aebe711178f94e
Opcode Fuzzy Hash: ea0a16f213d464a40db7726cc1bb3fa9d3108bbd290cf415b0166739b694d8c5
Instruction Fuzzy Hash: 892101713103558FD718DF6AE858AAABBE2BF98200F04C42DF4868F251CA75ED06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B9DF18 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63840430e550e6e41554f51abddb040d9f6d0e2500c75830a03b121f5954cd89
Instruction ID: 844fde338eaf4457cf36fd0d44535a172e5c3a774847bda8ba3163db65d9769e
Opcode Fuzzy Hash: 63840430e550e6e41554f51abddb040d9f6d0e2500c75830a03b121f5954cd89
Instruction Fuzzy Hash: C3216AB5B006169FDB15CBA8D840AAEBBF6FB88311F00826AE518DB750D631AD15CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 07B8A550 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f684be44569fa5fa63442c948aefa86def8425eb5142802a0034de5d2bfe47b
Instruction ID: e5ef31adc1d9a19a099f1eab1748f8dd343b6871c9f7c7c9441fbc6974a3f759
Opcode Fuzzy Hash: 0f684be44569fa5fa63442c948aefa86def8425eb5142802a0034de5d2bfe47b
Instruction Fuzzy Hash: 9921C574A00259CFDB94DB99C484A9DBBF1BF48320F15C1AAE409AB361DB75EC42CF80

Uniqueness

Uniqueness Score: -1.00%

Function 07B95C3A Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95a02a7dc2893c577695c14155a2d8411dc613bf12ed7e14efc63ab050496761
Instruction ID: b573e63bbc1a7daeed2e7013382c1d8e7d1f4863f8cbee21950519ef5e375315
Opcode Fuzzy Hash: 95a02a7dc2893c577695c14155a2d8411dc613bf12ed7e14efc63ab050496761
Instruction Fuzzy Hash: DE11E9F2A493899FDF228A7099003A9BFF4DF42110F0845F7C458D7191D6398A64C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 07B8881A Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57cbb9ec1d5c83cc6728e8a0bedf2d9f2fd3eaf31d4962dab6005b804a4d61e0
Instruction ID: 6d048a60263cb0ae9c301bfeed1d5f9dc7c85acc38b6065eb250e93445f761c3
Opcode Fuzzy Hash: 57cbb9ec1d5c83cc6728e8a0bedf2d9f2fd3eaf31d4962dab6005b804a4d61e0
Instruction Fuzzy Hash: 0121C0F1B20606DBEB24AAA4C59863EB7A6EF84211B5481BDC91697380DB75DC01CB81

Uniqueness

Uniqueness Score: -1.00%

Function 07B8DE80 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7cf4c0cc981cf417b95c34f511a6b6cdc151409ffe6d94a15af35563843c333
Instruction ID: a4ad9c6353f2732052f9e7129b5fecf2253e46e431e4c4ca871ade74d28235f1
Opcode Fuzzy Hash: c7cf4c0cc981cf417b95c34f511a6b6cdc151409ffe6d94a15af35563843c333
Instruction Fuzzy Hash: 701163B5B002199FCB44EFA9D8448AFBBF6FB8C611B10856EE91AD7340DB309E04C791

Uniqueness

Uniqueness Score: -1.00%

Function 07B984F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a41ff8eb56c22c01ce857da367b03f919d94210a67915ff748b1f5901cc1b4bd
Instruction ID: a2d2afda9ad754afa9fc2250499de55fcac90abb6d3a09cdb659b15b7fd1bf82
Opcode Fuzzy Hash: a41ff8eb56c22c01ce857da367b03f919d94210a67915ff748b1f5901cc1b4bd
Instruction Fuzzy Hash: B2216A756003059FCB14CB68D880EA6BBF6FB89310F1486A8E9599B352D671FC45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 07B8DE70 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3f10f01aceb3ba43bc0c88fe936243ebc8171f3ba0b03e68e77f7db02b4acbb
Instruction ID: 100bfb221392206bc798123b6879e414a28c9542580da472467c6a0bd11c438e
Opcode Fuzzy Hash: d3f10f01aceb3ba43bc0c88fe936243ebc8171f3ba0b03e68e77f7db02b4acbb
Instruction Fuzzy Hash: DB1127B6B002599FCF04DFA8EC449AF7BB5FB89320B1545ABE909D7291D7308D00C791

Uniqueness

Uniqueness Score: -1.00%

Function 07B81CDB Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d3504211cfde3a5d4ace7b678abdb8a2cb71084b3cf1319b3e53e09e546d258
Instruction ID: 555145f34244fa5593f661b7f211d0174ac3949a65f660c3a59c2676ddbc3f02
Opcode Fuzzy Hash: 8d3504211cfde3a5d4ace7b678abdb8a2cb71084b3cf1319b3e53e09e546d258
Instruction Fuzzy Hash: B01163F4A0111E9BEB68EEAADC107BF77F2FF84600F04856EC451AB258DB355516CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B83C78 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceec2f4518cda861849ecc8c38e6fce0019c889c8be22468ae7ed5d50f10be95
Instruction ID: 45d26803e49af33afccb334766b32ed0756c7995be41fb8790235738513cf383
Opcode Fuzzy Hash: ceec2f4518cda861849ecc8c38e6fce0019c889c8be22468ae7ed5d50f10be95
Instruction Fuzzy Hash: AD1169B1F0021A9BDF90EAADD8011EEB7F4EFC9A55F50407AD908E7200D7319956CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 07B981C8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de66412b2d44b8e6e89e9de2f6457ba5a6b5b4c3421b68f40d60efa596d00ba
Instruction ID: 40b8fb8e68f512e77b6c18785974e61356d61b3c0231a0b1901dc3b11e6e0620
Opcode Fuzzy Hash: 7de66412b2d44b8e6e89e9de2f6457ba5a6b5b4c3421b68f40d60efa596d00ba
Instruction Fuzzy Hash: AE115E75A006069FDB14DFA9D8849AEF7F2FF88200F00492DE515AB300DB71AD058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 013DD407 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45458595106.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13dd000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d0cd2ddd1465db2064bf115fa722cd87aaac08bcebc680ecfbb076bd955fd51
Instruction ID: 81016b09414a4aafc68a5c098b5d71492ec7374d5ad63946c3af093f4e6f045f
Opcode Fuzzy Hash: 5d0cd2ddd1465db2064bf115fa722cd87aaac08bcebc680ecfbb076bd955fd51
Instruction Fuzzy Hash: BF21A276504280DFDB16CF54E9C4B56BF71FB84314F24C5A9D8084B656C33AE456CB91

Uniqueness

Uniqueness Score: -1.00%

Function 013DD5E3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45458595106.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13dd000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce7f618f9ccb5d1df1723beebacffb7a80c325f6504e5a80ab54785dc3fd45b
Instruction ID: 839a48acba1b4e714028997a7f0eba4ece2d8ea8aae776138078ad720cb9627d
Opcode Fuzzy Hash: 6ce7f618f9ccb5d1df1723beebacffb7a80c325f6504e5a80ab54785dc3fd45b
Instruction Fuzzy Hash: E511D376504280CFDB16CF54E9C4B16BF71FB84328F2486A9D8094B297C336D45ACBE1

Uniqueness

Uniqueness Score: -1.00%

Function 07B9EC60 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17bafa06d27e86afe1aff9c0da8f76ceabe9e6a33a339d3a137b3778f7c20cd3
Instruction ID: 14dd6b3a1ee4cebb62a9ac031861a9f4c2ce798c6eba28383d4efb31c3dfa7ae
Opcode Fuzzy Hash: 17bafa06d27e86afe1aff9c0da8f76ceabe9e6a33a339d3a137b3778f7c20cd3
Instruction Fuzzy Hash: D811C8B1A047448FEB24CB69C8547AEBFF2AF88310F1844BDD442A7791CBB1AC45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 07B87AE0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49a1215688e023b24f497c9de70d5aebb67c9ea20494f0f64d9fb9c52fecf229
Instruction ID: 1f9b7973db412e8f50e3fea859f285085735fd1228d476dac3860842000b4240
Opcode Fuzzy Hash: 49a1215688e023b24f497c9de70d5aebb67c9ea20494f0f64d9fb9c52fecf229
Instruction Fuzzy Hash: BDF0D6F3B042260BAB6475B9786423EAACBDBC4575728017EF50AD7380DE64CC0087D1

