Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1465196
MD5:a7530e8548b1c43ec37d872bedec07f5
SHA1:985df304b2180a496395a7433839ac3994cb3fbf
SHA256:6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501
Tags:exe
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A7530E8548B1C43EC37D872BEDEC07F5)
    • file.exe (PID: 7532 cmdline: C:\Users\user\Desktop\file.exe MD5: A7530E8548B1C43EC37D872BEDEC07F5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "management@myanmarblossom.com", "Password": "tsa211772023kyi", "Host": "mail.myanmarblossom.com", "Port": "587"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x14650:$a1: get_encryptedPassword
      • 0x14946:$a2: get_encryptedUsername
      • 0x1445c:$a3: get_timePasswordChanged
      • 0x14557:$a4: get_passwordField
      • 0x14666:$a5: set_encryptedPassword
      • 0x15ca7:$a7: get_logins
      • 0x15c0a:$a10: KeyLoggerEventArgs
      • 0x158a3:$a11: KeyLoggerEventArgsEventHandler
      00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x18004:$x1: $%SMTPDV$
      • 0x1806a:$x2: $#TheHashHere%&
      • 0x196a3:$x3: %FTPDV$
      • 0x19797:$x4: $%TelegramDv$
      • 0x158a3:$x5: KeyLoggerEventArgs
      • 0x15c0a:$x5: KeyLoggerEventArgs
      • 0x196c7:$m2: Clipboard Logs ID
      • 0x19893:$m2: Screenshot Logs ID
      • 0x1995f:$m2: keystroke Logs ID
      • 0x1986b:$m4: \SnakeKeylogger\
      00000002.00000002.3752962098.0000000003901000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 17 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.file.exe.13d818c0.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0.2.file.exe.13d818c0.6.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            0.2.file.exe.13d818c0.6.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12a50:$a1: get_encryptedPassword
            • 0x12d46:$a2: get_encryptedUsername
            • 0x1285c:$a3: get_timePasswordChanged
            • 0x12957:$a4: get_passwordField
            • 0x12a66:$a5: set_encryptedPassword
            • 0x140a7:$a7: get_logins
            • 0x1400a:$a10: KeyLoggerEventArgs
            • 0x13ca3:$a11: KeyLoggerEventArgsEventHandler
            0.2.file.exe.13d818c0.6.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a375:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x195a7:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x199da:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1aa19:$a5: \Kometa\User Data\Default\Login Data
            0.2.file.exe.13d818c0.6.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x13628:$s1: UnHook
            • 0x1362f:$s2: SetHook
            • 0x13637:$s3: CallNextHook
            • 0x13644:$s4: _hook
            Click to see the 25 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: file.exeAvira: detected
            Found malware configuration
            Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "management@myanmarblossom.com", "Password": "tsa211772023kyi", "Host": "mail.myanmarblossom.com", "Port": "587"}
            Multi AV Scanner detection for domain / URL
            Source: http://103.130.147.85Virustotal: Detection: 11%Perma Link
            Multi AV Scanner detection for submitted file
            Source: file.exeReversingLabs: Detection: 34%
            Source: file.exeVirustotal: Detection: 33%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: file.exeJoe Sandbox ML: detected

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49705 version: TLS 1.0
            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC649BEDh2_2_00007FFAAC6498F8
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC64A1E0h2_2_00007FFAAC649E6C
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC64882Dh2_2_00007FFAAC64832F
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC6475A4h2_2_00007FFAAC647396
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC6471E9h2_2_00007FFAAC64673D
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC64A1E0h2_2_00007FFAAC64A0FC
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC64920Dh2_2_00007FFAAC648F1B
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC647FE5h2_2_00007FFAAC64781F
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFAAC6496FDh2_2_00007FFAAC6493E2
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49705 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: file.exe, 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000036B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.147.85
            Source: file.exe, 00000002.00000002.3752962098.0000000003893000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.000000000386D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003880000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: file.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038DC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: file.exe, 00000002.00000002.3752962098.00000000036B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: file.exe, 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: file.exe, 00000002.00000002.3752962098.0000000003893000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.000000000386D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003880000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000037E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: file.exe, 00000002.00000002.3752962098.00000000036B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: file.exe, 00000002.00000002.3752962098.0000000003893000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.000000000386D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003880000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038DC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: file.exe, 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: file.exe, 00000002.00000002.3752962098.0000000003817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
            Source: file.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33p
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: file.exe PID: 7532, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: file.exe PID: 7532, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC6415380_2_00007FFAAC641538
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC640D220_2_00007FFAAC640D22
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC6411E80_2_00007FFAAC6411E8
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC6411C00_2_00007FFAAC6411C0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC64185E0_2_00007FFAAC64185E
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC64155D0_2_00007FFAAC64155D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC6415C00_2_00007FFAAC6415C0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC6407C80_2_00007FFAAC6407C8
            Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00007FFAAC64673D2_2_00007FFAAC64673D
            Source: file.exe, 00000000.00000000.1289655346.00000000005F0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameeGDw.exe6 vs file.exe
            Source: file.exe, 00000000.00000002.1326290597.000000001CE90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs file.exe
            Source: file.exe, 00000000.00000002.1323573190.0000000003B31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs file.exe
            Source: file.exe, 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs file.exe
            Source: file.exe, 00000000.00000002.1324556825.0000000013E04000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs file.exe
            Source: file.exe, 00000000.00000002.1325932825.000000001C5D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAxiom.dll@ vs file.exe
            Source: file.exe, 00000000.00000002.1323573190.0000000003A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dll0 vs file.exe
            Source: file.exe, 00000000.00000002.1323573190.0000000003BB3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dll0 vs file.exe
            Source: file.exe, 00000000.00000002.1323354490.0000000003520000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dll0 vs file.exe
            Source: file.exe, 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAxiom.dll@ vs file.exe
            Source: file.exe, 00000002.00000002.3757403719.0000000140022000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs file.exe
            Source: file.exeBinary or memory string: OriginalFilenameeGDw.exe6 vs file.exe
            Source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: file.exe PID: 7532, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: file.exe PID: 7532, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@2/2
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.logJump to behavior
            Source: C:\Users\user\Desktop\file.exeMutant created: NULL
            Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\kigPPxurVPbGFwYF
            Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: file.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 47.53%
            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: file.exe, 00000002.00000002.3752962098.00000000039A1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003991000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000039EC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000039AF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3754923080.0000000013748000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000039DF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: file.exeReversingLabs: Detection: 34%
            Source: file.exeVirustotal: Detection: 33%
            Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exeJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: file.exe, --.cs.Net Code: _0002 System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC64410F push ss; retf 0_2_00007FFAAC644111
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC6448D0 push edx; retf 0_2_00007FFAAC6448D3
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC6404D7 push ebx; iretd 0_2_00007FFAAC64058A
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC64057D push ebx; iretd 0_2_00007FFAAC64058A
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFAAC64BB99 push E9FFFFFFh; iretd 0_2_00007FFAAC64BB9F
            Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00007FFAAC64C17C push eax; iretd 2_2_00007FFAAC64C17D
            Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00007FFAAC642E93 push ebx; ret 2_2_00007FFAAC642F4A
            Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00007FFAAC642F1D push ebx; ret 2_2_00007FFAAC642F4A
            Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00007FFAAC64C3A6 push es; iretd 2_2_00007FFAAC64C3A7
            Source: file.exeStatic PE information: section name: .text entropy: 7.941878884711606
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\file.exeMemory allocated: F10000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\file.exeMemory allocated: 1BA90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\file.exeMemory allocated: 1040000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\file.exeMemory allocated: 1B6B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599765Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599546Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599434Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599218Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599109Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598890Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598781Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598671Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598562Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598453Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598343Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598234Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598125Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598015Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597906Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597797Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597684Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597562Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597453Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597343Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597234Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597125Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597015Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596906Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596797Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596687Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596578Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596468Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596359Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596250Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596139Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596031Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595920Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595812Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595703Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595593Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595484Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595375Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595265Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595156Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595046Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 594937Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 594828Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 594718Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 594609Jump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 7952Jump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 1909Jump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7460Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -23980767295822402s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7652Thread sleep count: 7952 > 30Jump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7652Thread sleep count: 1909 > 30Jump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599546s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599434s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599218s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599109s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -599000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598890s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598671s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598453s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598343s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598234s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598125s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -598015s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597906s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597797s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597684s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597453s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597343s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597234s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597125s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -597015s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596906s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596797s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596687s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596578s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596468s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596359s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596250s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596139s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -596031s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595920s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595812s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595703s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595593s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595484s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595375s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595265s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595156s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -595046s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -594937s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -594828s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -594718s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7648Thread sleep time: -594609s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599765Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599546Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599434Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599218Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599109Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598890Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598781Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598671Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598562Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598453Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598343Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598234Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598125Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 598015Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597906Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597797Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597684Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597562Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597453Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597343Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597234Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597125Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 597015Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596906Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596797Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596687Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596578Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596468Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596359Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596250Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596139Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 596031Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595920Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595812Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595703Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595593Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595484Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595375Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595265Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595156Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 595046Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 594937Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 594828Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 594718Jump to behavior
            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 594609Jump to behavior
            Source: file.exe, 00000002.00000002.3751677885.0000000000EAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Users\user\Desktop\file.exe base: 140000000 value starts with: 4D5AJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Users\user\Desktop\file.exeThread register set: target process: 7532Jump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exeJump to behavior
            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.3752962098.0000000003901000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.3752962098.00000000036B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7532, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7532, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.file.exe.13d818c0.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.file.exe.140000000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d61280.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d818c0.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.file.exe.13d61280.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.3752962098.0000000003901000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.3752962098.00000000036B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7532, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		211
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            Security Software Discovery            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets1
            System Network Configuration Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
            Software Packing            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            file.exe34%ReversingLabsByteCode-MSIL.Trojan.CrypterX
            file.exe33%VirustotalBrowse
            file.exe100%AviraHEUR/AGEN.1323752
            file.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            reallyfreegeoip.org0%VirustotalBrowse
            checkip.dyndns.com0%VirustotalBrowse
            checkip.dyndns.org1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://reallyfreegeoip.org0%VirustotalBrowse
            http://checkip.dyndns.org/1%VirustotalBrowse
            http://checkip.dyndns.com0%VirustotalBrowse
            http://checkip.dyndns.org1%VirustotalBrowse
            http://checkip.dyndns.org/0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.33p0%Avira URL Cloudsafe
            http://checkip.dyndns.org0%Avira URL Cloudsafe
            http://checkip.dyndns.com0%Avira URL Cloudsafe
            https://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
            http://103.130.147.850%Avira URL Cloudsafe
            http://checkip.dyndns.org/q0%Avira URL Cloudsafe
            http://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/0%Avira URL Cloudsafe
            http://checkip.dyndns.org/q0%VirustotalBrowse
            http://103.130.147.8512%VirustotalBrowse
            https://reallyfreegeoip.org/xml/0%VirustotalBrowse
            http://reallyfreegeoip.org0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            		188.114.96.3
            		truetrueunknown
            checkip.dyndns.com
            		193.122.130.0
            		truefalseunknown
            checkip.dyndns.org
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://checkip.dyndns.org/false
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.33false
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://reallyfreegeoip.orgfile.exe, 00000002.00000002.3752962098.0000000003893000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.000000000386D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003880000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038DC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003817000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.orgfile.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038DC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003817000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.33pfile.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.comfile.exe, 00000002.00000002.3752962098.0000000003893000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.000000000386D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003880000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038DC000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefile.exe, 00000002.00000002.3752962098.00000000036B1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://103.130.147.85file.exe, 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000036B1000.00000004.00000800.00020000.00000000.sdmpfalse
            • 12%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.org/qfile.exe, 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://reallyfreegeoip.orgfile.exe, 00000002.00000002.3752962098.0000000003893000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.000000000386D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.0000000003880000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038EE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000037E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038A6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000038DC000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/file.exe, 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, file.exe, 00000002.00000002.3752962098.00000000037C9000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            188.114.96.3
            		reallyfreegeoip.orgEuropean Union
            		13335CLOUDFLARENETUStrue
            193.122.130.0
            		checkip.dyndns.comUnited States
            		31898ORACLE-BMC-31898USfalse

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1465196
            Start date and time:2024-07-01 12:34:19 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 24s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:10
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:file.exe
            Detection:MAL
            Classification:mal100.troj.spyw.evad.winEXE@3/1@2/2
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 69%
            • Number of executed functions: 129
            • Number of non-executed functions: 3
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target file.exe, PID 7436 because it is empty
            • Execution Graph export aborted for target file.exe, PID 7532 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            06:35:20API Interceptor14503367x Sleep call for process: file.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            188.114.96.3http://johnlewisfr.comGet hashmaliciousUnknownBrowse
            • johnlewisfr.com/
            cL7A9wGE3w.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 445798cm.nyashka.top/ProviderEternalLinephpRequestSecurePacketprocessauthwordpress.php
            http://www.youkonew.anakembok.de/Get hashmaliciousHTMLPhisherBrowse
            • www.youkonew.anakembok.de/cdn-cgi/challenge-platform/h/g/jsd/r/89b98144d9c843b7
            hnCn8gE6NH.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • yenot.top/providerlowAuthApibigloadprotectflower.php
            288292021 ABB.exeGet hashmaliciousFormBookBrowse
            • www.oc7o0.top/2zff/?Hp=4L8xoD0W4Zo4sy87CvwWXXlmZfhaBYNiZZOBxyE5jHDJEgkxN8cq+PG6NIXzy1XRCqQIvL5VyJCknvUNNLKk6zzmBcbZOQR3Nr9VCMayuUBptQdoGcq8y485hKv0f5POEUdLprTAYpXY&5H=CtUlKhgP42a
            eiqj38BeRo.rtfGet hashmaliciousFormBookBrowse
            • www.liposuctionclinics2.today/btrd/?OR-TJfQ=g2Awi9g0RhXmDXdNu5BlCrpPGRTrEfCXfESYZTVa1wMirmNXITW5szlP5E4EhRYb22U+Mw==&2dc=kvXd-rKHCF
            Purchase Order -JJ023639-PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • filetransfer.io/data-package/9a4iHwft/download
            Techno_PO LV12406-00311.xla.xlsxGet hashmaliciousUnknownBrowse
            • qr-in.com/cpGHnqq
            Techno_PO LV12406-00311.xla.xlsxGet hashmaliciousUnknownBrowse
            • qr-in.com/cpGHnqq
            QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • filetransfer.io/data-package/ygivXnVx/download
            193.122.130.0LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            PRODUCTS LIST.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            file.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            IMG_0071191023.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • checkip.dyndns.org/
            SDFS0987678900H..Bat.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • checkip.dyndns.org/
            Vessel Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            MV WADI S PARTICULARS.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            MT Sea Gull 9 Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            Invoice Packing List.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            CTM USD28600.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            reallyfreegeoip.orgscan copy.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695_payload.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            checkip.dyndns.comscan copy.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695_payload.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            CLOUDFLARENETUSDHL AWB - INVOICE & SHIPPING DOCUMENTS.bat.exeGet hashmaliciousGuLoaderBrowse
            • 104.26.12.205
            INQUIRY#809676-JULY1.xla.xlsxGet hashmaliciousRemcosBrowse
            • 172.67.148.197
            zahtjev za ponudu.xlsGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            scan copy.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            Renameme@1.xlsGet hashmaliciousUnknownBrowse
            • 104.21.18.65
            Order 00293884800595.bat.exeGet hashmaliciousGuLoaderBrowse
            • 172.67.74.152
            https://oceanofgames.com/Get hashmaliciousUnknownBrowse
            • 172.67.213.70
            http://johnlewisfr.vipGet hashmaliciousUnknownBrowse
            • 104.26.13.204
            Renameme@1.xlsGet hashmaliciousUnknownBrowse
            • 104.21.18.65
            DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
            • 104.26.13.205
            ORACLE-BMC-31898USf3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695_payload.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            IMG_2007_520073.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 158.101.44.242
            paediatric neurologist medico legal 68003.jsGet hashmaliciousUnknownBrowse
            • 158.101.87.136
            paediatric neurologist medico legal 68003.jsGet hashmaliciousUnknownBrowse
            • 130.61.47.235