Uniqueness

Uniqueness Score: -1.00%

Function 07B86D90 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09af2f9d90444a7aabf1e71fd6ccef7a9f95b039eba6ef2ba1df1e103719e6ce
Instruction ID: efaea4a2f76cfadd832b8b75805602799163741fb2f535dd2a0f061f603f213a
Opcode Fuzzy Hash: 09af2f9d90444a7aabf1e71fd6ccef7a9f95b039eba6ef2ba1df1e103719e6ce
Instruction Fuzzy Hash: 4E118BB5B106159F8B15EFAAD44996EFFF6FF88710710812AE91A93340DF349D02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07B86D80 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c41cbe172f1dec03f2edee575404c584ebc02ba99387e326b38da84da6d15efa
Instruction ID: f82a7c9e314d51527d503b6cdb2116ef67c180eb1230996e3960718ce2db71b3
Opcode Fuzzy Hash: c41cbe172f1dec03f2edee575404c584ebc02ba99387e326b38da84da6d15efa
Instruction Fuzzy Hash: D911CEB5B006018FCB24DBA9D58496EBBB6FF88311701802AE81A93340DF308C02CB80

Uniqueness

Uniqueness Score: -1.00%

Function 07B92938 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3560ba349ac65cf472a2e3bc98efe1e7e3f536846e579da29363a7fdacb7ca
Instruction ID: 5f57ce85c013e400f019928797c33ec31c3be294088d2eabb4aece702662f9bb
Opcode Fuzzy Hash: be3560ba349ac65cf472a2e3bc98efe1e7e3f536846e579da29363a7fdacb7ca
Instruction Fuzzy Hash: 1F1136B4E0120A9FDB80DBB8D4456AEFBF5BB88200F5491BA9868DB341DB34D841CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07AFFEC6 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70c4c1a7e0241b17b735b89bfa9d27fb00e897bc2bcd33ab2e6b6a0a618655c
Instruction ID: cfd9b2e66daeadda64fb22bd969507017731dcd78da8b0cc37cf06144cfd8226
Opcode Fuzzy Hash: a70c4c1a7e0241b17b735b89bfa9d27fb00e897bc2bcd33ab2e6b6a0a618655c
Instruction Fuzzy Hash: C6018F71340300ABFB99BA319C51B7D3393ABC5714F2448B9E5215F7C1DEB698568744

Uniqueness

Uniqueness Score: -1.00%

Function 07B851DD Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 984015460dcf46e43a2c6c05cfea22a128ef49b2edb327e3eaff21be4405aa8c
Instruction ID: f73a3737dd973cfc158216a576222a103c0211f6080f6660dded70957edcb60a
Opcode Fuzzy Hash: 984015460dcf46e43a2c6c05cfea22a128ef49b2edb327e3eaff21be4405aa8c
Instruction Fuzzy Hash: BB11A1B5A00105DFD744EFA8E484A9CF7B2FF84314F5880D9E4069B292CB32ED42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B8CE18 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc023222e977bffca5d36c156434240193b9d8194fc68db7aa3b50fcfde4114e
Instruction ID: f3de3272b4c79f87fc844846f681012c6a42e0396c09d7b6464266e02ad83d4a
Opcode Fuzzy Hash: cc023222e977bffca5d36c156434240193b9d8194fc68db7aa3b50fcfde4114e
Instruction Fuzzy Hash: F101A9F13102019BE764656DD484A1ABF99EBCE962B1048FBE407C3711DE70EC40D6B0

Uniqueness

Uniqueness Score: -1.00%

Function 07B87AD0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 368071173d7f4b44b905984b14c76e136cdc740c6eb0852fe8318e23bc8eae18
Instruction ID: d5a9af69e6d5575d2259e12b3ca9891778a3ce6a03c89b7692f3b7b1bdc8d5d7
Opcode Fuzzy Hash: 368071173d7f4b44b905984b14c76e136cdc740c6eb0852fe8318e23bc8eae18
Instruction Fuzzy Hash: 3D0126F2B047170BFB256AB8282433EAAD6CB84165B1801BDE506DB3C0DE68CC408791

Uniqueness

Uniqueness Score: -1.00%

Function 07B851C6 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 707c0aebf2893b4ab5a8abaa3ec44b896b6a63459a969623b0dd85fbd2df2ed5
Instruction ID: 26ac1e2665d18a2c472070fcaa33f31c3187d10c85283fb6924afccce47b2bab
Opcode Fuzzy Hash: 707c0aebf2893b4ab5a8abaa3ec44b896b6a63459a969623b0dd85fbd2df2ed5
Instruction Fuzzy Hash: AC115BB5A10105DFEB54EF98E484A9CF3B2FF84314F5884D9E40AAB291CB31ED45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B9DF28 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212d7b48f53bb12351ba985e934440cb81084800853b08cd4853387203c209e1
Instruction ID: cb6e206a792bbb105c2c8f5e132716681df5dbee2c0133c894472a503e2a1508
Opcode Fuzzy Hash: 212d7b48f53bb12351ba985e934440cb81084800853b08cd4853387203c209e1
Instruction Fuzzy Hash: 19015B3561061AAFCB00DFA8D88599EFBF6FF88310B008229E50997750D771AD15CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 013DD921 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45458595106.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13dd000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d5eb1d3a9197d64665f64b48fb665ab6c3fecd67da849af5fe3a8da0ae62340
Instruction ID: bb179258e2e823d27498b8cf1f4df9eb96c2527e645462d9a6e1b8e3df56d706
Opcode Fuzzy Hash: 8d5eb1d3a9197d64665f64b48fb665ab6c3fecd67da849af5fe3a8da0ae62340
Instruction Fuzzy Hash: D101FC720043449FE7108E6AD884726FF9DDF41228F14845AED891A1C3D2369844CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 07B87640 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81dc718a2dd8fa5d2d2e8610f2fdc27cfe64904dfe33dac744b6fffb922b1152
Instruction ID: b88457f80419d401091167a6bdf1f9f56a524a8db8ecd499970a438b49c2a773
Opcode Fuzzy Hash: 81dc718a2dd8fa5d2d2e8610f2fdc27cfe64904dfe33dac744b6fffb922b1152
Instruction Fuzzy Hash: 670126713093409FC706DB6AD84494AFBE5AF85210715C9AAD159CB212CB34AC45C791

Uniqueness

Uniqueness Score: -1.00%

Function 07B87630 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0556d6d3b24c2e4e7369fa1d459849a88c0bf7338d7c4d281897ce051dd4f5b
Instruction ID: 4917ec492f1af4dd42af70884ec79a328435ce3952177645b777da0ab075ce84
Opcode Fuzzy Hash: a0556d6d3b24c2e4e7369fa1d459849a88c0bf7338d7c4d281897ce051dd4f5b
Instruction Fuzzy Hash: 2BF0FFB27046009FD710DA5AD88899BF7E6EFC0320714C93AE019CB240DA75FC4187D5

Uniqueness

Uniqueness Score: -1.00%

Function 07B8CE08 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9c5e9b9c666ab753eb0e32b91b8f04db771ab2f0371a68f92a7638ac96c1404
Instruction ID: ffff783c7efc4a79db9d68255cd91e3eb03204f847be4932b880d69ac2057289
Opcode Fuzzy Hash: e9c5e9b9c666ab753eb0e32b91b8f04db771ab2f0371a68f92a7638ac96c1404
Instruction Fuzzy Hash: 50F050F63142419FE761566DE884665BF94AB8E462B1844F7E545C3321DE20DC40E370

Uniqueness

Uniqueness Score: -1.00%

Function 013DD920 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45458595106.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13dd000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 976483fb129cfdada5f3093342120ba3da936781b72df4a5289ca43e5fa4c71f
Instruction ID: d809e2591545dba8985b54777cdbe60e4b3acc88ae404e74c23732fe03890516
Opcode Fuzzy Hash: 976483fb129cfdada5f3093342120ba3da936781b72df4a5289ca43e5fa4c71f
Instruction Fuzzy Hash: 0BF0C272004344AEEB108E5AD8C4B62FF98EB81724F18C45AED491F283C27A9844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 07B877C8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c4c3f998abc64a54905bcee8261a3630761687552323ddabd0aacaf3c2d89a
Instruction ID: 1e9b3a3a4de7a494cc7973d0c0beef10b337c675e71649df696391d5502f7ba4
Opcode Fuzzy Hash: b2c4c3f998abc64a54905bcee8261a3630761687552323ddabd0aacaf3c2d89a
Instruction Fuzzy Hash: 84F0B4B6B001049FDB14ABB8D9882DDFBA79F88216B14593FD506A7385DE70581D8790