            JA3 Fingerprints

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            54328bd36c14bd82ddaa0c04b25ed9adscan copy.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695_payload.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.log

            Download File
            Process:C:\Users\user\Desktop\file.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1510
            Entropy (8bit):5.380493107040482
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNl+84xp3/VclT:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAA
            MD5:3C7E5782E6C100B90932CBDED08ADE42
            SHA1:D498EE0833BB8C85592FB3B1E482267362DB3F74
            SHA-256:361A6FF160343A2400F7D3FA4A009EA20C994B9788C190EB9D53E544BB376490
            SHA-512:3A90D61631F4DC920860AEA31FDB5E56A102206311705D5D084E809D364F680B4E95F19CE9849D3F9CB3C2C273393FD2F2C67720BAAA885125EE358D59462B0A
            Malicious:true
            Reputation:moderate, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            Static File Info

            General

            File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.934984400968034
            TrID:
            • Win64 Executable GUI Net Framework (217006/5) 47.53%
            • Win64 Executable GUI (202006/5) 44.25%
            • Win64 Executable (generic) Net Framework (21505/4) 4.71%
            • Win64 Executable (generic) (12005/4) 2.63%
            • Generic Win/DOS Executable (2004/3) 0.44%
            File name:file.exe
            File size:845'312 bytes
            MD5:a7530e8548b1c43ec37d872bedec07f5
            SHA1:985df304b2180a496395a7433839ac3994cb3fbf
            SHA256:6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501
            SHA512:8f762569386ab220181c7d970d3d2b85abab7e5a99325cd5df2e041dea92bbfbf7acc228f735d862dc2f16ea4c585bded70473efef7084bfc99cfc8d4aea2ba1
            SSDEEP:12288:7ewO+TW+8LeXbSIrEPrWgV9dxNV31xAm0UuuA+hJdF44gPqbK8TNMxWhYhRT44z6:2Le+9V9dxNh1xANuA+nTKVxWYRT4W
            TLSH:C7050268B2059A5BC26E2AFE0D528548173A572B3320E7FF5FC822E191C37CDE345997
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f............................Z.... ....@...... .......................@............@...@......@............... .....

            File Icon

            Icon Hash:8008e01b49e40982

            Static PE Info

            General

            Entrypoint:0x4ce75a
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x66820CFF [Mon Jul 1 01:57:19 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            dec eax
            mov eax, dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            jmp eax
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xce7000x57.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd00000x18cc.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xd20000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xcc7660xcc8001015fc2e96a28fe8d8975c5e6eec2083False0.8360998624694377data7.941878884711606IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0xd00000x18cc0x1a00cef6b595cda00cd0aaf117d8e815be01False0.7783954326923077data7.031120916935166IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xd20000xc0x200510b6e24d49daaa68e2a9f6a29f3f497False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0xd00e80x1496PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8907020872865276
            RT_GROUP_ICON0xd15800x14data1.05
            RT_VERSION0xd15940x338data0.4381067961165049

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 1, 2024 12:35:21.942707062 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:21.948283911 CEST8049704193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:21.948364019 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:21.948894978 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:21.954833031 CEST8049704193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:22.443336010 CEST8049704193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:22.450426102 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:22.455993891 CEST8049704193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:22.552890062 CEST8049704193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:22.591183901 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:22.591214895 CEST44349705188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:22.591290951 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:22.606491089 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:22.607083082 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:22.607100964 CEST44349705188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.126607895 CEST44349705188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.126682043 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.132092953 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.132105112 CEST44349705188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.132463932 CEST44349705188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.184611082 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.196621895 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.240506887 CEST44349705188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.308141947 CEST44349705188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.308242083 CEST44349705188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.308290005 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.317652941 CEST49705443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.321485043 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:23.326261997 CEST8049704193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:23.494251013 CEST8049704193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:23.497672081 CEST49706443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.497713089 CEST44349706188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.497777939 CEST49706443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.498130083 CEST49706443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:23.498146057 CEST44349706188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:23.544003010 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:24.038496017 CEST44349706188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:24.043936968 CEST49706443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:24.043957949 CEST44349706188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:24.193487883 CEST44349706188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:24.193774939 CEST44349706188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:24.193833113 CEST49706443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:24.194459915 CEST49706443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:24.199168921 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:24.200978041 CEST4970780192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:24.206089973 CEST8049707193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:24.206168890 CEST4970780192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:24.206295013 CEST4970780192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:24.207304955 CEST8049704193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:24.207428932 CEST4970480192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:24.212274075 CEST8049707193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:24.796680927 CEST8049707193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:24.809680939 CEST49708443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:24.809716940 CEST44349708188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:24.809801102 CEST49708443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:24.810139894 CEST49708443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:24.810158014 CEST44349708188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:24.840925932 CEST4970780192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:25.604443073 CEST44349708188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:25.605866909 CEST49708443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:25.605890036 CEST44349708188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:25.756443977 CEST44349708188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:25.756580114 CEST44349708188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:25.756642103 CEST49708443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:25.757287979 CEST49708443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:25.761976004 CEST4970980192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:25.766721964 CEST8049709193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:25.766812086 CEST4970980192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:25.766923904 CEST4970980192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:25.771595001 CEST8049709193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:26.513449907 CEST8049709193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:26.514930010 CEST49710443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:26.514983892 CEST44349710188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:26.515090942 CEST49710443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:26.515405893 CEST49710443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:26.515424013 CEST44349710188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:26.559689045 CEST4970980192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:27.241097927 CEST44349710188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:27.242760897 CEST49710443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:27.242794037 CEST44349710188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:27.357810974 CEST44349710188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:27.357903957 CEST44349710188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:27.357955933 CEST49710443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:27.358681917 CEST49710443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:27.363121033 CEST4970980192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:27.363929033 CEST4971180192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:27.369575024 CEST8049711193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:27.369680882 CEST4971180192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:27.369793892 CEST4971180192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:27.370088100 CEST8049709193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:27.370146990 CEST4970980192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:27.375212908 CEST8049711193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:28.068649054 CEST8049711193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:28.070034981 CEST49712443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:28.070076942 CEST44349712188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:28.070141077 CEST49712443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:28.070410967 CEST49712443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:28.070425987 CEST44349712188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:28.122128010 CEST4971180192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:28.608556032 CEST44349712188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:28.610277891 CEST49712443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:28.610301971 CEST44349712188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:28.741872072 CEST44349712188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:28.742214918 CEST44349712188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:28.742279053 CEST49712443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:28.742744923 CEST49712443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:28.746541977 CEST4971180192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:28.747698069 CEST4971380192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:28.751966000 CEST8049711193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:28.752037048 CEST4971180192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:28.752511978 CEST8049713193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:28.752579927 CEST4971380192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:28.752692938 CEST4971380192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:28.757456064 CEST8049713193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:29.292284012 CEST8049713193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:29.293809891 CEST49714443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:29.293864012 CEST44349714188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:29.293937922 CEST49714443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:29.294255018 CEST49714443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:29.294269085 CEST44349714188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:29.340908051 CEST4971380192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:29.773328066 CEST44349714188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:29.774863958 CEST49714443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:29.774889946 CEST44349714188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:29.929852962 CEST44349714188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:29.929972887 CEST44349714188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:29.930043936 CEST49714443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:29.930843115 CEST49714443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:29.935643911 CEST4971380192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:29.943104029 CEST8049713193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:29.943229914 CEST4971380192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:29.948353052 CEST4971580192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:29.953318119 CEST8049715193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:29.953387022 CEST4971580192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:29.953495026 CEST4971580192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:29.958266973 CEST8049715193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:30.424401045 CEST8049715193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:30.426148891 CEST49716443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:30.426179886 CEST44349716188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:30.426254988 CEST49716443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:30.426592112 CEST49716443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:30.426606894 CEST44349716188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:30.465893030 CEST4971580192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:31.055222988 CEST44349716188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:31.057152033 CEST49716443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:31.057185888 CEST44349716188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:31.171303988 CEST44349716188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:31.171556950 CEST44349716188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:31.171696901 CEST49716443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:31.172108889 CEST49716443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:31.175818920 CEST4971580192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:31.176887035 CEST4971780192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:31.181013107 CEST8049715193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:31.181101084 CEST4971580192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:31.181632042 CEST8049717193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:31.181711912 CEST4971780192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:31.181793928 CEST4971780192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:31.186525106 CEST8049717193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:31.656981945 CEST8049717193.122.130.0192.168.2.7
            Jul 1, 2024 12:35:31.666068077 CEST49718443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:31.666119099 CEST44349718188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:31.666182041 CEST49718443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:31.666465044 CEST49718443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:31.666481018 CEST44349718188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:31.700294018 CEST4971780192.168.2.7193.122.130.0
            Jul 1, 2024 12:35:32.222191095 CEST44349718188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:32.223853111 CEST49718443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:32.223896027 CEST44349718188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:32.523418903 CEST44349718188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:32.523678064 CEST44349718188.114.96.3192.168.2.7
            Jul 1, 2024 12:35:32.523761034 CEST49718443192.168.2.7188.114.96.3
            Jul 1, 2024 12:35:32.524301052 CEST49718443192.168.2.7188.114.96.3
            Jul 1, 2024 12:36:29.818449020 CEST8049707193.122.130.0192.168.2.7
            Jul 1, 2024 12:36:29.818495035 CEST4970780192.168.2.7193.122.130.0
            Jul 1, 2024 12:36:36.700813055 CEST8049717193.122.130.0192.168.2.7
            Jul 1, 2024 12:36:36.700892925 CEST4971780192.168.2.7193.122.130.0
            Jul 1, 2024 12:37:11.669742107 CEST4971780192.168.2.7193.122.130.0
            Jul 1, 2024 12:37:12.008251905 CEST8049717193.122.130.0192.168.2.7

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 1, 2024 12:35:21.926686049 CEST5002653192.168.2.71.1.1.1
            Jul 1, 2024 12:35:21.936649084 CEST53500261.1.1.1192.168.2.7
            Jul 1, 2024 12:35:22.578994989 CEST5592953192.168.2.71.1.1.1
            Jul 1, 2024 12:35:22.590554953 CEST53559291.1.1.1192.168.2.7

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jul 1, 2024 12:35:21.926686049 CEST192.168.2.71.1.1.10xec15Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 1, 2024 12:35:22.578994989 CEST192.168.2.71.1.1.10xb1bdStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jul 1, 2024 12:35:21.936649084 CEST1.1.1.1192.168.2.70xec15No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 1, 2024 12:35:21.936649084 CEST1.1.1.1192.168.2.70xec15No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 1, 2024 12:35:21.936649084 CEST1.1.1.1192.168.2.70xec15No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 1, 2024 12:35:21.936649084 CEST1.1.1.1192.168.2.70xec15No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 1, 2024 12:35:21.936649084 CEST1.1.1.1192.168.2.70xec15No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 1, 2024 12:35:21.936649084 CEST1.1.1.1192.168.2.70xec15No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 1, 2024 12:35:22.590554953 CEST1.1.1.1192.168.2.70xb1bdNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 1, 2024 12:35:22.590554953 CEST1.1.1.1192.168.2.70xb1bdNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • reallyfreegeoip.org
            • checkip.dyndns.org