Uniqueness

Uniqueness Score: -1.00%

Function 07B96250 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcd58d8a3bec72f2d68c012bfcad6dab07d5f043163f53955fe515dcd56c398d
Instruction ID: a05e44ed79c43f1b08b85a9b288dd01fab1dc11b17447f41fbeeee1f036a4e81
Opcode Fuzzy Hash: bcd58d8a3bec72f2d68c012bfcad6dab07d5f043163f53955fe515dcd56c398d
Instruction Fuzzy Hash: DFF03C75E042089FCB04DF69D4448DEBBB6EF8D320F11807AE815A7350DA30AD04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07B93F58 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a24296c4c306c7c0251b3b0a8a8c880f866d89b786a61fdc0930202a23ffe5d7
Instruction ID: ed82ca26b33f99500c5e56484e862e83ea6fb2e499c94e8736b051f9629905a2
Opcode Fuzzy Hash: a24296c4c306c7c0251b3b0a8a8c880f866d89b786a61fdc0930202a23ffe5d7
Instruction Fuzzy Hash: 46F082B2A04254AFCB15CB69E8196DD7FF6EB8A212B0980BBE055C7752D9384901CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B85F0D Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85d5c99574126e6d440c981beacd02ed2ca3ff1ad8be6038aa2d6c4db9a9ec2e
Instruction ID: 181ed84f2946281dba88f0e4748dd20c7e9cb3efc352a7e4e5b346142a0c2952
Opcode Fuzzy Hash: 85d5c99574126e6d440c981beacd02ed2ca3ff1ad8be6038aa2d6c4db9a9ec2e
Instruction Fuzzy Hash: DF01A5B5A01209DFDB55DF98D598ADDBBF2AF08311F148089E401BB661C7309A54CF61

Uniqueness

Uniqueness Score: -1.00%

Function 07B886C0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3848554e2ba5425f6b3d6504f319e74f73c4bc31c5eed1fbfbc8360ad84aec
Instruction ID: c57097e5a107637e7cf69e25e4f071af854f62683b99a01573c7fb0dae0022db
Opcode Fuzzy Hash: 8a3848554e2ba5425f6b3d6504f319e74f73c4bc31c5eed1fbfbc8360ad84aec
Instruction Fuzzy Hash: FAF0E2B7E0011A8FCF11DFA8D881A9EBBB4EF08220F040162E518E3340D3318D2187E1

Uniqueness

Uniqueness Score: -1.00%

Function 07B98110 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c3961d260bc6387e5ae9f29b1899657cea85f828c1f2c901888b90bfd10337d
Instruction ID: 0bae93293927ebc27ce80bd466b1e9faf90d28abf64cfb697996908b5d586d9b
Opcode Fuzzy Hash: 5c3961d260bc6387e5ae9f29b1899657cea85f828c1f2c901888b90bfd10337d
Instruction Fuzzy Hash: 33F0A07A35121057C6292695B81977D3B57E7CDA26F154069F60A87380CE744C8387C6

Uniqueness

Uniqueness Score: -1.00%

Function 07B83C19 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eef97d230190937b25b0f4880df822e7f94f94edb8b05a61b27b0bf032a43e38
Instruction ID: 286de73db5c5cb00871bed567414ef771338276ada4f1520571c7eed8442279b
Opcode Fuzzy Hash: eef97d230190937b25b0f4880df822e7f94f94edb8b05a61b27b0bf032a43e38
Instruction Fuzzy Hash: D7F065E020E3D48FE7535239A9602983FB1DB23600B8E00E3E080CF6A3D60C8C4AC763

Uniqueness

Uniqueness Score: -1.00%

Function 07B8A37C Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec492bf9f07f20283face855d1ed9d090ff2679dfe7dec5364f018df1f600a4a
Instruction ID: b6e6c08891685e40b1751593fd0d658d8e69edc643fe5e415922cb86b981ed00
Opcode Fuzzy Hash: ec492bf9f07f20283face855d1ed9d090ff2679dfe7dec5364f018df1f600a4a
Instruction Fuzzy Hash: D9F027B5D083908FEB23A7ACE8043DEBFB4AF42250F1441ABC045D32A2DB380D09C782

Uniqueness

Uniqueness Score: -1.00%

Function 07AFBF22 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3923189aeaa1fa5bcbba3ce3fdd38902304721e682f478e3a5b1b91298634564
Instruction ID: f41016fa7a216161fa78d2db892c03899bb368b76f6d80baa03b13c6a4e054af
Opcode Fuzzy Hash: 3923189aeaa1fa5bcbba3ce3fdd38902304721e682f478e3a5b1b91298634564
Instruction Fuzzy Hash: 09F0B8B5610601DFD720EB69E1406AEB3B6FF80311F10856DE52687680CB3AEC8ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 07B81C80 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ef6122a8afa2956d281d9205813228d72405331cccc4c1665110f4b83b6e082
Instruction ID: dadff30b0bba8da18f6738f0e006b44efa1125df96331d63f9f37fcc9b9ffbf4
Opcode Fuzzy Hash: 5ef6122a8afa2956d281d9205813228d72405331cccc4c1665110f4b83b6e082
Instruction Fuzzy Hash: F7F055B2500705ABD310CF59E808F56FBE0FF84310F00C22EE1588B281DBB1A880C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 07B81B20 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5c032be405272ed0457eeb76fc03fbfb6f0cf3002c72d7aeb288102583f5dbc
Instruction ID: 36fe047dbb1d630ba2e5ac38b133bf28f3997b9074fb7ecaa3c66104a1c16633
Opcode Fuzzy Hash: e5c032be405272ed0457eeb76fc03fbfb6f0cf3002c72d7aeb288102583f5dbc
Instruction Fuzzy Hash: 87F0B2B96511088FDB08DF69D490D98B3B1FF59211B1140A9F5118F372D731ED02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B93F68 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0701dbeadba7893dda5d3e24d9fba6cb83c37c815e63ef972289c7098ab17ad3
Instruction ID: 354d7c68a7e432ae57bf12ca84229ef9edc6299828e988c18c06704b9977263a
Opcode Fuzzy Hash: 0701dbeadba7893dda5d3e24d9fba6cb83c37c815e63ef972289c7098ab17ad3
Instruction Fuzzy Hash: A5E012B2F14218AFCB18DAAAE81969E7BFADB88261F05C07BF415D3340DE3459018F54

Uniqueness

Uniqueness Score: -1.00%

Function 07B99270 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a9a93e495fbc55c34e53895af4d0aeecb6c4a3849e57a4abb6d0b7c2c51ffcf
Instruction ID: a48583e11ce94d7b7ef713ea285130bacea232f28277fa29d5da68123bef39f6
Opcode Fuzzy Hash: 7a9a93e495fbc55c34e53895af4d0aeecb6c4a3849e57a4abb6d0b7c2c51ffcf
Instruction Fuzzy Hash: EAE0D8B7200726ABAB108FA9EC44C9BBBADF7C8251301423AF815C3200DB31EC45C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 07B867B4 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4432df9ab0fd03535fb15e0e0e894ec04057fcdfc5e4cab077153392d7a9385
Instruction ID: 90b4ec5efe94c4890074aa545f8ec1a25183ef372607730ad6aaf8f90cdc3552
Opcode Fuzzy Hash: c4432df9ab0fd03535fb15e0e0e894ec04057fcdfc5e4cab077153392d7a9385
Instruction Fuzzy Hash: F4F0B279E01208EFCB04DF94E584ADEBBB5FF88324F208156EA11A7361CB31A940CF90

Uniqueness

Uniqueness Score: -1.00%

Function 07B98180 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3019a09f980d95a3a2ff79e99074f39bdcbd2a1cdf44420c4453d61eda46e5a
Instruction ID: 0452c9b3f695a8128c46a4ab92ccc2a25e31e58ac607f60e7742a240e5cf3189
Opcode Fuzzy Hash: a3019a09f980d95a3a2ff79e99074f39bdcbd2a1cdf44420c4453d61eda46e5a
Instruction Fuzzy Hash: F8E04FB2604635DBAB118B49EC8496BBBEDEB8D6603010176F915C7305CB71DC8287E1

Uniqueness

Uniqueness Score: -1.00%

Function 07B984A8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff075aad8802fa548975a6dac1beae930260d719a6a5cbc75406e54c44f3baf9
Instruction ID: b08db3e92b7e2a91a04dd4b8bf65c8db8f4ae5f50ece18b76df4c06432aca497
Opcode Fuzzy Hash: ff075aad8802fa548975a6dac1beae930260d719a6a5cbc75406e54c44f3baf9
Instruction Fuzzy Hash: C9E04F726042259FAB118E99ECC086BBBEDEB89270301417AE919C7301DB71DC4287E5

Uniqueness

Uniqueness Score: -1.00%

Function 07B81CD0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8a598acffafaf5aef915c0ab7dd36abad479ddbc73c9c8c68bac5621cba99c1
Instruction ID: 772db1d2b557b8751b183629505eaed6ccf6095194d66501bcacc6dbd3540c12
Opcode Fuzzy Hash: c8a598acffafaf5aef915c0ab7dd36abad479ddbc73c9c8c68bac5621cba99c1
Instruction Fuzzy Hash: FBE0DFB6680205EFE700DF94E585B89FFA0FF84364F10C12EE29DCA580D771A590CB81

Uniqueness

Uniqueness Score: -1.00%

Function 07B81CD3 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66aea85e5d9d42fd948706dcdd877f84ec59c90496368c2e178e9c82bd7fd32f
Instruction ID: 6ad0b20f9befe41864ce9d58a60160f5e659c2e194888019da42b6a2ce434a36
Opcode Fuzzy Hash: 66aea85e5d9d42fd948706dcdd877f84ec59c90496368c2e178e9c82bd7fd32f
Instruction Fuzzy Hash: ECE0DFB6640706FFE700DF64E484B99FBA0FF54351F10C52AE29ACA640D735A590CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07B9F62B Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79db42d41d7e3064213e355e536917e39c99574dfa16fec04caefa36ca7ebda1
Instruction ID: ff1bf7ec262fed2c2e8be244c7af7b040f14e8784e8cf70c940ddf41aefc5b30
Opcode Fuzzy Hash: 79db42d41d7e3064213e355e536917e39c99574dfa16fec04caefa36ca7ebda1
Instruction Fuzzy Hash: D0F0397A600209DFDF04CF90E4449EDBB72FF88225B14C1AAE925E7624C731D951CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07B85271 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f69511ff205263db49f2a3b43ec5ba6dc7d6c5e594267e8ecd4e813f7fef553
Instruction ID: a966c5a0f02dda9a44a7e71ed8261e2cf7672b7178ed57fdc7b8e1af44c3be8d
Opcode Fuzzy Hash: 6f69511ff205263db49f2a3b43ec5ba6dc7d6c5e594267e8ecd4e813f7fef553
Instruction Fuzzy Hash: B2E0DF367052585FC301972CA00899D7BE5EBD6220304806BEA06C7391CA688D028B90

Uniqueness

Uniqueness Score: -1.00%

Function 07B80653 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddae7173731351d74e764ed9fbde9a53d69006edad391b6ac9a2665cc970a0c6
Instruction ID: 60e86bf845c005e1eeaa02d4132b946c0c522c6c52947dec90c96776b3575f27
Opcode Fuzzy Hash: ddae7173731351d74e764ed9fbde9a53d69006edad391b6ac9a2665cc970a0c6
Instruction Fuzzy Hash: 4FE06DBAB0060A9FD714DF9AE440499F7E1FB88220B04C55AD9659B700C730E911CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07ACF1C8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a51fb85675b7e561b9f1d068b6f7f6a4b6b5004ba7e2c4163411412ab61b1cae
Instruction ID: 76b4abb517b382e8138daa051db27ea7fa2d9345850e58b483c3f294883b7f06
Opcode Fuzzy Hash: a51fb85675b7e561b9f1d068b6f7f6a4b6b5004ba7e2c4163411412ab61b1cae
Instruction Fuzzy Hash: 6CE08CB1245151DFDB41DB68E8888E27F76EB1A2303054392E9A4CB6B3C6248C51CB51

Uniqueness

Uniqueness Score: -1.00%

Function 07ACEDA5 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab882d152d3075ec28072cec8368dffe67ab71e64786f0e83ddbbac0a3d3e29c
Instruction ID: 9ffdaabc06f69d46f83244cfc3f839f7720c4e5ed9bba1156237984657fed018
Opcode Fuzzy Hash: ab882d152d3075ec28072cec8368dffe67ab71e64786f0e83ddbbac0a3d3e29c
Instruction Fuzzy Hash: 1FE046726002019FD660EA59E8457BDB3A2EB94265F00883AD52A87A41DB39A8468B42

Uniqueness

Uniqueness Score: -1.00%

Function 07ACEC13 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c649838164039e33375fd0310668d020fc376556b507d7f6a77effcc24e5d08
Instruction ID: 0e3b643b7d655dfdc090d4d39047454c42bdea85027b32c3dfa68a4f05c11685
Opcode Fuzzy Hash: 6c649838164039e33375fd0310668d020fc376556b507d7f6a77effcc24e5d08
Instruction Fuzzy Hash: 76E086736002019FD754E755F8457BDB3A2EBC4355F00843DD52B87541DB39AC074B42

Uniqueness

Uniqueness Score: -1.00%

Function 07ACEB8D Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bdb1e894e9ecf11be53f4daa89c61e37e0625e83925a9796980350e8554b0b4
Instruction ID: c4209bbf40e1a9b2e4dd2c0d85ae11bbf7975a8e183ce46fe62ade7f8067ba56
Opcode Fuzzy Hash: 5bdb1e894e9ecf11be53f4daa89c61e37e0625e83925a9796980350e8554b0b4
Instruction Fuzzy Hash: 1EE08C736002019FE750EB59E8457BEB3A2EBC4325F00883DD52B87A45DF3DA81A8B42

Uniqueness

Uniqueness Score: -1.00%

Function 07ACEB4A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c084379416c6bbaf5012bbc29c249873e247d9226f9d68e6c0532fd9ac8f8914
Instruction ID: 606dd9d447277dd4f3d70bfa5c9c58bf4f9f08bee0b0497a6950eda1bd18dfdd
Opcode Fuzzy Hash: c084379416c6bbaf5012bbc29c249873e247d9226f9d68e6c0532fd9ac8f8914
Instruction Fuzzy Hash: 2FE086732002019FD750E759E8457BEB3A2FBC4311F00843DD52BC7545DF39A8568B42

Uniqueness

Uniqueness Score: -1.00%

Function 07ACEA81 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e9490b2a239c5ab6a7d32c3a1c513f3a3a65c516384e875f5a5ad4ad6de8e78
Instruction ID: f782bee0224b69d92f235cc8f72a02be8a347af615d0a218be507ab9a3af16cf
Opcode Fuzzy Hash: 7e9490b2a239c5ab6a7d32c3a1c513f3a3a65c516384e875f5a5ad4ad6de8e78
Instruction Fuzzy Hash: 2CE08C736002009FD750EB59E8457BDB3A6FBC4321F00843ED52B87A81DF39A80A8B82

Uniqueness

Uniqueness Score: -1.00%

Function 07ACEAC4 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bebad38510964d6909c0775072d32b8aa565b943c66a29b2cf81f2ee0e37e8a
Instruction ID: d3660136c758a2cbb012f0ed07d6247b5a0f29956f7680555a19aac52da838b4
Opcode Fuzzy Hash: 2bebad38510964d6909c0775072d32b8aa565b943c66a29b2cf81f2ee0e37e8a
Instruction Fuzzy Hash: 75E08CB32006019FE750EB59E8457BDB3A2FBC4351F00843DD62B87A41DF39A84A8B86

Uniqueness

Uniqueness Score: -1.00%

Function 07B87AC2 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c45f57a516cd9d236be8b4957c2b6428cf431dcdf4f8a72a04694ee3eccc647
Instruction ID: 5c30b24b5f59168100840cf9ed4d5b51a1d8056fc3bd2b4e6bd991f7505e63bd
Opcode Fuzzy Hash: 9c45f57a516cd9d236be8b4957c2b6428cf431dcdf4f8a72a04694ee3eccc647
Instruction Fuzzy Hash: B4E04FBAB000189FDF009FE4E8546ACFBB2FB88314F108155EE06A7744CB355E15CB81

Uniqueness

Uniqueness Score: -1.00%

Function 07AFBCDF Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1af44f3e090d6e4398883956e9dc965a1e51cf767c5fcfb567b185cdae7ab32
Instruction ID: 305f6de56713be8981b969f19c23650ac7915e713f4652a215b92fd87bc6aae7
Opcode Fuzzy Hash: f1af44f3e090d6e4398883956e9dc965a1e51cf767c5fcfb567b185cdae7ab32
Instruction Fuzzy Hash: 29E086762406059FD750E755E8457BDB3A2EFC4321F00843DD63B87940DB3AA8564B96