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.749704193.122.130.0807532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            Jul 1, 2024 12:35:21.948894978 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 1, 2024 12:35:22.443336010 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:22 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 41b674812e32ee0fd508423641f10910
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 1, 2024 12:35:22.450426102 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 1, 2024 12:35:22.552890062 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:22 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: e7b38e5ea06c5a1ecdbc982ae6119fd1
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 1, 2024 12:35:23.321485043 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 1, 2024 12:35:23.494251013 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:23 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 29477026f7042341d0e6fe47a445f96c
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.749707193.122.130.0807532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            Jul 1, 2024 12:35:24.206295013 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 1, 2024 12:35:24.796680927 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:24 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: e4e76fe9a43dc9418d198c728c2f1b7c
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.749709193.122.130.0807532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            Jul 1, 2024 12:35:25.766923904 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 1, 2024 12:35:26.513449907 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:26 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: f36e7fa93413d0571f5184e1430efbee
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.749711193.122.130.0807532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            Jul 1, 2024 12:35:27.369793892 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 1, 2024 12:35:28.068649054 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:28 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 6d760bd0eb469adc3ae3e6d16643b21c
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.749713193.122.130.0807532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            Jul 1, 2024 12:35:28.752692938 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 1, 2024 12:35:29.292284012 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:29 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 7e768f4bebab40588e5b901b7c108f8f
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.749715193.122.130.0807532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            Jul 1, 2024 12:35:29.953495026 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 1, 2024 12:35:30.424401045 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:30 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: c6cba9c3120d5e8d41a151d10b800cc7
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.749717193.122.130.0807532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            Jul 1, 2024 12:35:31.181793928 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 1, 2024 12:35:31.656981945 CEST320INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:31 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: b2dcb129578fae44559911bdf86adcb7
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.749705188.114.96.34437532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-07-01 10:35:23 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-01 10:35:23 UTC706INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:23 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 72687
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VhfT3ZTSV7YDSzsuAwdvuF89NGc0XV%2FcpStGjTnkU9njE2kBzPRe%2FAhQT55gikkVABbnZAYxzCLYkU5k4sCaTVcI5iFOVTak5ly2wXORaMGnNhd3fc8OAZg%2BR7GRBPpQxFea262Z"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89c5bfbe5c51c34b-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-01 10:35:23 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-01 10:35:23 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.749706188.114.96.34437532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-07-01 10:35:24 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-01 10:35:24 UTC710INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:24 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 72688
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RGrUB7whseouSd5TVM7BFyeYnAvjNPV9QZ2g0su1oix%2BpzLKM%2FVoaOOJ6b3pbGZ5lFNGNLPC7L21%2BKOJ3rqE5S2Vcw8%2FMHgHOQPSiaqOyIQ51K5aYnR3Lzj5WnVWf%2BMCiylq65T8"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89c5bfc3db7442a0-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-01 10:35:24 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-01 10:35:24 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.749708188.114.96.34437532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-07-01 10:35:25 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-01 10:35:25 UTC714INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:25 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 72689
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYkk%2F0y3fFEGu2EUTqL%2FzbVekbRSMlJC%2Fg43kvNjKKqBz8u6wBrHmD5m%2BnbqXwvYEc9xbgAAdORS3n2cZg8y0YwxBaPvE0J4i%2B3yny28UCVSp008K7EvX%2FHq9F2t5F%2BD9VbtOOTs"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89c5bfcd9ac34268-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-01 10:35:25 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-01 10:35:25 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.749710188.114.96.34437532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-07-01 10:35:27 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-01 10:35:27 UTC710INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:27 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 72691
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yWWoqu184i50TvMYq0gf7%2Be1xLKVHhnRlpm%2BDAIScbP4%2BpjjfIb3f1HqJMTYQ5zteIlnw%2FcMMiXfv0J%2BA3dkq8lgeCIDLXfKiKGnMEz0Ravv826RK5b78XMVapyTYRHhNZZ0hmDv"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89c5bfd7afa3422e-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-01 10:35:27 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-01 10:35:27 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.749712188.114.96.34437532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-07-01 10:35:28 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-01 10:35:28 UTC706INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:28 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 72692
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oCceaPcBadjd1GblPx9C8df9oc%2B4GYeuZq8R9wLbXboiwdI9RukLKq5P3ftBwxq%2FAwenUkrZdv5wngSaOWsZbQOBqGfDu%2B6TmhbXAVC0tGFBXKCTFKtTC3gCFJIj2SVgcByowQwG"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89c5bfe04f2e3350-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-01 10:35:28 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-01 10:35:28 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.749714188.114.96.34437532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-07-01 10:35:29 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-01 10:35:29 UTC708INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:29 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 72693
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0CxscxfCRn9xDq5R4foohlc%2FTby1nJ3hrEhcjrNwMSjrqqpnKdCpkjdvgTm%2FFVAyt14CQuD1XcvI1lDwC9aChVKCSFMXFWENnDynrn%2FbmRbM5J6yc%2FUbSNWLabhXNyxJtkccXP0"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89c5bfe7aa01438a-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-01 10:35:29 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-01 10:35:29 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.749716188.114.96.34437532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-07-01 10:35:31 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-01 10:35:31 UTC710INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:31 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 72695
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RMJ%2FdwiZVI0Qo9UZ9I7RAoDO6B%2FYHwh25%2FBUIsQ1DVzYDcqeu859XkXF4ilmu7WQ5kWJGSz6z2cIY4lINjQ1vRvEECCRERz8B78%2FEIbjxWBEOwz7RN4g%2Ftb1rvK1NY9zkm5wxxhi"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89c5bfef7aa14277-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-01 10:35:31 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-01 10:35:31 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.749718188.114.96.34437532C:\Users\user\Desktop\file.exe
            TimestampBytes transferredDirectionData
            2024-07-01 10:35:32 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-01 10:35:32 UTC708INHTTP/1.1 200 OK
            Date: Mon, 01 Jul 2024 10:35:32 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 72696
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zzRfwBHviOJTOeNw3Ejg9XXyES8LOnQEStJOag7adOE5fbyV1qZB%2BYFASU6VNmi5XaI%2BagdfGonNcP%2FFywzCz9SnSoVH1TPMQVMWlesE5KnraTSQ5wUnKvqMZbOJIBVOoJrL%2FTqZ"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89c5bff6fe4541f9-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-01 10:35:32 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-01 10:35:32 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:06:35:19
            Start date:01/07/2024
            Path:C:\Users\user\Desktop\file.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\file.exe"
            Imagebase:0x520000
            File size:845'312 bytes
            MD5 hash:A7530E8548B1C43EC37D872BEDEC07F5
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1324556825.0000000013AA1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1324556825.0000000013C95000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
            Reputation:low
            Has exited:true

            General

            Target ID:2
            Start time:06:35:21
            Start date:01/07/2024
            Path:C:\Users\user\Desktop\file.exe
            Wow64 process (32bit):false
            Commandline:C:\Users\user\Desktop\file.exe
            Imagebase:0x650000
            File size:845'312 bytes
            MD5 hash:A7530E8548B1C43EC37D872BEDEC07F5
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000002.00000002.3757403719.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.3752962098.0000000003901000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.3752962098.00000000036B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Executed Functions

              Function 00007FFAAC640D22 Relevance: 2.9, Strings: 2, Instructions: 360COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: (3$$P/%
              • API String ID: 0-2322653216
              • Opcode ID: 5199c80f7ef93b7a7a2493b6b84ff66d818422109d65b9ee38c66375b14b76bc
              • Instruction ID: 11b7a4842cf8c506a897cd29123f2d6dbd57014e72864031f24f9f6a9ec8ed4d
              • Opcode Fuzzy Hash: 5199c80f7ef93b7a7a2493b6b84ff66d818422109d65b9ee38c66375b14b76bc
              • Instruction Fuzzy Hash: E8C16DB4D1851E8FEF58DBA8C555ABDBBB1FF59300F006269D00AEB291DE35A845CB40
              Function 00007FFAAC6407C8 Relevance: 2.1, Strings: 1, Instructions: 811COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: P/%
              • API String ID: 0-3514755226
              • Opcode ID: e922080f0063e8f8a42f84889a8c3c5ccedd8bcf7364b08db29abe80a5b08c4b
              • Instruction ID: e5ba2b62a346e58a10c07cab797058bda22a127ad29eddf119a243f2cb43ea82
              • Opcode Fuzzy Hash: e922080f0063e8f8a42f84889a8c3c5ccedd8bcf7364b08db29abe80a5b08c4b
              • Instruction Fuzzy Hash: DF323631A19A1A8FF76DDB28C29567973D1EF85311F14A17DC49FC3682EE38E8468780
              Function 00007FFAAC6411C0 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: jE
              • API String ID: 0-820264240
              • Opcode ID: c34ff99917d37cee80fb1bc3fab91fc117fbabc16fed2ece8de4d7b746d2fac7
              • Instruction ID: 5bf74cc623a303394aae638e719f61f23f662ef34be65e24380f50739c9a4247
              • Opcode Fuzzy Hash: c34ff99917d37cee80fb1bc3fab91fc117fbabc16fed2ece8de4d7b746d2fac7
              • Instruction Fuzzy Hash: C6F13961A2DA9A4FF35EDB2CC5556B877D1EF86310B04A1BAD04EC7197ED18E80A83C1
              Function 00007FFAAC6411E8 Relevance: 1.7, Strings: 1, Instructions: 451COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: P/%
              • API String ID: 0-3514755226
              • Opcode ID: 007ddf551b9dedce206a21379054538574a8145c60469492703a249af89157dd
              • Instruction ID: 8f36094b07371acb98d6456fd425dad1bcfbe4edfcbd90d8fc525cf6ae8ce8cd
              • Opcode Fuzzy Hash: 007ddf551b9dedce206a21379054538574a8145c60469492703a249af89157dd
              • Instruction Fuzzy Hash: 73D1F635A1891D8FEB99EB68D554AB973E2FF98300F1055B9E00ED7292DE28EC45C780
              Function 00007FFAAC641538 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: P/%
              • API String ID: 0-3514755226
              • Opcode ID: 420bf258023edbb360a99053c221c6ac87399a9581f8eb41f7d402502034e5b7
              • Instruction ID: 4cfe18777c0eb1f4ea3b8b6b4922e266f74327784fd8d39cb432811da544ecd6
              • Opcode Fuzzy Hash: 420bf258023edbb360a99053c221c6ac87399a9581f8eb41f7d402502034e5b7
              • Instruction Fuzzy Hash: 63910772E19A098FF7A9DB28C55A67A76C2FF95310F109179D44EC32D2EE68DC068380
              Function 00007FFAAC64155D Relevance: 1.5, Strings: 1, Instructions: 266COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: P/%
              • API String ID: 0-3514755226
              • Opcode ID: 255d0e0721cb2d88e0505b578eabd431c29164da547690c17b9919902da61a14
              • Instruction ID: d83fff7d7e228a0261ff1d3722556e199a9d028ae36de1a34614f3d988f7cbb6
              • Opcode Fuzzy Hash: 255d0e0721cb2d88e0505b578eabd431c29164da547690c17b9919902da61a14
              • Instruction Fuzzy Hash: 02711872E19A098FF7A9DF38C15A67A37C2FF95310F549179D44EC3182EE68D8068380
              Function 00007FFAAC6415C0 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: P/%
              • API String ID: 0-3514755226
              • Opcode ID: 48f5703de1640b5e3ad99d515ad419424be705fc62689157f9a4bb521637f86b
              • Instruction ID: 760ae74b7516281703e62488a887f642d0c8a2199224c43a559afdf065041921
              • Opcode Fuzzy Hash: 48f5703de1640b5e3ad99d515ad419424be705fc62689157f9a4bb521637f86b
              • Instruction Fuzzy Hash: 2D61D372F19A0D8FFBA9EB28C15667973C2EB95310F509179D44EC36C2EE68D8068780
              Function 00007FFAAC64185E Relevance: .2, Instructions: 229COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1582d3fe4c6496b688c837c8dc9cf307980b9368a05238534a85f185f3c6ebcf
              • Instruction ID: 0493e2c726459a107104ef0f3e96831f39b64212472a931b80b5aa46185bd370
              • Opcode Fuzzy Hash: 1582d3fe4c6496b688c837c8dc9cf307980b9368a05238534a85f185f3c6ebcf
              • Instruction Fuzzy Hash: AA81E471E19A09CBEB4DDB68C5516A977E2FF8A310F40907ED41ED76D2EF34A4058B80
              Function 00007FFAAC64A7B2 Relevance: 6.0, Strings: 4, Instructions: 981COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: 8\%$8\%$uL_H${z}
              • API String ID: 0-657358405
              • Opcode ID: 8b1c839e1646f11af7ee04b27e24945bb95dedab298f667797f4e394c025d321
              • Instruction ID: f29db9af4a761205c658d65a4154418e379838f413315fd818f1a427222520e3
              • Opcode Fuzzy Hash: 8b1c839e1646f11af7ee04b27e24945bb95dedab298f667797f4e394c025d321
              • Instruction Fuzzy Hash: 29824A74619A8DCFEBB9DF18C998BE937E1FF5A300F505169D80DCB291DA34A981CB40
              Function 00007FFAAC64911D Relevance: 2.8, Strings: 2, Instructions: 339COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: [$C/
              • API String ID: 0-1914005261
              • Opcode ID: 472aa46fbd5898ace455d7d93a3798169571da06e52fd1df9f8efa5f669180f5
              • Instruction ID: 5933f740b4a502659fdc8699ebcc24830aa6e77862ebc0051a201618c02c4ea3
              • Opcode Fuzzy Hash: 472aa46fbd5898ace455d7d93a3798169571da06e52fd1df9f8efa5f669180f5
              • Instruction Fuzzy Hash: 91D11974919A2DCFEB94EB68C894BA9B3B1FF59300F1081B9D00DE7291DA34A985CF40
              Function 00007FFAAC648604 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: 0#%$~
              • API String ID: 0-4025980061
              • Opcode ID: 783eba3e92e9c4504ee86399525ea001049f6e9260762174179bf3028b5739ff
              • Instruction ID: 3596de70967b9494f41dfa3058a8fa2c7837b04f2df44f448255e996e6d191d4
              • Opcode Fuzzy Hash: 783eba3e92e9c4504ee86399525ea001049f6e9260762174179bf3028b5739ff
              • Instruction Fuzzy Hash: 61A10D74A1591ECFEB95DB58C594FE9B3B2FF99300F5091A8C00DD7295DA38AD82CB40
              Function 00007FFAAC6424A1 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: P/%
              • API String ID: 0-3514755226
              • Opcode ID: ecad9350f88936bef2bd74167132075fc652f113da76a8ea94e7f51e3822d04b
              • Instruction ID: b555d9dafde0b5cd04b09bcdd554fcd3230acb7ed1b018642dfccde52925eb64
              • Opcode Fuzzy Hash: ecad9350f88936bef2bd74167132075fc652f113da76a8ea94e7f51e3822d04b
              • Instruction Fuzzy Hash: 96212735A19A4ACFF7AEDB2CC6641757BE0FF45300B1464BED04EC35A1EE28E8498780
              Function 00007FFAAC646E2A Relevance: 1.3, Strings: 1, Instructions: 54COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: o+
              • API String ID: 0-251698391
              • Opcode ID: 10985e4b34111a843f0f9390184c74350c2dbcb111697ea72cfcb6f1d7ae54e2
              • Instruction ID: d9035aeccb67c75890e175c3cf1e6f5276b2a2fb2b8137a71e05ae73f0bc024e
              • Opcode Fuzzy Hash: 10985e4b34111a843f0f9390184c74350c2dbcb111697ea72cfcb6f1d7ae54e2
              • Instruction Fuzzy Hash: 8A11DA74D0D51DDFEF99DF18C594BB8B7B1EB1A310F5060A9D00EE2291DE34A984CB41
              Function 00007FFAAC648F33 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: K,
              • API String ID: 0-3311693489
              • Opcode ID: 2a507e4c1e56f242d647178fc96a05e4b14160cd66440be2e3abad50014ef198
              • Instruction ID: 1f27f94ee95b9c0cabcd8cd04d20ebc14c1f0566a47ee7fdb73ef0e08bd473e8
              • Opcode Fuzzy Hash: 2a507e4c1e56f242d647178fc96a05e4b14160cd66440be2e3abad50014ef198
              • Instruction Fuzzy Hash: 65E01A3090999CCEDBA6DB04CD50BEA77B1EF8A301F0050E9800DE7291CA30A9808B00
              Function 00007FFAAC648F58 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: C/
              • API String ID: 0-2494870787
              • Opcode ID: 3e27d08f0e3dae66ffd31cf9e509e159d7ea67844d27bb8315f076c6c74542e2
              • Instruction ID: 70f6b18e76ee98d6198391455b7489ac08eba2388107035d2dd4fb6f3c0430cf
              • Opcode Fuzzy Hash: 3e27d08f0e3dae66ffd31cf9e509e159d7ea67844d27bb8315f076c6c74542e2
              • Instruction Fuzzy Hash: 84E07574D0961DCEEB95DF54CA516EDB6B1AB19300F5051A9800EE7240DA309A85CB40
              Function 00007FFAAC649797 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: K,
              • API String ID: 0-3311693489
              • Opcode ID: 58d78aa78193e82a26969d1a5f4053cf2512a7d00f3826ad3bfc9920fd079cf8
              • Instruction ID: 8c38581c55b91e4372a82ebe3585afdb90eb820ec5277ddb58e240a05a1d1c72
              • Opcode Fuzzy Hash: 58d78aa78193e82a26969d1a5f4053cf2512a7d00f3826ad3bfc9920fd079cf8
              • Instruction Fuzzy Hash: 8ED0C73041B10ACED611EB54C5055D97371FF46320F1067A5853D1B1F7D6356516DB80
              Function 00007FFAAC646EFC Relevance: .6, Instructions: 552COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82c78fd3c4ac5dcbed4af592948cfc46d0008ae66e8c3a12ed5bc3f01c1e1fc4
              • Instruction ID: 5a9894650f74e8af06c9ec210c9e55c34b7a01ae0c4639cae3fe9b6e212b2562
              • Opcode Fuzzy Hash: 82c78fd3c4ac5dcbed4af592948cfc46d0008ae66e8c3a12ed5bc3f01c1e1fc4
              • Instruction Fuzzy Hash: CF22D774A1895DCFDF99EB18C899BE8B7B1FB69301F5441A9D00DE32A1CA35AD81CF40
              Function 00007FFAAC64D78A Relevance: .5, Instructions: 491COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19f237bf63e4eb3d8483169ed28f574be98e8b4da8efffd0cb260c9e4ec3da0c
              • Instruction ID: a4f346632b055f91096a7854cf78f4d56f2d84634d6b27e8057612d7ec8f3158
              • Opcode Fuzzy Hash: 19f237bf63e4eb3d8483169ed28f574be98e8b4da8efffd0cb260c9e4ec3da0c
              • Instruction Fuzzy Hash: 3F220C74A1561D8FDB99DB14C990BEAB3B2FF99300F1091E9C40ED7386DA35A986CF40
              Function 00007FFAAC64716F Relevance: .3, Instructions: 337COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86946424eb21954a2a43c332355d86f4b455ae59bd8ebf5ff9352fc09f2ae8b5
              • Instruction ID: d79277d49fcd810813fd66da04d0d369ce2ec3766881bc80ea8975dda53a224b
              • Opcode Fuzzy Hash: 86946424eb21954a2a43c332355d86f4b455ae59bd8ebf5ff9352fc09f2ae8b5
              • Instruction Fuzzy Hash: DED1B574A0895DCFDF99EB18C899BA8B7B1FB68301F5041E9900DE72A1DE35A981CF41
              Function 00007FFAAC647593 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1dfed9655892d559287b95fa535000b985128c688354b0d2076d03c1651f8797
              • Instruction ID: 8488bee88e50b5c8c67ad3740499f2ab632c61d72469abeb1fc958524468e3e4
              • Opcode Fuzzy Hash: 1dfed9655892d559287b95fa535000b985128c688354b0d2076d03c1651f8797
              • Instruction Fuzzy Hash: D9A1C874A1891DCFEF99EB18C899BE8B7B1FB69300F5041A9D00DE3291DE35A985CF40
              Function 00007FFAAC64295D Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f261fc60adba546e7dc4d0dc0ae44de9879fb38828c1888dd9e44808fa0899f
              • Instruction ID: 6237d17ff188b051b49d123704e414144b9db908b7ab4d07b47fa717511af2e3
              • Opcode Fuzzy Hash: 0f261fc60adba546e7dc4d0dc0ae44de9879fb38828c1888dd9e44808fa0899f
              • Instruction Fuzzy Hash: 2671BD25A6D2868FE35ADB7CD9445B13BD1EF83211719A1B9D88EC7293ED18DC8783C0
              Function 00007FFAAC6487F9 Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edb3ff78bcf29be8ab18e70965cdac03cd054069358d86281a86918eb8370b08
              • Instruction ID: a58efe7d3f25df4f149adfadb828d6d04c08a0b520d037bb25afe6adc9f15b7f
              • Opcode Fuzzy Hash: edb3ff78bcf29be8ab18e70965cdac03cd054069358d86281a86918eb8370b08
              • Instruction Fuzzy Hash: 15719E3090DA5DCFEB96DB58C950AF87BF1FF5A310F18A17AD01DD7182EA3898458B81
              Function 00007FFAAC6439FC Relevance: .2, Instructions: 216COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21552b7a9e75890a8c3600b0f62353395588e1934557ef1030abb4f04f83e50f
              • Instruction ID: f19c51a3599254a20f98c1f6c46b8e996c1c1d0a13ac59efcf695f224e1fd7fc
              • Opcode Fuzzy Hash: 21552b7a9e75890a8c3600b0f62353395588e1934557ef1030abb4f04f83e50f
              • Instruction Fuzzy Hash: 87510862A6CD564BF39AEB1CC2566F833D1EF99310F44A279D40EC72D7FE18A90642C0
              Function 00007FFAAC643335 Relevance: .2, Instructions: 216COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f85a2ac24fc19f5e0112cf62a9ad20e7472744d97f331d14600f43436975207
              • Instruction ID: 91ec22c23814db4c9cd3e336b34585a15e26e04d8d6d0112d079c00685196d1e
              • Opcode Fuzzy Hash: 3f85a2ac24fc19f5e0112cf62a9ad20e7472744d97f331d14600f43436975207
              • Instruction Fuzzy Hash: 6F719071618B898FEB89CF1CC9646A537E1FF89304B1455ADE81EC72C2DB35E816CB81
              Function 00007FFAAC643E00 Relevance: .2, Instructions: 208COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e30254abfb6601e29173d71fbc98c1e57e0761afe66357efb2879fda925a3f2
              • Instruction ID: cadda543d5c9d3077b4d3010477cde25d852aa0987f3006f5c4c4155b9b717c1
              • Opcode Fuzzy Hash: 1e30254abfb6601e29173d71fbc98c1e57e0761afe66357efb2879fda925a3f2
              • Instruction Fuzzy Hash: A8610B3091A6468FE75ADB38C5156A577E1FF46310F1491BEC84ECB2D2EE38994ACB80
              Function 00007FFAAC64882D Relevance: .2, Instructions: 208COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f224bd9094baba1382e18a8f160c673bfb8f610c88886e56c7cc404907475040
              • Instruction ID: 0c95a3c43aacced506ec7eebaab23eafc222864b7d1afe5fe680843fdc72e481
              • Opcode Fuzzy Hash: f224bd9094baba1382e18a8f160c673bfb8f610c88886e56c7cc404907475040
              • Instruction Fuzzy Hash: E661A630D0EA9ACFEB96DB68C950AF87BF1FF5A310F1891BAD01DD7182DA289445C741
              Function 00007FFAAC643065 Relevance: .2, Instructions: 208COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c81fbf0e9aabb44de5b73b0b7a7b5e35d19fbad1bea12ec7d0e67289da404c2
              • Instruction ID: 8046750cf9f913241eeb1d70e0b3c4525721313248e0b9e7136b4240f54cbb52
              • Opcode Fuzzy Hash: 5c81fbf0e9aabb44de5b73b0b7a7b5e35d19fbad1bea12ec7d0e67289da404c2
              • Instruction Fuzzy Hash: C6619D71629B4ACFEB89CF1CCA616A537A1FF8A304F145569D41EC72C2DB35E806C781
              Function 00007FFAAC6444DB Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a89da1ec6e25bab138427e6a062e4f5d429b8a4925dddbd5e0531388d12ef229
              • Instruction ID: fbf491df36fd3cd88b08bf0d4c63b523c06bcca296195ab8cddc1a3db5f5e286
              • Opcode Fuzzy Hash: a89da1ec6e25bab138427e6a062e4f5d429b8a4925dddbd5e0531388d12ef229
              • Instruction Fuzzy Hash: F351D130A1C7858FE74AEB28C8566747BE1EF8A311F0451BED04EC72A3DE2998468781
              Function 00007FFAAC642330 Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1b9ce45d3e6aa4ae0c956f7c5feef9a8b65950ef18a45a3d02de64577510b44
              • Instruction ID: 41b69aa572cf29ab09a65e18ae61b5627614b38ab8db5b770c66cb9141ead97b
              • Opcode Fuzzy Hash: b1b9ce45d3e6aa4ae0c956f7c5feef9a8b65950ef18a45a3d02de64577510b44
              • Instruction Fuzzy Hash: 04419D726692464FF71DCEA8D8C61B037D1EB96225729A1BDC18FC7193E968E4434780
              Function 00007FFAAC6494E8 Relevance: .2, Instructions: 159COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b24f88478af5697fb1e94f426a58a6200157e9fbcfac32cbb68cd11bcb1f7e9
              • Instruction ID: 26066861678b33ab035b4d559bcf1dbf4d7ec32b28263cc7826769b14e7fd9c1
              • Opcode Fuzzy Hash: 4b24f88478af5697fb1e94f426a58a6200157e9fbcfac32cbb68cd11bcb1f7e9
              • Instruction Fuzzy Hash: DE51A87091852D8FDBA9EB18C895BE8B7B5FB69300F5055E9900DE3292DE74AEC1CF40
              Function 00007FFAAC64B741 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 949f914ec4fb36b097b11fb6d29833b85faa24f20520116ce3d248ab3e6bef24
              • Instruction ID: 9487d3ccaa528cccd55287464482889a510adfd4da4cda6a5d71a2e2324d51cf
              • Opcode Fuzzy Hash: 949f914ec4fb36b097b11fb6d29833b85faa24f20520116ce3d248ab3e6bef24
              • Instruction Fuzzy Hash: ED51657091991DCFEFA9DB58C990BADB7B1FF99301F1061A9D00EE3290DA34A984CB41
              Function 00007FFAAC643E2F Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3e10ed99d086d204bbb137d9aae04c372833cf52f74e936dcd559b65008cdbf
              • Instruction ID: b5702b3e0135728bf8fdb2c62e9977de8027b512a525c8942a689b67f4d805f7
              • Opcode Fuzzy Hash: e3e10ed99d086d204bbb137d9aae04c372833cf52f74e936dcd559b65008cdbf
              • Instruction Fuzzy Hash: E751FB3091E6098FE75ADB28C5056A577E1FF46310F5091BED44EC72D2EE39D90ACB80
              Function 00007FFAAC644278 Relevance: .2, Instructions: 150COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f37ebade1392ffd92b306728a99d57993b36f8c4afc7c86fe000210dd9d27ff
              • Instruction ID: 77580471ddd3aed87e1c6577e9670d02f030aec00155c6279de86c65d90c9c1a
              • Opcode Fuzzy Hash: 8f37ebade1392ffd92b306728a99d57993b36f8c4afc7c86fe000210dd9d27ff
              • Instruction Fuzzy Hash: 1B41E630A0DA068FE75ADB28C5127B576E2EF46311F0095BDD84ED72D2EE35D94A8AC0
              Function 00007FFAAC642EAE Relevance: .1, Instructions: 144COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd5647acd99e99b4b8c34f8858b5ff9ecd1e10be988259a6adbf256fbc22e22e
              • Instruction ID: b4e67d82e73bca0acfc547fbad7c25589054e7bff2d2e43efbcde2e4a0e78e6f
              • Opcode Fuzzy Hash: bd5647acd99e99b4b8c34f8858b5ff9ecd1e10be988259a6adbf256fbc22e22e
              • Instruction Fuzzy Hash: 2E3112267099088FF795E72CD968A7937E1EFDA21130521B6E80EC73A3FD14EC468390
              Function 00007FFAAC641320 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8c82f2add42115b20d24eb42fe474d90310eeac320bbb3b92989855a45919fb
              • Instruction ID: b371d68c6a1b52f63aef2108b56031ddada4962ab18ce77d6ddd1be416e79c19
              • Opcode Fuzzy Hash: a8c82f2add42115b20d24eb42fe474d90310eeac320bbb3b92989855a45919fb
              • Instruction Fuzzy Hash: EE31EC26B159098FF698E62CD56CA7933E6EFDA21170121B6F40EC73A2FD10EC468780
              Function 00007FFAAC64425D Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d0685fc1148d15063153a84cc9a6fc165d681df4be29e6979077994ba63e460
              • Instruction ID: 1b2d6b1ab4e530a9c201be8e281e059a3ef8ad799362165588d99d3bf4a2e761
              • Opcode Fuzzy Hash: 4d0685fc1148d15063153a84cc9a6fc165d681df4be29e6979077994ba63e460
              • Instruction Fuzzy Hash: A741E57060A6468FF79ADB28CA126B577D1EF46310F0491BDD44FC7292EE38D94A8A90
              Function 00007FFAAC64A144 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d6058588b6bc2161a9627382d8cc0c65edb1701cc866323a4b2f2e92e2505d8
              • Instruction ID: 58775b4d32a17bc214eb622b03e29ef66202dfdfc39b9f6bad0ec46113cbc704