Uniqueness

Uniqueness Score: -1.00%

Function 07AFC045 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34738257977327f4ff8b7dd911276951a56d67d4d8984f5217caae0f4396169d
Instruction ID: 66fc5570fb4fed54bb29ac722db3bce0f811c892aa7ae2077ff7f3e0591652ee
Opcode Fuzzy Hash: 34738257977327f4ff8b7dd911276951a56d67d4d8984f5217caae0f4396169d
Instruction Fuzzy Hash: 85E026722002008FE350D759F8057BDB3B1FFC4320F00843DD22B83540CB39A8068B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AFBEA2 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a306f287cf628e0aeeeb25867f376b31f6e3146f551a37ec81adcf5857a79806
Instruction ID: 024f3adbba9515a1424e65aa11b2ec7d4ff7447a6dfd540d0642d9ac22206bbd
Opcode Fuzzy Hash: a306f287cf628e0aeeeb25867f376b31f6e3146f551a37ec81adcf5857a79806
Instruction Fuzzy Hash: A5E0C2766402009FD750E7A9F8093BEB361FFC0321F00843DD62A87540DB3AA81A8B82

Uniqueness

Uniqueness Score: -1.00%

Function 07AFBE62 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ada662e2d8833f7b9209e7f3486a8012b8e909db791b1ccdad234400c14c1586
Instruction ID: 58e4552905a96153e10bd439c4b388e8cd9a471bc23a9500789ac5328d70939a
Opcode Fuzzy Hash: ada662e2d8833f7b9209e7f3486a8012b8e909db791b1ccdad234400c14c1586
Instruction Fuzzy Hash: 13E0C2766406019BD750EBA9F8493BEB3A1EFC4321F008439D62687540EB39A81A4B86

Uniqueness

Uniqueness Score: -1.00%

Function 07AFBDE2 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3a90818dd02ead00702a4aef1ae7e79599d6f757c93d9b23f5126bb955e0255
Instruction ID: 543e4f30a2d82ebe4ec93020b5af1772a574287fb7b94f58800ccf1231d2621f
Opcode Fuzzy Hash: a3a90818dd02ead00702a4aef1ae7e79599d6f757c93d9b23f5126bb955e0255
Instruction Fuzzy Hash: 96E0C2766406009FDB50E7A5F8093BDB3A2EFC0321F008439D63A87540DB3EA8164B92

Uniqueness

Uniqueness Score: -1.00%

Function 07AFBD62 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94996b8dae9254c381dc9381d349cd54a3b6fc999ce0fa48aafeb1a7ba3f9f41
Instruction ID: d80f005ca4b72936feb77d170a4813a0816d4a10ef0829a1fe98df971801c281
Opcode Fuzzy Hash: 94996b8dae9254c381dc9381d349cd54a3b6fc999ce0fa48aafeb1a7ba3f9f41
Instruction Fuzzy Hash: 1CE0C2766402019BD750EBA5F8093BDB362EFC4321F008839DA2687940DB39A8164B86

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4CAE Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffa26c403aec038c0c286b53096c09da3af24895ad6814fc8237df82b001d22e
Instruction ID: 934a55028a5ac804a734875cd3ca97c0f8559917e7f757946370cbd7363212a0
Opcode Fuzzy Hash: ffa26c403aec038c0c286b53096c09da3af24895ad6814fc8237df82b001d22e
Instruction Fuzzy Hash: 20E086722002008FC750E755E8057BD73A2EBC4321F004839D12B87580DB79EC464B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4CEE Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5d0992f5a9ec332e69be418a74cccdf4196a2cedb203c08bf27371e504b0cf9
Instruction ID: 14f6c638038641db63ed912e00cc7b5c495db1eba28f45b9cde1ac0cf54ce1df
Opcode Fuzzy Hash: f5d0992f5a9ec332e69be418a74cccdf4196a2cedb203c08bf27371e504b0cf9
Instruction Fuzzy Hash: 57E08C722002018FC760EB99E8057BEB3A2EBC4321F04883DD52BC7A40DB39AC468B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4C28 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d327438be99194c7e695bd9f93cd3c70c3b58fa66ed3a639ecc9cf57c96ec76
Instruction ID: cd70dd7f800a1a67442e86d08811f4e9c4d5a511517863491c776012b9097cd2
Opcode Fuzzy Hash: 8d327438be99194c7e695bd9f93cd3c70c3b58fa66ed3a639ecc9cf57c96ec76
Instruction Fuzzy Hash: 63E086722002009FD750E755E8057BD73A2EBC4311F008839D12B87540DB39AC464B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4C6B Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 497cc90d7325cb385dbdd0ee874364427d5dfa7b249223fd5e5994cefa2849be
Instruction ID: a46e788d6fb259649b11b07bbe9ae0ff44d241c82d114c57d78128cba27bd231
Opcode Fuzzy Hash: 497cc90d7325cb385dbdd0ee874364427d5dfa7b249223fd5e5994cefa2849be
Instruction Fuzzy Hash: 77E08C722002008FC790EB99E8057BE73A2EFC8361F008839D12B87A40DB39AC468B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4BA2 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f73e5dc0d4df2a3149a39142c827bf0e5bc59357010be8043a063347f5ff3555
Instruction ID: 4d20d4427cb8864f2bde077008cc1aed227e1f2c7f09b63ab00dd436017ba760
Opcode Fuzzy Hash: f73e5dc0d4df2a3149a39142c827bf0e5bc59357010be8043a063347f5ff3555
Instruction Fuzzy Hash: 28E08C723002018FD790EB99E8157BE73A2EBC5321F008839D22B87A40DB79AC468B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4BE5 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d605955018644b650fbab16d9c6b176a94e4970f665ad12f11c2abdfbf196bf
Instruction ID: 06296fb2a1d13792347526ef4ee00bf2bd9ae20a23f54bcfe2fb2ad6585bbe7b
Opcode Fuzzy Hash: 4d605955018644b650fbab16d9c6b176a94e4970f665ad12f11c2abdfbf196bf
Instruction Fuzzy Hash: 48E086722005018FC750E755E8457BE73A2EBC4321F00883DD52BC7940DB79AC468B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AFBA8C Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e70df0ac8fe56d36410a1bb321852712c29c32c87bf56ffd84459232e4a66557
Instruction ID: ce2890f3fb2fbbdee42b0c85cf2d62a2b6b2bb42156fa123de166d05e46a3790
Opcode Fuzzy Hash: e70df0ac8fe56d36410a1bb321852712c29c32c87bf56ffd84459232e4a66557
Instruction Fuzzy Hash: DFE08C766402049BE750E6A9F8053BEB361EFC0361F048839D63A87940EB3AA8164B92

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4A5F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9738bf3c0b1eb2f515f355ff295a21924e09d17634113a632903d5dc53fb8a1
Instruction ID: d66ca72d464a06ef2e6e9782d296223e89e63a6e83b72767ac0ce0a2e4875974
Opcode Fuzzy Hash: e9738bf3c0b1eb2f515f355ff295a21924e09d17634113a632903d5dc53fb8a1
Instruction Fuzzy Hash: CCE086762005008FD750EB95E8057FE73A2EFC4316F004839D12B87540DF79AC464B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4999 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcfe875b351af5c02090390097018fb4950a4e944f66b9d6b3d3db6bb8617e7f
Instruction ID: 9c2ca7eeb4f9be5ebd89fd0a86b05dd923280dc59c69557d7ac6e39c058242be
Opcode Fuzzy Hash: dcfe875b351af5c02090390097018fb4950a4e944f66b9d6b3d3db6bb8617e7f
Instruction Fuzzy Hash: 1AE08C722002008FC790EB99E8057BE73A2EBC5361F048839D12B87A40DF79AC868B42

Uniqueness

Uniqueness Score: -1.00%

Function 07AF49DC Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 139b5c328931abfd3f26ca74d8f7ae45e029b90954389eca827d4fbc417541d1
Instruction ID: dfe5aa6bc4ec9c3e562d62e4a7fb23a6aacca4d9898b9984709701c9f2d5235d
Opcode Fuzzy Hash: 139b5c328931abfd3f26ca74d8f7ae45e029b90954389eca827d4fbc417541d1
Instruction Fuzzy Hash: 23E086722001008FC751EB59E4157BE73A2EBC4361F00883DD52BC7640DF79AC464B82