              • Opcode Fuzzy Hash: 6d6058588b6bc2161a9627382d8cc0c65edb1701cc866323a4b2f2e92e2505d8
              • Instruction Fuzzy Hash: 6D410871E0921ADFEB49DF98D6905EDB7B1EF49314F10647AD40AF3281EA34A885CB90
              Function 00007FFAAC64CB30 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0919ba82aec95b31c9d9a7ffd39dbe2aadd91cee2dc78b9226a89ed67e54bcc5
              • Instruction ID: 4e05891865e18a47dfeaed129c676399285687914eca54eab0a712fc3bb54a60
              • Opcode Fuzzy Hash: 0919ba82aec95b31c9d9a7ffd39dbe2aadd91cee2dc78b9226a89ed67e54bcc5
              • Instruction Fuzzy Hash: 4951023861468CCFEBA9DF09C990BE933A2FB49300F10906DC90DCB391DB75AA46CB40
              Function 00007FFAAC643E53 Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c46be3e0ac91147fe4d3c8c9ce46e5e1b865730217ea3d05ab8cf770a8bdfdbc
              • Instruction ID: 21249a43eaffcd7c9df81bf1568db8af980f642989994bb9e9129cc4be90a892
              • Opcode Fuzzy Hash: c46be3e0ac91147fe4d3c8c9ce46e5e1b865730217ea3d05ab8cf770a8bdfdbc
              • Instruction Fuzzy Hash: 4541C730D1A6058FF75ADB28C6157A576E1EF45310F14A1BDD84EC72D2EE39D90A8A80
              Function 00007FFAAC64626D Relevance: .1, Instructions: 109COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77eb4b8972e701732250e184260fcc5826264c78d3ed914b24e669519cd6b345
              • Instruction ID: 23fd9d65ef089a0d3f87800ebcc8433c799968fcee4e0b245d265143daf983ee
              • Opcode Fuzzy Hash: 77eb4b8972e701732250e184260fcc5826264c78d3ed914b24e669519cd6b345
              • Instruction Fuzzy Hash: DA31F875D09A5EDFEF96DB98C454AADBBF1FB59300F24113AD00EE3280DA24A844CB80
              Function 00007FFAAC6442EF Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f3d435fb2fd9dec8101f8968141b1073189bf030d47caa3bb680544927640c7
              • Instruction ID: ce79ac0aee0419b3de67f21348e1ac4525b1077c3dcddcc4a84807e2084866f0
              • Opcode Fuzzy Hash: 5f3d435fb2fd9dec8101f8968141b1073189bf030d47caa3bb680544927640c7
              • Instruction Fuzzy Hash: 4931C830A0DA1A8FE75ADB28C5117B976E2EF45311F0091BDD44ED72D2EE38E9498B80
              Function 00007FFAAC64C991 Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a91ef325c3b10e37e5edd0147fb34c7deb6eb98cd8de8a7e07603e00ca56ee2
              • Instruction ID: 9da66890bcf9b466852344a9564cc7031982dddebe4f4528bdf76b3f7c99f59a
              • Opcode Fuzzy Hash: 9a91ef325c3b10e37e5edd0147fb34c7deb6eb98cd8de8a7e07603e00ca56ee2
              • Instruction Fuzzy Hash: 37413B75509249DFEB79CF14C6907F833A1FB59300F20A12ED90E8B391EB75AA89CB40
              Function 00007FFAAC644292 Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 290ada99e00e9d585fd248261edfea5974f7fa8ff13f533b6d4bc0953ca1059d
              • Instruction ID: 49db290c445a9f32ee1c8b510d77946b8d7af4bb0e085a29fa6d34085109cbea
              • Opcode Fuzzy Hash: 290ada99e00e9d585fd248261edfea5974f7fa8ff13f533b6d4bc0953ca1059d
              • Instruction Fuzzy Hash: 2931C730A0DA068FE75ADB28C5113B976D2EF45310F5095BDD84ED72D2EE38D94A8B90
              Function 00007FFAAC646278 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc921280bb7cadc64ce2d8d9699e52da3b7ab940f58a20d7e2e8357e8875e20a
              • Instruction ID: 5ebfe45e0deb2306cca0e776d185935fd0f218f88e507749f6d1f932d33f7de8
              • Opcode Fuzzy Hash: cc921280bb7cadc64ce2d8d9699e52da3b7ab940f58a20d7e2e8357e8875e20a
              • Instruction Fuzzy Hash: FE31F775D0990DDFEF96DB98C454AADBBF1FB59300F242029D00EE3284DA34A844CB80
              Function 00007FFAAC6407C0 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 640241f5b7f713d35f9ef86765c994d0df7d75dbadb8268c4d94520703659f97
              • Instruction ID: d2c6be93ca220378895ca2881a0796a158e788e76524b734c6f3b3901c4781d1
              • Opcode Fuzzy Hash: 640241f5b7f713d35f9ef86765c994d0df7d75dbadb8268c4d94520703659f97
              • Instruction Fuzzy Hash: 8C21A842A0EBD58FFA5693AC6B251B87F90EF8321074863FBE04D86587EC49DD4643D2
              Function 00007FFAAC6442A5 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 002bf984b248d080b5bbf778da14be2f8df93f2a2500cb22257cc4ec027c0fe8
              • Instruction ID: f08b04a579792f34cd7489103a6c5cbf5d487270d1b28f79a502b438d2790ad3
              • Opcode Fuzzy Hash: 002bf984b248d080b5bbf778da14be2f8df93f2a2500cb22257cc4ec027c0fe8
              • Instruction Fuzzy Hash: F831D630A4DA068FF39ADB28C5123B536D2EF46311F1091BDD84EC72D6EE39D84A86D1
              Function 00007FFAAC6407D7 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8178da8acdb3d0580e90013e00cc00c8b456e0274faae3d766b71e8d846f7dc9
              • Instruction ID: 2ba45945044f0784cf0c93f3d519d419a5e5b21eea6355dab6630ecb4802efc9
              • Opcode Fuzzy Hash: 8178da8acdb3d0580e90013e00cc00c8b456e0274faae3d766b71e8d846f7dc9
              • Instruction Fuzzy Hash: 0D210A42B0EA998EF96A539C6B250B97FD0DF8221174873FBE04D865CBFC09DD0642C1
              Function 00007FFAAC640808 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3fea96d19f9e7f889f1f2225f2761e3f7af87de7e1c01711bd636663a61aa67a
              • Instruction ID: 5e46624e560fdfdbb8615775e6146c7da525b90e90d9cbbc157e95a1611f1ed9
              • Opcode Fuzzy Hash: 3fea96d19f9e7f889f1f2225f2761e3f7af87de7e1c01711bd636663a61aa67a
              • Instruction Fuzzy Hash: A811DA42A0EA998EF96A439C6B251787FD0EF8221074873FBE04D865CBFC45DD0642D2
              Function 00007FFAAC6442AF Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89cc54e4896755a4ef5abe792531928d3435929022ea1352b84bdf0c232d308f
              • Instruction ID: 14ead8859a8b2eda6eec0b74e065cb2fc5f3fa9e90d74ccc947ba6f6959dc2c1
              • Opcode Fuzzy Hash: 89cc54e4896755a4ef5abe792531928d3435929022ea1352b84bdf0c232d308f
              • Instruction Fuzzy Hash: FB31B430A496168FF75EDB28C5123B576D2EF45311F1091BDD84EC72D6EE38D84A8A90
              Function 00007FFAAC64C176 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 44fdaea4c071a87180c9a761f85840885ad2b6c911365d044b0b205381a619d8
              • Instruction ID: 7046eaeaa24d8af3b38fa9b2e5f03057e1657629780a2e02298a9b7525a73073
              • Opcode Fuzzy Hash: 44fdaea4c071a87180c9a761f85840885ad2b6c911365d044b0b205381a619d8
              • Instruction Fuzzy Hash: 7831EF34A1091ACFEB90EF88DA40BDCB3F0FB59321F4095A6D50DE3351DA34A9858F50
              Function 00007FFAAC643E6C Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ead9e813211621ee0bc7d1644f68f7e75ba215b76c572c0c535c1e24ab0af048
              • Instruction ID: e75b9347da859e4eefe553ab97a9f1dda2195cd342c0e803a78c9f44fcc1e683
              • Opcode Fuzzy Hash: ead9e813211621ee0bc7d1644f68f7e75ba215b76c572c0c535c1e24ab0af048
              • Instruction Fuzzy Hash: 41210730A0E6498FF79AD728C6157B576E1EF46311F5091BDD44EC32D2EE38D84A8780
              Function 00007FFAAC64CCE4 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36fcba9b79db93b5fcc9aa4b87ad4491b9ed651e861113833a4cb58e318052df
              • Instruction ID: f19806656fe5d50de747cfecdf534f3e155ca6bf051568e04309dc4c61efd4a4
              • Opcode Fuzzy Hash: 36fcba9b79db93b5fcc9aa4b87ad4491b9ed651e861113833a4cb58e318052df
              • Instruction Fuzzy Hash: 4B31297451854D8FDFA9DF09C990BE837A1FF58300F50512AE90ECB292DA30E945CB80
              Function 00007FFAAC6442CF Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f10738a10658b95c0a6a8db34adb05a835618b4f28b2cda9c95b7e573485c41f
              • Instruction ID: e8fe9e1853140719199bbc065760990952d4811c3f041c98a2c7559d15430b18
              • Opcode Fuzzy Hash: f10738a10658b95c0a6a8db34adb05a835618b4f28b2cda9c95b7e573485c41f
              • Instruction Fuzzy Hash: 30210830B0D6568FF79ADB28C9127B976D1EF45311F1091BDD44EC76C2EE38D84A8A80
              Function 00007FFAAC644267 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea5c3629764aa7a64d2d9cda0351737e8e5a0dc2d22009fcff68a97754666e9e
              • Instruction ID: f3eafc3192e38e10a9c808f20b922ada410c4eb8f33cc6c75893e2fd5b3eb443
              • Opcode Fuzzy Hash: ea5c3629764aa7a64d2d9cda0351737e8e5a0dc2d22009fcff68a97754666e9e
              • Instruction Fuzzy Hash: FE210530A0E6468FF357DB28C61627476D1EF46310F00A1B9D84FC72D2EE38D90A86C0
              Function 00007FFAAC6442C6 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ac23f09fe0d91d33d0632c35f5bf22f41710ade3506bd18f5d751a6ea8d51b7
              • Instruction ID: 6d0e641a496769ec2d475c2859756c54055336c06b31ceaa9591bdc71212bb36
              • Opcode Fuzzy Hash: 8ac23f09fe0d91d33d0632c35f5bf22f41710ade3506bd18f5d751a6ea8d51b7
              • Instruction Fuzzy Hash: 26212830B4E6468FF35ADB28C5163B976D1EF46310F1091BDD84EC72D2EE38D84A8691
              Function 00007FFAAC641198 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 635345d78617f9baa1c50417369ae3d755ec28acb5bf14e27c65a5753d8034ca
              • Instruction ID: b9a549f546fc7f472304165cdf10673e976656a7f06e83a37e41a32f5f9a5d37
              • Opcode Fuzzy Hash: 635345d78617f9baa1c50417369ae3d755ec28acb5bf14e27c65a5753d8034ca
              • Instruction Fuzzy Hash: E421273090D6558FE359D728D6906757BE1EF46310F2451FAD16CCB1D7EA28DC8A8390
              Function 00007FFAAC643FB0 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8df921bc7ef07fdfff2cee8c0ca7af8b0eb2a2944b486f03eba31204c7269462
              • Instruction ID: e18b9a99b855e9d19d566b21756cde9e2584e9ef035e090192e065d6856d307c
              • Opcode Fuzzy Hash: 8df921bc7ef07fdfff2cee8c0ca7af8b0eb2a2944b486f03eba31204c7269462
              • Instruction Fuzzy Hash: 4A21367191A6858FF356CB34C5166A57BE0EF46320F1495FEC88E87192ED3C984A8781
              Function 00007FFAAC64109E Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 983f5cf0484d5585b33d891120f253b3bc582504e60271248aabd945bb30110c
              • Instruction ID: 66f83863a7cb4cdec4093a3ef6d74338aa3bf4973a5ccf213cf6de9fcacf8c37
              • Opcode Fuzzy Hash: 983f5cf0484d5585b33d891120f253b3bc582504e60271248aabd945bb30110c
              • Instruction Fuzzy Hash: B1119D7090961DCFEB85EBA8C9055E9BBF1EF4A301F00107AD408E3292EA6899458B90
              Function 00007FFAAC64690D Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 685faf8538b5363c032d38b2f9ddda301c7153363357281d7da648494cb7d92c
              • Instruction ID: 8f7ea085b44918d292dc05caa471446e2a3fb20824392f2e088f503ab50a7f4c
              • Opcode Fuzzy Hash: 685faf8538b5363c032d38b2f9ddda301c7153363357281d7da648494cb7d92c
              • Instruction Fuzzy Hash: 6211E17080D78A8FD702DF64CD115E63FB4EF9B200F0952AAE44CC3192C668D959C7D1
              Function 00007FFAAC64A07B Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51195851aaf93cfec0f1ed7cd800c7e4e366e919c15bcb37fa1606a2a5a13c34
              • Instruction ID: 760b75f45538c31bb29eea85315d5686ce2b8192db3db2984d60e56f17c86b0d
              • Opcode Fuzzy Hash: 51195851aaf93cfec0f1ed7cd800c7e4e366e919c15bcb37fa1606a2a5a13c34
              • Instruction Fuzzy Hash: 3E21DB3091992DDFEB94EB18C540BA977B2FB5A301F50A4E5800DE3292DB34A9858F81
              Function 00007FFAAC6420BE Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80c7b2ab9f39fdc98ca5eea8f580e7ea99517dd0f105473ef3cad8fe2168361e
              • Instruction ID: 9b2874e1843f20f1d0c494ca324e8ae5be16bbb5831693a1d5082de7b799cdc5
              • Opcode Fuzzy Hash: 80c7b2ab9f39fdc98ca5eea8f580e7ea99517dd0f105473ef3cad8fe2168361e
              • Instruction Fuzzy Hash: 7111C22480D6D28FF31BC33489612217FE19F43211F1952EAC0A8CB5E7E99CE889C3A1
              Function 00007FFAAC64C08A Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68387b855d1c1e8b340c409aa18cbfad7b4687b0bdf885ac92697b3e84f8b147
              • Instruction ID: af4e3f433cdfbd801219a2590da74bea3715da8fe54473fd694fa6615711daf2
              • Opcode Fuzzy Hash: 68387b855d1c1e8b340c409aa18cbfad7b4687b0bdf885ac92697b3e84f8b147
              • Instruction Fuzzy Hash: B611B270E1991ADFEBA5DF88DA40AACB3B1FF59701F5061B5D00DE7341EA34A9848B50
              Function 00007FFAAC647841 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4bcbf1ae61a051e2895d2e519beb8e8ac0ce9f44f5ea8f25cd1e96c679837100
              • Instruction ID: 242d908678f32318c1a81e5fc7b8a557bc93d226125942191efc51053cb246a1
              • Opcode Fuzzy Hash: 4bcbf1ae61a051e2895d2e519beb8e8ac0ce9f44f5ea8f25cd1e96c679837100
              • Instruction Fuzzy Hash: EB018E7188F2C5DFE31397609A125E53F749F43210F0961F6E0898A4D3D91DAA5AC3A2
              Function 00007FFAAC643C88 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16108f3e0ca858f2f5cfda64b27e34f2bd568a70b74982b8452c3b20901d4175
              • Instruction ID: 54fc9cc8db507a152a9154ca54417e0d9cba64c117d5221cb76373a6a10fc00f
              • Opcode Fuzzy Hash: 16108f3e0ca858f2f5cfda64b27e34f2bd568a70b74982b8452c3b20901d4175
              • Instruction Fuzzy Hash: D3016D30A19A08CFDB5EEF28C941A6933E2FF59302F1054BDD41EDB292DA31D846CB80
              Function 00007FFAAC642289 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b56be00329bd8078f4e0a81bb823b04c5aceb0a51fb4d2a6c04d612a175b54f1
              • Instruction ID: 26bef19c8c93557e6d8907bb45320aaa5a2e0b12b5e1d0e5bc85254c5401b434
              • Opcode Fuzzy Hash: b56be00329bd8078f4e0a81bb823b04c5aceb0a51fb4d2a6c04d612a175b54f1
              • Instruction Fuzzy Hash: 54014C3180E28D9FE741CFE0C8555EA7FF0FF47210F0491EAE048C7453EA2894868790
              Function 00007FFAAC64E23E Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac9c58e9cfe372420b5bb1dab92d1de4de98bd8cf2a33a594cce941a11e30834
              • Instruction ID: df14c76673849f331ae8eac1909e4c79479d49211017703451af2ee3826d3e80
              • Opcode Fuzzy Hash: ac9c58e9cfe372420b5bb1dab92d1de4de98bd8cf2a33a594cce941a11e30834
              • Instruction Fuzzy Hash: A701D47040C68ECFEB86EF24C9565E67FD0FF56300F0411B9E41CC31A2DA24A518C781
              Function 00007FFAAC642067 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a61683007bb88fabd02a11e74c78e1141da4ba8aef6775d239a123ec9ef1dc38
              • Instruction ID: da6fa4c3392ed145dc79cb14638a8ab3cb3e72ef68cbcdf0f11e608db49f00ba
              • Opcode Fuzzy Hash: a61683007bb88fabd02a11e74c78e1141da4ba8aef6775d239a123ec9ef1dc38
              • Instruction Fuzzy Hash: 0FF0E9B240D60C5EF7189658EC0BEF63BE8EB87234F10102EE54E82053F262A913C295
              Function 00007FFAAC6477C5 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b1aa8dec39bb650bd9271c8005bc58e5ae6b73e75c76f032b2f6e517a24f99d
              • Instruction ID: abc01bbef92e9488cb6b04b066eb70058bcea000d54f6a6004344a01e98ad681
              • Opcode Fuzzy Hash: 2b1aa8dec39bb650bd9271c8005bc58e5ae6b73e75c76f032b2f6e517a24f99d
              • Instruction Fuzzy Hash: E7010834908A5D8FDB95EB18C898BE5B7A0FB59314F5441A9D00DD3591DA319A85CB40
              Function 00007FFAAC6411D3 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b6d652083c6968a32368de0331bd1340e7e21558113ce800bbb86d62eb3b343
              • Instruction ID: f889d97661374f3491bd9367a3cdbc854fa14f0d0b62007274752d5069e1b123
              • Opcode Fuzzy Hash: 9b6d652083c6968a32368de0331bd1340e7e21558113ce800bbb86d62eb3b343
              • Instruction Fuzzy Hash: 14F06D5BA0E5A94BD312A76CA9A15E67F60DE8322A35842FBC2C8895B3DC05504A8294
              Function 00007FFAAC648B6A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7379bff1e17e0a4a7c0b83101421e454a37de09948d6980248296b459f371495
              • Instruction ID: 097e32441767fede572d248f718eed3d75e7de857834a8942fb8579bc5c43392
              • Opcode Fuzzy Hash: 7379bff1e17e0a4a7c0b83101421e454a37de09948d6980248296b459f371495
              • Instruction Fuzzy Hash: 1B01F27090992D8FDFA8DF58C894BACB7B1FB69301F54819A800EE7251DA319985DF40
              Function 00007FFAAC646358 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c95e377dbc2a7460cb4073b0228dee0b819fef6d5a264334fa3671dfd978109
              • Instruction ID: 28080caaa681a2138bbce4a0d8e26729c826ee5a106049c40973138af08d6252
              • Opcode Fuzzy Hash: 0c95e377dbc2a7460cb4073b0228dee0b819fef6d5a264334fa3671dfd978109
              • Instruction Fuzzy Hash: 5101AD74919A4ECFEBA9DB68C614BB9BAA1FB45300F50153DE01ED3281EE34A849C785
              Function 00007FFAAC64C12F Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 293bb957e45bec6712332e87e1b8e39b9c7bf1bc51ca7012c334d0a3588d9609
              • Instruction ID: 198ffce262a2d9cdbee2028d84fe4197fc06118b894a3edf614f59ce5fe7063f
              • Opcode Fuzzy Hash: 293bb957e45bec6712332e87e1b8e39b9c7bf1bc51ca7012c334d0a3588d9609
              • Instruction Fuzzy Hash: B301DC74E0A629CFEBA9DB48CD94BA8B7B1FB58301F1051EAD50DA3350DA306E84CF55
              Function 00007FFAAC64A390 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7bd43322ee050ce2a8e96456b95fa5215c5a2f3844afade24624da0d77a5ae5
              • Instruction ID: 611385bcd7ffe16bd0c11db732b468bb73b6f7b3cb3f0cc32921c87eee366640
              • Opcode Fuzzy Hash: c7bd43322ee050ce2a8e96456b95fa5215c5a2f3844afade24624da0d77a5ae5
              • Instruction Fuzzy Hash: 00F0907480CA4ECBEB55EF24C9056FAB690FF49300F406575E41DC2191EA34A558C7C5
              Function 00007FFAAC6408CD Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e1f2d71a707a10a036619c8bc5060e7ab148827d37df2ada4ea9a2458896ba1
              • Instruction ID: c3e04b27b45fbda1bfd8ddb2428c931c4f326fdddefd3a4dbfea7ac8ac1e51c5
              • Opcode Fuzzy Hash: 7e1f2d71a707a10a036619c8bc5060e7ab148827d37df2ada4ea9a2458896ba1
              • Instruction Fuzzy Hash: 50E0E5A290EBA58FE3E9D72846A61A53ED0EF0A20070560EFC04DC7593E9008C0C43C1
              Function 00007FFAAC648C7B Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa4934e6aa31bbaf0ba1703fa86e9358a00486674b60051978b273037049a882
              • Instruction ID: fbbf0b4990675b3fda76880835debc4f63d6f1c6b31d855e8cc8af60150af8f7
              • Opcode Fuzzy Hash: aa4934e6aa31bbaf0ba1703fa86e9358a00486674b60051978b273037049a882
              • Instruction Fuzzy Hash: 8DF0F47090492D8FDFA4EF18C894BA9B7B1EB69301F1481DA800EE7251DE31A9C5CF40
              Function 00007FFAAC64C95E Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66cee2e9e9699ca6168ef6383fc4303060b890bcd82d600a086038247f95c3be
              • Instruction ID: 8925d54c91c4f226f176da0b67bc9c94a3178a7d0fd7356241042b33f3a4a85c
              • Opcode Fuzzy Hash: 66cee2e9e9699ca6168ef6383fc4303060b890bcd82d600a086038247f95c3be
              • Instruction Fuzzy Hash: CAF0B77450968DCFDB65DF14C590BE83BA1FF59344F20912AD84DCB351DB34A549DB80
              Function 00007FFAAC642480 Relevance: .0, Instructions: 3COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1326969519.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd32e1015b445d8994a46a02a5e5d12ac8eb3361a3f8ab26d280c3c1572c5acf
              • Instruction ID: 6c67e6b6fe6cd5f3f94d4706f63a912350a0877964f87762c86e5bcb6eaae8d5
              • Opcode Fuzzy Hash: cd32e1015b445d8994a46a02a5e5d12ac8eb3361a3f8ab26d280c3c1572c5acf
              • Instruction Fuzzy Hash:

              Executed Functions

              Function 00007FFAAC64832F Relevance: 1.9, Strings: 1, Instructions: 653COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: L_^
              • API String ID: 0-925995230
              • Opcode ID: 0e2ca97810efb92140901955b8c8461f26d8d8a8713fd603970bb079cd233d73
              • Instruction ID: 0fc2d9c6e652b8c22608867ae9b2efe79bf4502e5b8114a837d42e593ba1d47b
              • Opcode Fuzzy Hash: 0e2ca97810efb92140901955b8c8461f26d8d8a8713fd603970bb079cd233d73
              • Instruction Fuzzy Hash: 0DF12870E08619CFEB95EB68C985BE8B7F1FF59301F5491AAD00DE3291DA34A985CF40
              Function 00007FFAAC647396 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: 8M%
              • API String ID: 0-1690249272
              • Opcode ID: caa05378dd2a5a7714ca945ee854f0099c8897a0c47872ae86c63b16f2f7c486
              • Instruction ID: 23cf575b8ae42159afe92215be06744a2d7b7e8cd43dbcd7445c5789f643498a
              • Opcode Fuzzy Hash: caa05378dd2a5a7714ca945ee854f0099c8897a0c47872ae86c63b16f2f7c486
              • Instruction Fuzzy Hash: E7E1F770909629CFEB95EB28C994BE8B7B5FF59301F1051E9D00DE3291DB39AA85CF40
              Function 00007FFAAC64673D Relevance: .9, Instructions: 887COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 551ea3f87aa89ce0aa62a7a50c8bf1242dd8484c47129e2c0dad2626652b2fa4
              • Instruction ID: 9f9cdd41f1945b603ccebdb6d7bbceaf7478addd83d6ffa35eb2a14ef881d792
              • Opcode Fuzzy Hash: 551ea3f87aa89ce0aa62a7a50c8bf1242dd8484c47129e2c0dad2626652b2fa4
              • Instruction Fuzzy Hash: 2272F670A0892DCFEB99EB28C995BA8B7B1FF59301F5051E9D00DE3291DB35A985CF40
              Function 00007FFAAC6498F8 Relevance: .4, Instructions: 372COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 511d21abc5a7b3ac767729a4c71d3ed287d0ffa319dda5679dcb0961804c9cc7
              • Instruction ID: dbde4ddd93016443dbf023543b20f64e07a55cf679f3d502a999281f2909679f
              • Opcode Fuzzy Hash: 511d21abc5a7b3ac767729a4c71d3ed287d0ffa319dda5679dcb0961804c9cc7
              • Instruction Fuzzy Hash: F8E1E270E18A1D8FEB94EB68C985BADB7F1FF59301F5091A9D00DE3295DA34A984CF40
              Function 00007FFAAC649E6C Relevance: .2, Instructions: 243COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad7f13f82e0cdb77afe46cb0b4b1774a6fe23efe5186f473b5fa2ad1c0629d56
              • Instruction ID: 0aaf4fe8220009aed9e58652116e03e6bab1597369bd5c9862b0e235f4875877
              • Opcode Fuzzy Hash: ad7f13f82e0cdb77afe46cb0b4b1774a6fe23efe5186f473b5fa2ad1c0629d56
              • Instruction Fuzzy Hash: B4914CB0D0960A8FEB84EF68C554BEDB7B1FF55300F1092A9D41DE7292DB389985CB84
              Function 00007FFAAC64A0FC Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2b667cdc9daca2eb28cdd688bfdea83ab0260898abdf414b87d5cef0b092036
              • Instruction ID: 84ebae0430ec5ab1cff535f0e8ba954ff8a4ba01cb74f0896e7b5558e1a858ed
              • Opcode Fuzzy Hash: c2b667cdc9daca2eb28cdd688bfdea83ab0260898abdf414b87d5cef0b092036
              • Instruction Fuzzy Hash: 9F017830C1421ACAEB50EFA5C5407FEB2B1EF86301F00A139C11CA31C6DB789689CF84
              Function 00007FFAAC6408D3 Relevance: 2.8, Strings: 2, Instructions: 330COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: ;M_^$K;M
              • API String ID: 0-263230361
              • Opcode ID: 4e490dc314b3ec660df357ebe464a052965c2afe573345ade0ef960fb2af0d87
              • Instruction ID: 7e11f11fbde30acf2da30148092917d59e9a5e4dd518db50579c898ceb40de95
              • Opcode Fuzzy Hash: 4e490dc314b3ec660df357ebe464a052965c2afe573345ade0ef960fb2af0d87
              • Instruction Fuzzy Hash: B6A14C75A0992C8FDB94EF6CD884BEDB7B1FF59311F4042AAD04DD7252DA34A885CB80
              Function 00007FFAAC6408D8 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: ;M_^$K;M
              • API String ID: 0-263230361
              • Opcode ID: f1dd53380aec437fd129c110bd6e8653df19e2e2a45e30c39bbbb991fa0f3f79
              • Instruction ID: 6a7d3443981e52ff1b7b10ef3291121e7df450d2703a05b1cd153c8d582711a1
              • Opcode Fuzzy Hash: f1dd53380aec437fd129c110bd6e8653df19e2e2a45e30c39bbbb991fa0f3f79
              • Instruction Fuzzy Hash: C1A15D75A0892C8FDB94EF6CD884BECB7B1FF59311F4046AAD04DD7252DA34A881CB80
              Function 00007FFAAC6408E8 Relevance: 2.8, Strings: 2, Instructions: 315COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: ;M_^$K;M
              • API String ID: 0-263230361
              • Opcode ID: 7f05ab3de2c0558edeac254480b0fd34eb1a00237034af04c2ad4a2da984f54d
              • Instruction ID: 2c1cb509b5e08ad5318b78f57bfea66dcf9bc9efb06306449d45a0927198a9db
              • Opcode Fuzzy Hash: 7f05ab3de2c0558edeac254480b0fd34eb1a00237034af04c2ad4a2da984f54d
              • Instruction Fuzzy Hash: DEA13A75A0892C8FDB94EF6CD885BEDB7B1FF59311F4045AAD00DE7252DA34A881CB80
              Function 00007FFAAC6408F8 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: ;M_^$K;M
              • API String ID: 0-263230361
              • Opcode ID: 52d9ea07a2ed6f7c479ba069bfe5c441b6cc5233b82b10f6bdcf84dddc1815bc
              • Instruction ID: 224b1294a50aa5f2ad2f16573638e480177c3b9f5e7344dced20d745706745b0
              • Opcode Fuzzy Hash: 52d9ea07a2ed6f7c479ba069bfe5c441b6cc5233b82b10f6bdcf84dddc1815bc
              • Instruction Fuzzy Hash: 4DA12775A0892C8FDB94EF6CD885BEDB7B1FF59311F4045AAD00DE7252DA34A885CB80
              Function 00007FFAAC640CF0 Relevance: 1.8, Strings: 1, Instructions: 550COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: HB%
              • API String ID: 0-81579929
              • Opcode ID: 3615670ab99d532ab90175aedb08ad4ce9d687bf443db9646ba8dfa6519952c8
              • Instruction ID: eb2a055ba05137918c0a8fafcb6d51edbb6edf52fdab6c91ff637ba2ee6dc2c4
              • Opcode Fuzzy Hash: 3615670ab99d532ab90175aedb08ad4ce9d687bf443db9646ba8dfa6519952c8
              • Instruction Fuzzy Hash: 5122B770A1492D9FDBD4EF68C899BA977B2FB98301F5081A9D40DD3259EF34AD818F40
              Function 00007FFAAC6408B8 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: K;M
              • API String ID: 0-1666167106
              • Opcode ID: a44b06a77f6cc220d5ac48914482ea0f9616212ecad2699ab2d16b1f25d91c66
              • Instruction ID: 3f7e8a6dacdf6f9b3d64cf5da344bd3dba49bcd480f20a99da31411d33751776
              • Opcode Fuzzy Hash: a44b06a77f6cc220d5ac48914482ea0f9616212ecad2699ab2d16b1f25d91c66
              • Instruction Fuzzy Hash: ADA13875A0992C8FDB94EF6CD885BEDB7B1FF59311F4045AAD00DE7252DA34A881CB80
              Function 00007FFAAC6408C8 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: K;M
              • API String ID: 0-1666167106
              • Opcode ID: 199332d18df44d3540bb2bb10a690c26958d8fee82b4d13c6d3c02ba2de53f40
              • Instruction ID: 99ec1be6eaeb51d5029ac9bba1aeca5616de83ca7b20e1f5342aecadfc34fbba
              • Opcode Fuzzy Hash: 199332d18df44d3540bb2bb10a690c26958d8fee82b4d13c6d3c02ba2de53f40
              • Instruction Fuzzy Hash: 7FA11875A0892C8FDB94EF6CD885BEDB7B1FF59311F4045AAD00DE7252DA34A885CB80
              Function 00007FFAAC640908 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID: K;M
              • API String ID: 0-1666167106
              • Opcode ID: 515f1c840bc4b5612a97837d70fd381e8f9776791eaf584f8a002ab887b6d9f3
              • Instruction ID: c8b464195318bd7b8c4dac4611ff960d62fb05a4783cac4cb36568bfaf8d7a14
              • Opcode Fuzzy Hash: 515f1c840bc4b5612a97837d70fd381e8f9776791eaf584f8a002ab887b6d9f3
              • Instruction Fuzzy Hash: 44A10875A0892C8FDB94EF6CD885BEDB7B1FF59311F4045AAD00DE7252DA34A885CB80
              Function 00007FFAAC64E9F5 Relevance: .5, Instructions: 463COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 993746737731ceba12d0fffbb65ecd3e474e9daf5bb0fbaa397bd906b05ec9b4
              • Instruction ID: 8ad2605fd3169ef331e231432607ce9807ff4f6fc0f9981f1aef695ceda8cebe
              • Opcode Fuzzy Hash: 993746737731ceba12d0fffbb65ecd3e474e9daf5bb0fbaa397bd906b05ec9b4
              • Instruction Fuzzy Hash: EF027970D08619CFEB58EF68C594BECB7B1FF59300F2091A9D01DA7282DB39A885CB44
              Function 00007FFAAC64324D Relevance: .4, Instructions: 385COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b188aa2a9788169f8e13a1b8647175c1ba1668208288871a75f1c9a3f7806768
              • Instruction ID: a4e76a2e7f964eda0a9cbb23d5905183540f5e7dffdcbd158f1e77fbad76a885
              • Opcode Fuzzy Hash: b188aa2a9788169f8e13a1b8647175c1ba1668208288871a75f1c9a3f7806768
              • Instruction Fuzzy Hash: 89D1B070A1DA5D8FEB86DB5CC955BA87BF1FF6A310F0450BAD04DD7292EA349884CB40
              Function 00007FFAAC6442B6 Relevance: .3, Instructions: 307COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f7af33f338a954979613b203cb20e9bcfbcb55e1d9c35dcbc967701ba9d8172
              • Instruction ID: 21d020a93ea59cabd7d85162bf4820596324367d28a13d5a021ab867b5c9cc88
              • Opcode Fuzzy Hash: 8f7af33f338a954979613b203cb20e9bcfbcb55e1d9c35dcbc967701ba9d8172
              • Instruction Fuzzy Hash: 74B14D70908A5D8FEB95DB68C895BA8BBF1FF59300F1051AAD00DE7292DF34A984CB41
              Function 00007FFAAC644E86 Relevance: .3, Instructions: 305COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68b2c76c872166db9c4b6d656a36970e4a3f8a9107eba537ee4271fb617192eb
              • Instruction ID: 5eed48814c2559e5eec6af4112e562225b087597ad87734bd7b95f9b49b0cefb
              • Opcode Fuzzy Hash: 68b2c76c872166db9c4b6d656a36970e4a3f8a9107eba537ee4271fb617192eb
              • Instruction Fuzzy Hash: C3B14F70D08A5CCFEB95EB68C895BA8BBF1FF59300F1051AAD00DE7292DB349985CB41
              Function 00007FFAAC645276 Relevance: .3, Instructions: 304COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c9f3c54572d88a2274d68988f24414205338d7567fbbf71e168675a82bf9a6d3
              • Instruction ID: bb16369d7b589161cef24077b0f136cebf7a935d5791b179bce09c57a36ecd4b
              • Opcode Fuzzy Hash: c9f3c54572d88a2274d68988f24414205338d7567fbbf71e168675a82bf9a6d3
              • Instruction Fuzzy Hash: A7B13E70D08A5C8FEF95EB68C895BA8BBF1FF59300F5051AAD00DE7291DB34A985CB41
              Function 00007FFAAC643ABF Relevance: .3, Instructions: 302COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b59ce0a353dd3aed1ca57bb11400a8fa2f34b831982cbee4f4d232e98a3891b8
              • Instruction ID: 787d7d6cb97e91c3ea4b29394fd392d7229c02b98eb981fcc47723ef73d82dea
              • Opcode Fuzzy Hash: b59ce0a353dd3aed1ca57bb11400a8fa2f34b831982cbee4f4d232e98a3891b8
              • Instruction Fuzzy Hash: E4A15F70E18A5D8FEB95EB58C995BA8BBF1FF69300F5050BAD00DE3291DB359984CB40
              Function 00007FFAAC6446A6 Relevance: .3, Instructions: 301COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65285ba8b7b690611a9196de8d19b5ea2d6432ff7a3c046cb248b837bd86ff60
              • Instruction ID: 384024e3fe6a58e9aef97c34ab04b749cd320a2025ee99dcb62c5231dae3b72f
              • Opcode Fuzzy Hash: 65285ba8b7b690611a9196de8d19b5ea2d6432ff7a3c046cb248b837bd86ff60
              • Instruction Fuzzy Hash: 6AB14070D08A5C8FEB95EF68C895BA8BBF1FF59300F1051AAD00DE7292DB349985CB41
              Function 00007FFAAC643EC6 Relevance: .3, Instructions: 294COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07ffe8d5e7d066ced20e743943bf143fa3283886cee1bd61dfb00394f9d736f9
              • Instruction ID: b58ad46fa2491975692fc15574c94e517ead5027537e8192e6c3d047639491f8
              • Opcode Fuzzy Hash: 07ffe8d5e7d066ced20e743943bf143fa3283886cee1bd61dfb00394f9d736f9
              • Instruction Fuzzy Hash: D5B15F70908A5DCFEB95DB68C995BB8BBF1FF69300F1050AAD00DE3291DB34A985CB41
              Function 00007FFAAC644A96 Relevance: .3, Instructions: 287COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e39ac4f77a2082624c01335f200a9194baa079154c2b2c4aa248d7de64f8f55
              • Instruction ID: 7fed44ae6b6abc8ea965da4c8cac47ffcc0e811545e77f54181e6d544670bb76
              • Opcode Fuzzy Hash: 6e39ac4f77a2082624c01335f200a9194baa079154c2b2c4aa248d7de64f8f55
              • Instruction Fuzzy Hash: 8FA14F70E09A5D8FEB95DB68C895BB8BBF1FF59300F1451AAD00DE3292DB349984CB41
              Function 00007FFAAC643AD8 Relevance: .2, Instructions: 250COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79b81c1ee4d052ffb2d5c91fe1b2c3d8ffa0ff007e03430fb888e861bfd4614b
              • Instruction ID: 401a01cad18d7da0d74a38bafecc5c57ea9fdc2dc66bc176df80cebb53beba99
              • Opcode Fuzzy Hash: 79b81c1ee4d052ffb2d5c91fe1b2c3d8ffa0ff007e03430fb888e861bfd4614b
              • Instruction Fuzzy Hash: 8D914F70E18A1D8FEB95DB58C995BA8BBF1FF69300F5050BAD00DE3291DB35A984CB41
              Function 00007FFAAC645666 Relevance: .2, Instructions: 245COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 06243559b5351480a59d9f58345a1dea10e4deb67dcf3ddc781b9da81abed3ba
              • Instruction ID: 9ba5228c39c4eb78e50775d4c1c32b2d2d442f61e85e07e33d206b7c3c5a23df