Uniqueness

Uniqueness Score: -1.00%

Function 07AFB8B9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eda2a9ce88942112c7a96424129ad146105b3600d0629a5e48876449b1549766
Instruction ID: 3ab86a75460f2846534409e08c52bd6a7e21825f5d7d430157a91995fd2e3e5e
Opcode Fuzzy Hash: eda2a9ce88942112c7a96424129ad146105b3600d0629a5e48876449b1549766
Instruction Fuzzy Hash: E7E0C2776402018BD710E7A9F8057BDB362EFC0321F008439E62687941DB3D98164B82

Uniqueness

Uniqueness Score: -1.00%

Function 07AFC088 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32d24278a75b637d77f0023ee9939020f8a9bf6bfce9e70efa0404734858e0bf
Instruction ID: 3d669b099e6fce5fdd0b5d2d1ec8f403257fdc036a88e2041b9733ece38bf51f
Opcode Fuzzy Hash: 32d24278a75b637d77f0023ee9939020f8a9bf6bfce9e70efa0404734858e0bf
Instruction Fuzzy Hash: 7EE0C2766402009FDB50E7A9F8093BDB361FFC4321F008439D63687680DB3DA81A4B86

Uniqueness

Uniqueness Score: -1.00%

Function 07AC16B2 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6609925623eaeb3195db2ebca6dba613b4eebc3c03a51ab94fc4abd0d8c9c97e
Instruction ID: c062244ace01670ecdc49e456c5d7bc85af386c866b1623edc240cfe9efae0c6
Opcode Fuzzy Hash: 6609925623eaeb3195db2ebca6dba613b4eebc3c03a51ab94fc4abd0d8c9c97e
Instruction Fuzzy Hash: E8E0C2722402019BCB20E7A4F4093FDB3A1EBC4312F004439E52787540DB7DA84A4792

Uniqueness

Uniqueness Score: -1.00%

Function 07AC14B2 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4ebf273109ea828a6d4f36e23e1e19608a4e91efd36eef8ffc19534bc431024
Instruction ID: aca7e651d3cf4bf7efc761c98fe44422fdc6ad6c76782bbb088fa2ca52bbd7cf
Opcode Fuzzy Hash: d4ebf273109ea828a6d4f36e23e1e19608a4e91efd36eef8ffc19534bc431024
Instruction Fuzzy Hash: 60E08C722002009BC710EBA4E8052FD7361EB85312F004439D12A87940DB39A8474782

Uniqueness

Uniqueness Score: -1.00%

Function 07AC14F2 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 128ee054d2f5d16f3a9aeddd9b2d53d3067b6b9667b33ccd7ce52cc1a136f56c
Instruction ID: 221713889055c273ca7fc1631449a6b0197c62d54d925762cc409c4ec36714bc
Opcode Fuzzy Hash: 128ee054d2f5d16f3a9aeddd9b2d53d3067b6b9667b33ccd7ce52cc1a136f56c
Instruction Fuzzy Hash: 85E0C2722002009BCB50E7A4E4453FD73A1EFD0352F004439D12B87A40DB3DAC474782

Uniqueness

Uniqueness Score: -1.00%

Function 07AC12F2 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccb7265f8cc07a31c61b4fe96ca4b9e12d3426461db96b009d365c4c748f9436
Instruction ID: c655a8dc1ca891025a06d00d4301e6d3d431e49c520018f2439bb341249d1a03
Opcode Fuzzy Hash: ccb7265f8cc07a31c61b4fe96ca4b9e12d3426461db96b009d365c4c748f9436
Instruction Fuzzy Hash: ACE0C2726002009BC750E7A4E8053FDB3A1EBC1352F008439D526C7640DB3DA8464792

Uniqueness

Uniqueness Score: -1.00%

Function 07AC1E06 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4591ea552c1bb0360ba7cf59b6f3384612b4793e2409523dfc6b54201c43ced7
Instruction ID: e84940a41a5cdd825047b51544016a0dd4c2d97b1996c7d94a59aadca4449d4b
Opcode Fuzzy Hash: 4591ea552c1bb0360ba7cf59b6f3384612b4793e2409523dfc6b54201c43ced7
Instruction Fuzzy Hash: 69E0C2726402019BC750E7A4E5053FD73AAEBD0352F40483AD12B87981DB3DD8474782

Uniqueness

Uniqueness Score: -1.00%

Function 07AC1D46 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53a4236462d2c8c7d87807bbc01f1272843731274630f647bc2fc573152444a3
Instruction ID: 4a8a1c74e8c64e371028ae75418377abf7dbefebe9456fc5b5e786fc71688359
Opcode Fuzzy Hash: 53a4236462d2c8c7d87807bbc01f1272843731274630f647bc2fc573152444a3
Instruction Fuzzy Hash: E5E0C2722402009BD750E7A4E4053BD7365EBC0352F44443ED627C7A40DB3D984B8786

Uniqueness

Uniqueness Score: -1.00%

Function 07AC1C46 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 493e5487916cc6c638844a6a9399dc18971aa6ca3d6d3c0d208433e1c06f44b5
Instruction ID: bbe353bb4b63811d6f65c830468796548b8a78dfc862e4deb127d889726815fc
Opcode Fuzzy Hash: 493e5487916cc6c638844a6a9399dc18971aa6ca3d6d3c0d208433e1c06f44b5
Instruction Fuzzy Hash: 74E0C2B26002019BC750E7A4E4053BD7365EBC1352F40843ED62BC7940DB3E9D5B4792

Uniqueness

Uniqueness Score: -1.00%

Function 07AC1A86 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d97029cdb8490da6f5e5c65646ed4e9365401c7bc262c02d82595f613d4b2980
Instruction ID: 65cbe40492bd7bc225c509985a6ff38d964e952aea33bd1da9b127f02be2333f
Opcode Fuzzy Hash: d97029cdb8490da6f5e5c65646ed4e9365401c7bc262c02d82595f613d4b2980
Instruction Fuzzy Hash: 3BE0C2B32402009BC710E7A8E8053FD7365EBC4352F40443AD62B87940DB7D98874792

Uniqueness

Uniqueness Score: -1.00%

Function 07AC1886 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da64aefedbdf32e58a6f986a3e4288fb5ab658aed32c0b698a4ce78bc5eb42e1
Instruction ID: b99dff93b8beacdd4df1d320053a5915cea9eece875c663e1737616da417b4c2
Opcode Fuzzy Hash: da64aefedbdf32e58a6f986a3e4288fb5ab658aed32c0b698a4ce78bc5eb42e1
Instruction Fuzzy Hash: 58E0C2722402009BC710E7A9F4093BD73A1EBC0312F00843AE52B87640DB3DA84A4783

Uniqueness

Uniqueness Score: -1.00%

Function 07AC1846 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7e5a2d2e10416a7b1d3f66af6a156dfa7b014907ec7dc27214adf8431122294
Instruction ID: 5dabaca224dc1458df8ecd540d22c1a9647dd7f4a755259f619968fe92a75da5
Opcode Fuzzy Hash: a7e5a2d2e10416a7b1d3f66af6a156dfa7b014907ec7dc27214adf8431122294
Instruction Fuzzy Hash: 98E0C2762402009BC750E7A8F4093BD73A1EBC1312F40883DE12BC7540DB3DA84A4793

Uniqueness

Uniqueness Score: -1.00%

Function 07B85280 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 211301371218230066e92abd15e3987c87c56f9f71349d1011482c8711fb4412
Instruction ID: d7ff9507a749ef0594fa818d86ce591cd26de6baeba4ba60066be0542ac0fb0c
Opcode Fuzzy Hash: 211301371218230066e92abd15e3987c87c56f9f71349d1011482c8711fb4412
Instruction Fuzzy Hash: 42D05E7B300028AB8304A75DF40889EBBDAEBD9661304806BFA06C7340CEB4DD0287E9

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4A1F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cecde03c3d53161a991f4a19a87835bfb65928cb4dc36fefeb561803401627f
Instruction ID: af9b08dd69c01620f0b30fa095060aaabc9b2569b8f125b90c1ad5f32314affb
Opcode Fuzzy Hash: 9cecde03c3d53161a991f4a19a87835bfb65928cb4dc36fefeb561803401627f
Instruction Fuzzy Hash: E0E0C2B22002008FDB50E7A8F4053BD7362EBC4361F008839D22A87540DB7DDC064B42

Uniqueness

Uniqueness Score: -1.00%

Function 07B86E18 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c180f0f6f1d94578f124896cd0812253b3eb07a5750f0dfdbbfd530479c23e
Instruction ID: adfac2819dfef307752b7b03b884ac0607ca6e60c64a15f8d9d13a3cb5861795
Opcode Fuzzy Hash: 11c180f0f6f1d94578f124896cd0812253b3eb07a5750f0dfdbbfd530479c23e
Instruction Fuzzy Hash: F2E086B28897905FD3568775D9045517FB1AF47309309C4DED14D4B153C12A8406C700