              • Opcode Fuzzy Hash: 06243559b5351480a59d9f58345a1dea10e4deb67dcf3ddc781b9da81abed3ba
              • Instruction Fuzzy Hash: 0291EA70908A5C8FDF95EF68C895BA9BBF1FF59300F0441AAD04DE7262DB34A885CB41
              Function 00007FFAAC64204A Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ff5edcced1fb7d3130df914810ae7ece62e71d96f8096b52d07ab51d61c310d
              • Instruction ID: 0a62d08a0df8d533adba3ce6ca20caae92745dcb75322874bfd1bc1c5492224e
              • Opcode Fuzzy Hash: 2ff5edcced1fb7d3130df914810ae7ece62e71d96f8096b52d07ab51d61c310d
              • Instruction Fuzzy Hash: 7071D670A09A1CDFEF95EF68C895AA8BBF1FF59301F5050A9E00DE7255DB34A885CB40
              Function 00007FFAAC6409A0 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af0452a728b06ed13845cf64414edd58fc1777ffddd44aa4e120c22e7340155d
              • Instruction ID: 9ae0f7f77bfbdb8a6c7d99578c392152f446c6ffc5dd58b28d714fc6cbe3a1ae
              • Opcode Fuzzy Hash: af0452a728b06ed13845cf64414edd58fc1777ffddd44aa4e120c22e7340155d
              • Instruction Fuzzy Hash: AB718570A08A1C8FDF94EF68C895BADBBF1FB59301F5041A9E00DE7251DB74A885CB40
              Function 00007FFAAC642060 Relevance: .2, Instructions: 208COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f9743a2e6ffd834d86683a9869bfb114b94a82406cf7b7f919e17b07446e78d
              • Instruction ID: 78c60c9794f3a5f3acee5b6b45ac22d289a9004c7f8bb86295a4fbf1be6589d9
              • Opcode Fuzzy Hash: 8f9743a2e6ffd834d86683a9869bfb114b94a82406cf7b7f919e17b07446e78d
              • Instruction Fuzzy Hash: 1F71B570A08A1CDFDF95EF68C495AACBBF1FB69301F5050A9E00DE7255DB35A881CB40
              Function 00007FFAAC6463F9 Relevance: .2, Instructions: 200COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c095b02a151bf1b0c4fd73b1156caef1a97983188fa41e2b53c2cf27232d3673
              • Instruction ID: 2121b0cbbf2f92a072755a059cc4242398f02e171018f0b53b2a22bc5cc6bd89
              • Opcode Fuzzy Hash: c095b02a151bf1b0c4fd73b1156caef1a97983188fa41e2b53c2cf27232d3673
              • Instruction Fuzzy Hash: 53717874E09618CFEB55EB68C855BE8B7B1FF46300F5091AAD00DA7292DB38A984CF41
              Function 00007FFAAC64A9EF Relevance: .2, Instructions: 194COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db0dad4e480c76e68607980d389507395d242a03cc7e3925fe1ab85bcb8367a3
              • Instruction ID: c4e5decf85f72aac67b4287a9167257aafd5699014bf696f0de115f0160dfa50
              • Opcode Fuzzy Hash: db0dad4e480c76e68607980d389507395d242a03cc7e3925fe1ab85bcb8367a3
              • Instruction Fuzzy Hash: 51716570C0961A9FFB56DB14CA55BE9B7B5FF15300F00A1B9D40DA7191EB34AA89CF80
              Function 00007FFAAC643F48 Relevance: .2, Instructions: 194COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6889224c7ac8a46055957389f85377b203f340b3e62a622bd6dbd2b5c4becf7
              • Instruction ID: d630a5ce549c70a455616374dd41658af3acf72621993e953f8c55329057038e
              • Opcode Fuzzy Hash: e6889224c7ac8a46055957389f85377b203f340b3e62a622bd6dbd2b5c4becf7
              • Instruction Fuzzy Hash: 8471D874E18A1D8FEB98EB58C595BACBBF1FF69301F5050AAD00DE3251DB34A984CB01
              Function 00007FFAAC645B6F Relevance: .2, Instructions: 178COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3475567e15fa8d3512353231b307ae3f7ae1cc5aa00e4f5856c99a91c9a83e06
              • Instruction ID: 1d44dd49616766cf74113da833fe9dae183505f73062b7c1e2babac21c7c60de
              • Opcode Fuzzy Hash: 3475567e15fa8d3512353231b307ae3f7ae1cc5aa00e4f5856c99a91c9a83e06
              • Instruction Fuzzy Hash: 9041CB218BF19B96F956F768D3EA6FB3584EF07714F90BC30F44D014836D19A19842D6
              Function 00007FFAAC648190 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 094e1ab94768599ad2a2f9f275347a56f9e231fcff38147d57e4dc3dcdfd984e
              • Instruction ID: b6798b355fad415280f3e570329bb16ff1909dde08ac920ab2fabe12f442f66c
              • Opcode Fuzzy Hash: 094e1ab94768599ad2a2f9f275347a56f9e231fcff38147d57e4dc3dcdfd984e
              • Instruction Fuzzy Hash: 20511470D0960DCFEB55EFA8C4546EDBBB1FF49314F20662DD01AA3281CB39A945CB84
              Function 00007FFAAC640B0D Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d1093da6ce242e30fd2ebb5e86cd9999803682545cadb015c89b5909bd96bf87
              • Instruction ID: db4befd32f38a4092b8fb36ade88f358aa2a859a20ec90042d12ba104b21ec78
              • Opcode Fuzzy Hash: d1093da6ce242e30fd2ebb5e86cd9999803682545cadb015c89b5909bd96bf87
              • Instruction Fuzzy Hash: D5316A76A0D64D8FE342EB2CD9125E83BB1FF46320F4455BAD449D32E7FE2814068B94
              Function 00007FFAAC640B30 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7350bee827c30d5baf352bf43f69a6e0216c689c0956a02e82ac056d6d1f20fa
              • Instruction ID: d56d3be4e87940d8b31fa0789b03ae42feb38f4f2bc68da0e32b3808f3175fcb
              • Opcode Fuzzy Hash: 7350bee827c30d5baf352bf43f69a6e0216c689c0956a02e82ac056d6d1f20fa
              • Instruction Fuzzy Hash: 84314661B0D65E8FF742EB28C9526E87BB1FF86310F4491B9D449D32E6FE2814068B94
              Function 00007FFAAC6462E1 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d987c84d79a52a8a728064d5676f31b4712430dbffa5cf64da4bbc3f7072af78
              • Instruction ID: 9539e7761dce7156581d68b3cfed9c03161e7b8f93fdd0f909ec3bb25f2d5f33
              • Opcode Fuzzy Hash: d987c84d79a52a8a728064d5676f31b4712430dbffa5cf64da4bbc3f7072af78
              • Instruction Fuzzy Hash: 553106B5A0864E8FE746EB68C4257EDBBB2FF45310F845179D109D32D6EE38A4048780
              Function 00007FFAAC640B38 Relevance: .1, Instructions: 93COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05dd05983590f520ed161bcfdf948c646641e5848418ee7c4019245b4d1bdff0
              • Instruction ID: bc281f06025492d5d6fb28a2812c1a579cfb0c7a69a961e6528791df7eedc2e7
              • Opcode Fuzzy Hash: 05dd05983590f520ed161bcfdf948c646641e5848418ee7c4019245b4d1bdff0
              • Instruction Fuzzy Hash: D0213B61B1D55D8FF742EB28C9516E87BB1FF86310F449579D04DD32A6FD2814068B90
              Function 00007FFAAC640B40 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: feafe885856c0cb273d9aa0e85059799e6bb126bcfe83d6fa4dccce985e7a303
              • Instruction ID: 3b330989e2be16cdb677b36acff327d71e63243f41ad1d4ed906301eab1b758f
              • Opcode Fuzzy Hash: feafe885856c0cb273d9aa0e85059799e6bb126bcfe83d6fa4dccce985e7a303
              • Instruction Fuzzy Hash: 82214B61B0D54D8FE782EB28C5512E87BB1FF86310F449079D04ED32A6ED2818068B90
              Function 00007FFAAC640B48 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c183504c10859804f5cf9c52a63c9f5a6cac353ed6f730542a375389135a24e
              • Instruction ID: 333898a4c7d1e15bf4e06b59f11a800201c2ae414a718a04abd4afe50ec693c9
              • Opcode Fuzzy Hash: 9c183504c10859804f5cf9c52a63c9f5a6cac353ed6f730542a375389135a24e
              • Instruction Fuzzy Hash: 23212C71B0D54D8FE785EB28C5556E87BB1FF86310F449079D04AD32A6ED2818068B90
              Function 00007FFAAC640B50 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba32a6ce466d82c45fad70faf84413987fb3775f37b2659b1f27e837448c3115
              • Instruction ID: d35d47fda3c847d24576c4ea3c84483541546b38626e9ec28d0b02385b356fdf
              • Opcode Fuzzy Hash: ba32a6ce466d82c45fad70faf84413987fb3775f37b2659b1f27e837448c3115
              • Instruction Fuzzy Hash: 7D212B71E1C64D9FE785EB28C5656E87BB1FF4A310F449079D44ED32ABFD2818058B50
              Function 00007FFAAC641F85 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f2b63e12a33d5c72cb0dc17775d22d742812ee4ce93da1c43ffe32a61353df8
              • Instruction ID: 0d260ee1692f9a816559da6fed46f32dc0a4ad6604bfeae65de34a64b42e54b2
              • Opcode Fuzzy Hash: 3f2b63e12a33d5c72cb0dc17775d22d742812ee4ce93da1c43ffe32a61353df8
              • Instruction Fuzzy Hash: D321E971D09A4C9FDF41EFA8C859AAC7BF1FF59311F041166D408E3191DB38A8458B41
              Function 00007FFAAC64EDD7 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a2074ffe2da0cd236f8351b1a43bff4bc07b855d07076e7b96c959745f56a2a
              • Instruction ID: e5cf95237c44e462fdce1e77a034f60798e2f37e9221e45aba32ac89df2e18fa
              • Opcode Fuzzy Hash: 1a2074ffe2da0cd236f8351b1a43bff4bc07b855d07076e7b96c959745f56a2a
              • Instruction Fuzzy Hash: 38214A70E0960ACBEB49EB94C254AFDB2A5FF55301F10A039D02D97186EF78E844CB98
              Function 00007FFAAC64AB4F Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f21c27c8aedd76d09d7a9456ac5d4efbefca168fd9a6a69170ff87ea218273e
              • Instruction ID: ebba00f3ffc16b993f030f3088e6becd30b2da7f83251f641ffe98f4c5771d78
              • Opcode Fuzzy Hash: 5f21c27c8aedd76d09d7a9456ac5d4efbefca168fd9a6a69170ff87ea218273e
              • Instruction Fuzzy Hash: 40212770C1861ACFEB56DF95CA44BEDB7B5BF54304F1091A9D00CA3285DB38AA85CF80
              Function 00007FFAAC64AB25 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f16e35f305c1708fc36afc9349b0b93ae34275d156e7cc8176c6eaf71eec2e7
              • Instruction ID: e684e5be89d5fb19dece7a32e346de4a2a118c9bd812431ac5a5d6c25f44c317
              • Opcode Fuzzy Hash: 5f16e35f305c1708fc36afc9349b0b93ae34275d156e7cc8176c6eaf71eec2e7
              • Instruction Fuzzy Hash: 78016170C0970ACFEB96DF58CA54AEDB7B1FF45704F1051A9D40CA3291DB34AA89CB80
              Function 00007FFAAC64AC42 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bcb2f873eedca9ec36d00c22f95c35b3e9592fef903279a83d148ef44ff82d3f
              • Instruction ID: 61eb1fdb92669f1b4a1330441a67b0eeb8de901010b6a8d4f38b8e7334c067a1
              • Opcode Fuzzy Hash: bcb2f873eedca9ec36d00c22f95c35b3e9592fef903279a83d148ef44ff82d3f
              • Instruction Fuzzy Hash: FD018871C0A30ACFEB9ADB08CA409DC73A5EF12710F00237DC41DA72D1EA34659E8AC0
              Function 00007FFAAC64AB33 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 683addfc8f11167ee4f5460c7b4e267c74668b18481447adb7a7626d4c9320ee
              • Instruction ID: c730d8a3c6b8b3ee8c2f60591565f78263710e9ce6fbb47d88ad62e3e1c29f8e
              • Opcode Fuzzy Hash: 683addfc8f11167ee4f5460c7b4e267c74668b18481447adb7a7626d4c9320ee
              • Instruction Fuzzy Hash: 15014070C1560ACFEB96DF54CA41BED77B5FF45704F1061A9D40DA3291DB34AA898B80
              Function 00007FFAAC64AB3C Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 506e01fd64bbeb9c03ac3adccfdaec7f3726bad8f65d313a4a5ae615ba67062a
              • Instruction ID: 0ce669ad438225bf267d966247ab9d8eceaff88e86e7e5f916df705c8317266f
              • Opcode Fuzzy Hash: 506e01fd64bbeb9c03ac3adccfdaec7f3726bad8f65d313a4a5ae615ba67062a
              • Instruction Fuzzy Hash: B1011A70C0561ACFEB9ADF48C644AA9B7B5FF49704F1051A9D40DA3290DB34AA858B80
              Function 00007FFAAC64AB46 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 105eccd8f746c7b02b6f8b4ca42e00c26addcfa52aa242cc65a1c26759be2cda
              • Instruction ID: 347c835cd74a8476531a069eb6ce0e0d7032d402fb9385a7da4e161f61c29c18
              • Opcode Fuzzy Hash: 105eccd8f746c7b02b6f8b4ca42e00c26addcfa52aa242cc65a1c26759be2cda
              • Instruction Fuzzy Hash: 90F08C70C0960A8FEB8ADF58CA41BE973B0FF05300F1061A8D40CA3290DB34A98ACB80
              Function 00007FFAAC64D407 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05b31a1a9cb2411bfad9c262d542b271b45469122608ddcc45b58ae8d06a1174
              • Instruction ID: 7811579579d56f3ce2a7e3f20f37fa385f2c96dbaa960923d9fcce6ec2f9a7ad
              • Opcode Fuzzy Hash: 05b31a1a9cb2411bfad9c262d542b271b45469122608ddcc45b58ae8d06a1174
              • Instruction Fuzzy Hash: 0CF01D71C051168BF759DB24CA54AE87260AF52314F04A2FED01EAB1A1EE34698E8A90
              Function 00007FFAAC647262 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33848dc4a794b17a77aa9ba3ada78a3ed6c9144b8fac0679109bd9b980fa4940
              • Instruction ID: bbfbce7bf51466c3f88bff88ab972c298bc2c4f931167ce2b116471d60d32052
              • Opcode Fuzzy Hash: 33848dc4a794b17a77aa9ba3ada78a3ed6c9144b8fac0679109bd9b980fa4940
              • Instruction Fuzzy Hash: E0E0B675E4895C8EDFA0EB58D848AEDB7B5FB58310F0052A2D04DE7110DA30A9C5CF40
              Function 00007FFAAC64D48B Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2d0a78fa44794d91aa266ee8c8f60b21004ace4f54dc65cba0c3d18577f03f30
              • Instruction ID: 61b450f17dfbc57de5335ad53f96d7bfba6d5e791b8be8a1e24ee6ff9b08bd68
              • Opcode Fuzzy Hash: 2d0a78fa44794d91aa266ee8c8f60b21004ace4f54dc65cba0c3d18577f03f30
              • Instruction Fuzzy Hash: DBE0C071C0552A8BE759DB24C955BE8B360EB51300F0092FAD41EA7191EE346A89CE90
              Function 00007FFAAC640C32 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 476f332fc5f127bc854c6b5e1ef8e23ef5c3f6a6a0f12789858973644a7080e7
              • Instruction ID: 5d1f01ae3bfa427af85fc66a1d98265778b1517fc2678ae46bee87e4b73fb5bb
              • Opcode Fuzzy Hash: 476f332fc5f127bc854c6b5e1ef8e23ef5c3f6a6a0f12789858973644a7080e7
              • Instruction Fuzzy Hash: 63D05E6193942D8EF798EB48EB519AC73A1FF85200B402239E04EE2181EE2828058790

              Non-executed Functions

              Function 00007FFAAC64781F Relevance: .6, Instructions: 624COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 08e806b8bc2ea504b700eb98d414cb0ddd0d00833b4df85143d56928e22571a5
              • Instruction ID: d6beaec56b30b83f3d01a89e784e06872c0452b3761b9baf61b37ddd503e61d1
              • Opcode Fuzzy Hash: 08e806b8bc2ea504b700eb98d414cb0ddd0d00833b4df85143d56928e22571a5
              • Instruction Fuzzy Hash: 2742F670D09628CFEB99EF64C994BE8B7B1FF59301F1051A9D00EA3291DB35AA85CF44
              Function 00007FFAAC6493E2 Relevance: .4, Instructions: 388COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c71b31e1dba05b4c8a4bfa47c9f95a2dd6b56118d50a3166cc3deb30f5888f15
              • Instruction ID: a1ed39a65ed96b9b41a3f28248f145fa375820a2b08a752fe9d102c844fa979b
              • Opcode Fuzzy Hash: c71b31e1dba05b4c8a4bfa47c9f95a2dd6b56118d50a3166cc3deb30f5888f15
              • Instruction Fuzzy Hash: 14E10570E196198FEB94EF68C995BACB7F1FF59300F5091A9D00DE3291DA38A985CF40
              Function 00007FFAAC648F1B Relevance: .4, Instructions: 378COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000002.00000002.3757864064.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_2_2_7ffaac640000_file.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89f17acf04ece214311a96aa387e69f99449c7aa9dc0765fae1a305fe911ccf4
              • Instruction ID: 28fa770af1d1c0eba9e649a434a5ddc8cb850bc7c38a764d7e136b92f1387d71
              • Opcode Fuzzy Hash: 89f17acf04ece214311a96aa387e69f99449c7aa9dc0765fae1a305fe911ccf4
              • Instruction Fuzzy Hash: B3E1E370E18619CFEB94EB68C985BADB7B1FF59301F5090AAD00DE3295DA34A985CF40