Uniqueness

Uniqueness Score: -1.00%

Function 07B8098B Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faf174d77356452992cf2c91b7dddb9a506905dc67f5aea409c87ec71753c65a
Instruction ID: 009eff78ae98169140396b2918df7eedefa76b8dbb57274c43fb9f5daaada754
Opcode Fuzzy Hash: faf174d77356452992cf2c91b7dddb9a506905dc67f5aea409c87ec71753c65a
Instruction Fuzzy Hash: 1EE04FB0902105CFFB54FF98C115BFDBBB0EF04344F204499C40176190CB764948CB51

Uniqueness

Uniqueness Score: -1.00%

Function 07B86E28 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ae5c4dce5df373b0faf86d95e2a980cc23307214d6a0d5a589c57656c98aa06
Instruction ID: 61495a2a35ba47300dcd4a10ac5892fcc0da95db485a806c0dd97bf6b7d08dce
Opcode Fuzzy Hash: 1ae5c4dce5df373b0faf86d95e2a980cc23307214d6a0d5a589c57656c98aa06
Instruction Fuzzy Hash: B0D09EB1500705CB9754DB6BD844811B7E9FF8561A318C4ADD10D8A212D733D453CA50

Uniqueness

Uniqueness Score: -1.00%

Function 07B83C30 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38e27a4343fd9d55160fef73621ff90043ed4a747fa23912fba5315cf1415604
Instruction ID: 7df49085c0b2e22279313af8ffb299115c71336160423eaeaaf187d20da027e1
Opcode Fuzzy Hash: 38e27a4343fd9d55160fef73621ff90043ed4a747fa23912fba5315cf1415604
Instruction Fuzzy Hash: D6D022F4310308CBFB50622BF04033932CAE342B00F900071E009CB280C458ECC1C907

Uniqueness

Uniqueness Score: -1.00%

Function 07B85286 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2e73f7dbce950e0d2c71d7971eba513025937d71f011e8c9b6b8474a7873a95
Instruction ID: c323cc751d18bd7449422a3c32bfb8fa257462a16659fb0997c8e726678d0e1e
Opcode Fuzzy Hash: e2e73f7dbce950e0d2c71d7971eba513025937d71f011e8c9b6b8474a7873a95
Instruction Fuzzy Hash: 8ED0C97B7004289B8704AB5CF01849DB7D2EBD82623048166EA06CB744CB78DE128B95

Uniqueness

Uniqueness Score: -1.00%

Function 07B817AF Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 092022982d22ee72271dab9358058ed8e9e0247b6a65bec2e7570e6c6aabd539
Instruction ID: c2039f550d98d862aa8917313e07c9f7a64dc2fdd7789cf23758c5c40f892835
Opcode Fuzzy Hash: 092022982d22ee72271dab9358058ed8e9e0247b6a65bec2e7570e6c6aabd539
Instruction Fuzzy Hash: BDD0C7F691500CDBDB44DFD8E4056FDBB74EB59321F10406AD615A3540C3345A59CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07B9229A Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5d4cf253b67ac3a95496d04c5e0f6a6f799d2d6dbdb58473baceab29ebd8fb6
Instruction ID: db9626657a4d557973014758e5f4b80c812a1f5dff9986e6a69daf5ac1db4a69
Opcode Fuzzy Hash: d5d4cf253b67ac3a95496d04c5e0f6a6f799d2d6dbdb58473baceab29ebd8fb6
Instruction Fuzzy Hash: E0D0C2B691120CBE8B41DFE4D9459DEBBBCEB18241B1045A6E905D2110E63597549B90

Uniqueness

Uniqueness Score: -1.00%

Function 07ACF1D8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b191f994247834965a12d29dcdff554ae64b5a224200732f84f151f1a4da8145
Instruction ID: 330f440dc2c00b789b71fc7adc9e31b516194e8cbc2c839518d119bdb6502525
Opcode Fuzzy Hash: b191f994247834965a12d29dcdff554ae64b5a224200732f84f151f1a4da8145
Instruction Fuzzy Hash: D3D01278240404CFCB40DF29F54CC2937BAEB482003104250EC0987332C739EC418E54

Uniqueness

Uniqueness Score: -1.00%

Function 07B8273B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3543594cefebbad7f357d94d4ca891486bb79a0d67da2a61fdfd292c73342e8f
Instruction ID: bff60136f44f8a17c2fcb8afd7068aecfb3705b9d3ca6fff0c877e6361afb3ad
Opcode Fuzzy Hash: 3543594cefebbad7f357d94d4ca891486bb79a0d67da2a61fdfd292c73342e8f
Instruction Fuzzy Hash: AFC0027A640404CF9744DA99E545CD8BBB0EF99322B5100E6E60197621C731AD65CA50

Uniqueness

Uniqueness Score: -1.00%

Function 07B977E5 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 493584c1b5870e39a637983168b70a9741658b25fd9cd308088f57ed85dd8e9b
Instruction ID: 1fc7f440d726447eae254835aa50053536828ff9f4b9bb0b33b2ef6b92965c02
Opcode Fuzzy Hash: 493584c1b5870e39a637983168b70a9741658b25fd9cd308088f57ed85dd8e9b
Instruction Fuzzy Hash: 6BC04C3AA40119CBCF14DBD4F4454DCB771FB88326B1004AAE5156315097365996CF90

Uniqueness

Uniqueness Score: -1.00%

Function 07B9FE1D Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468262481.0000000007B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b90000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79bcb62f22914cdde0ac6e3e4ca75b9336ba88888a23bd8676a477d9f47fc270
Instruction ID: f8728371e244263caa0efcafe8a22188f84cc27f116ca8547e93d2811c1b6b69
Opcode Fuzzy Hash: 79bcb62f22914cdde0ac6e3e4ca75b9336ba88888a23bd8676a477d9f47fc270
Instruction Fuzzy Hash: 4AB09277A04009C9EF008A84B4417EDF720E790239F104177C22091001833102688691

Uniqueness

Uniqueness Score: -1.00%

Function 07B809BC Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 097f3bc013f399f613b2e2ce04951ff0672eb3d98e2e3682935b2d322c843eb8
Instruction ID: 3635dcccfe5b543e0fc82bff47fb3675cd7438156c50087bcb0d6233f8d74211
Opcode Fuzzy Hash: 097f3bc013f399f613b2e2ce04951ff0672eb3d98e2e3682935b2d322c843eb8
Instruction Fuzzy Hash: 5EA0113288A000CFC3088BB0F028AEC3330EA88222B20A808C022EA0A0CE2808008A20

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 07AF5CC0 Relevance: 1.1, Instructions: 1100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b82d2743e5dc1db3247419ec419450ad5d32cd317dd944d2c2aa2c701d0ac4d0
Instruction ID: 0b3df8d71685087fd96008eaaee317c57c16f4f00fda7b55544d57bb41db15b0
Opcode Fuzzy Hash: b82d2743e5dc1db3247419ec419450ad5d32cd317dd944d2c2aa2c701d0ac4d0
Instruction Fuzzy Hash: 05920870B01314DFEBA9EB34CD11B6E76B2AB85705F2048BDD119AF790DA769D82CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07AF1000 Relevance: .9, Instructions: 922COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aa742e99d8b4191dece6fcf998370f55103ad6d0d90d5709d5bd7b42e14256b
Instruction ID: 054924c833e9677cea8c9d8ea488b3795df8deebefc27572b7cec4abfbbb64a5
Opcode Fuzzy Hash: 0aa742e99d8b4191dece6fcf998370f55103ad6d0d90d5709d5bd7b42e14256b
Instruction Fuzzy Hash: BE622934741300DFEBA9EB348C55B6D76A2ABC5704F2048BDD51AAF7D1DA7A9C82CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07AF7AA8 Relevance: .7, Instructions: 718COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dab2ba40dcf970afd9da3845f8e3cb6b9419a2ed8a87d4565d2ea2625bafdb8b
Instruction ID: bf1c9afddc081ef361d430e5c3e9441b8a47efd965c2ba2353a2d1d191809cfe
Opcode Fuzzy Hash: dab2ba40dcf970afd9da3845f8e3cb6b9419a2ed8a87d4565d2ea2625bafdb8b
Instruction Fuzzy Hash: 79424B70741300DFEBA9EB34CC55B6E76A2ABC5704F2088A9D615AF7D1DA76DC82CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07AF5388 Relevance: .6, Instructions: 644COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 871bbef11061405af3b23e37bdfd6760e8328c4c745dd0ebc9ef52da14d0c6e0
Instruction ID: 72e8698c32d4624624cc32f298ced1e3aac89f186c61f77efd93ccee6f972c1a
Opcode Fuzzy Hash: 871bbef11061405af3b23e37bdfd6760e8328c4c745dd0ebc9ef52da14d0c6e0
Instruction Fuzzy Hash: 38322930B01310DFEBA9EB748815B6E76A2ABC5704F2048BDD5169F7D5DA7ADC82CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07AF9A68 Relevance: .6, Instructions: 633COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9bc9b57b33976b9b9208176ecf238c716d8280f404cfebe88daa8df12a5f1c3
Instruction ID: 4784dac30ffcf5aeec87dbc58a9e57f00e07536307118a57bbec0bdbb7df20fc
Opcode Fuzzy Hash: b9bc9b57b33976b9b9208176ecf238c716d8280f404cfebe88daa8df12a5f1c3
Instruction Fuzzy Hash: FC223D70740300DFEBA9EB748C15B6E76A2ABC5704F2488ADD6259F7D1DA76DC42CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07AF84A8 Relevance: .6, Instructions: 600COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af58231f60da1dba52c934cbc742d2cfa9a37b399b47530569ac28bdc793d323
Instruction ID: 0e5f0662af8922714ffd8184c7f2abc2ffebf5a6139a669b2b8f1d78bc1943a5
Opcode Fuzzy Hash: af58231f60da1dba52c934cbc742d2cfa9a37b399b47530569ac28bdc793d323
Instruction Fuzzy Hash: 16224C70741300DFEBA9FB348C55B6E76A3ABC5704F2048A9E625AF7C1DA76DC428B40

Uniqueness

Uniqueness Score: -1.00%

Function 07AF9240 Relevance: .6, Instructions: 593COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9feca33bf704100bdab965ace6d3d0c52721abdf5f5c7a289d0f6b2f4b27aff
Instruction ID: a429d65f87bb6555d35bedeefc86ca31a0b87dadebe45b1a74c8eadf1035af28
Opcode Fuzzy Hash: d9feca33bf704100bdab965ace6d3d0c52721abdf5f5c7a289d0f6b2f4b27aff
Instruction Fuzzy Hash: 2B222C30740300DFEBA9EB748C55B6E76A2ABC5704F2488A9D616AF7D1DA76DC42CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07AF07C8 Relevance: .5, Instructions: 549COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a8e71bc7a9adca927941d5a5c96d918653cf31acd2298eb43928cefecac97f3
Instruction ID: 5e828c1833931985909d971af8924ad7fcdccde9e4ddaba68e97a5d060bd0eaa
Opcode Fuzzy Hash: 6a8e71bc7a9adca927941d5a5c96d918653cf31acd2298eb43928cefecac97f3
Instruction Fuzzy Hash: F2123A30740300DFEBA5EB34CC55B6E76A3ABC5704F2484A9E626AF7D1DA76DC428B44

Uniqueness

Uniqueness Score: -1.00%

Function 07B8F1F0 Relevance: .5, Instructions: 468COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45468204809.0000000007B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7b80000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01358f4e995520301485a2a6ebfccd95d425fd9ece557955c9089a197fb86f02
Instruction ID: c76468ae9ddb0af85d25ff2ba7bb4e61ebd07759cb48530d9827c26aa2da590d
Opcode Fuzzy Hash: 01358f4e995520301485a2a6ebfccd95d425fd9ece557955c9089a197fb86f02
Instruction Fuzzy Hash: 390291B5A04205CFDB14DF98D480AAEFBF2FF89314F19C2AAE518E7251C731A845CB90

Uniqueness

Uniqueness Score: -1.00%

Function 07AF6FA8 Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea1b8996751d3ff3989750994d14e5845749b1954735680b70c7bca7d240d934
Instruction ID: 3169916e425c0b3ee1270f883793f6e11d2a0c076a3ada2dfdc497a9b9687894
Opcode Fuzzy Hash: ea1b8996751d3ff3989750994d14e5845749b1954735680b70c7bca7d240d934
Instruction Fuzzy Hash: ACB14A30741300AFEB99FB348C15B6E76A3ABC5704F2488A9D6259F7D5DE7ADC428780

Uniqueness

Uniqueness Score: -1.00%

Function 07AF4E38 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467964789.0000000007AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7af0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9de69912f9729fdd70ad2a735b2acfb3ff84765fd74927ba66529e6bf1fabe
Instruction ID: 58894ba0d7063d1240dded58b1a7fe285bf620eade8e7b0ac84204f2ac5f2034
Opcode Fuzzy Hash: 9f9de69912f9729fdd70ad2a735b2acfb3ff84765fd74927ba66529e6bf1fabe
Instruction Fuzzy Hash: 01B14A303413009FEBA9BB348C55B2E76A3ABC5704F2448B9D6269F7D5DE7ADC428781

Uniqueness

Uniqueness Score: -1.00%

Function 07AE15A9 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467908582.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ae0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a717eeea947fd862b08efc5080697169959a248505156116eb741b7f28b2fe49
Instruction ID: 6cb799c412792d20ae71edbf6a9556845402cd527cdeed06f1d51a2777334262
Opcode Fuzzy Hash: a717eeea947fd862b08efc5080697169959a248505156116eb741b7f28b2fe49
Instruction Fuzzy Hash: B2C1A370381340AFF755AB31DC16F2D3B62ABC6B00F748469E6116F3D1DAB66C929784

Uniqueness

Uniqueness Score: -1.00%

Function 07AE15B8 Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467908582.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ae0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb0636e13d51f3c5594274b3fc5c0f8f0ce7544118c90eb55670f744216fab90
Instruction ID: c020bc06afa58fc24605020cf4670810e22329a4c49e3e8f31f5a16fb1449318
Opcode Fuzzy Hash: cb0636e13d51f3c5594274b3fc5c0f8f0ce7544118c90eb55670f744216fab90
Instruction Fuzzy Hash: A9C1A270381300AFF755AB31EC16F2D3B62ABC6B00F748469E6116F3D1DAB66C929784

Uniqueness

Uniqueness Score: -1.00%

Function 07AC3C00 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e647ed85c73488564c7e59825688c40515e9c6f82defd75d0848b2813ab6e40
Instruction ID: 61e4e36ee145a8e07dc10db0143b485d0877c7ec0346008beb5f4af4f0ab0067
Opcode Fuzzy Hash: 1e647ed85c73488564c7e59825688c40515e9c6f82defd75d0848b2813ab6e40
Instruction Fuzzy Hash: 01C13370380300ABF7A6A731DC52B2E3763DBC2705F24857DA5625F7E5CAB6AC828744

Uniqueness

Uniqueness Score: -1.00%

Function 07AC3C10 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.45467790309.0000000007AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ac0000_mkcert.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45efbfecc6e348709cf4aaaa1998f4041f034ac1c8e49314afcd45e425dc247e
Instruction ID: bdfc4e3020095090b8c0f6eff6f1c4910db42de38883db669e2398c48549d537
Opcode Fuzzy Hash: 45efbfecc6e348709cf4aaaa1998f4041f034ac1c8e49314afcd45e425dc247e
Instruction Fuzzy Hash: F0C13470380300ABF7A6A731DC56B2E3763EBC2705F24857DA5225F7E4C9B6AC828744

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report mkcert.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mkcert.exe.log

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_epl2j0gi.api.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hxksep0d.1bn.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkfmsclc.hpv.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4agtt0c.k02.ps1

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Windows Analysis Report
mkcert.exe

Function 07ACCE21 Relevance: 2.0, Instructions: 2021
COMMON

Function 016BE398 Relevance: 1.5, APIs: 1, Instructions: 44
COMMON

Function 07B8D228 Relevance: 2.6, Strings: 2, Instructions: 108
COMMON

Function 016BDC58 Relevance: 1.7, APIs: 1, Instructions: 218
COMMON

Function 016BD844 Relevance: 1.6, APIs: 1, Instructions: 109
COMMON

Function 016BDDFD Relevance: 1.6, APIs: 1, Instructions: 109
COMMON

Function 016BD850 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 016BDFD9 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 07AEA9FC Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Function 07AEC6E9 Relevance: 1.6, APIs: 1, Instructions: 55
COMMON

Function 016BE390 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON